From fa6292f729961aac1cc957c4a641b56c8c57e339 Mon Sep 17 00:00:00 2001
From: Matthew B <106352182+artntek@users.noreply.github.com>
Date: Mon, 8 Apr 2024 19:30:17 -0700
Subject: [PATCH] added note about token secret

---
 README.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 23087b12..f30579b0 100644
--- a/README.md
+++ b/README.md
@@ -127,7 +127,19 @@ helm -n d1index uninstall d1index
 Note that this helm chart also installs rabbitmq and solr, which can be partially configured
 through the values.yaml file in the parent chart through exported child properties.
 
-### Authentication note
+### Authentication Notes
+
+#### DataONE Authentication Token
+
+In order to access and index private datasets on a Metacat instance, the dataone-indexer needs an
+authentication token, which may be obtained from DataONE administrators (see the [Metacat Helm 
+README](https://github.com/NCEAS/metacat/blob/develop/helm/README.md#setting-up-a-token-and-optional-ca-certificate-for-indexer-access)).
+Upon startup, the indexer expects to find a Kubernetes Secret named:
+`{{ .Release.Name }}-indexer-token`, which contains the auth token associated with the key 
+`DataONEauthToken`. The indexer can operate without this Secret, but will only be able to index 
+public-readable datasets.
+
+#### RabbitMQ
 
 The rabbitmq service runs under the username and password that are set via values.yaml