Add warning about accessing a private key directly (#218)

* Add warning about accessing a private key directly * Update README.md * Update README.md * Update README.md Reword per discussion w Maurice & Gavin --------- authored-by: Rand McKinney <[email protected]>
contentauth · Aug 26, 2024 · b3eb2fd · b3eb2fd
1 parent da574d4
commit b3eb2fd
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -217,7 +217,9 @@ The tool generates a new manifest using the values given in the file and display
 
 CAUTION: If the output file is the same as the source file, the tool will overwrite the source file.
 
-If the manifest definition file has `private_key` and `sign_cert` fields, then the tool signs the manifest using the private key and certificate they specify, respectively.  Otherwise, the tool uses the built-in test certificate and key, which is suitable for development and testing.  You can also specify the private key and certificate using environment variables; for more information, see [Creating and using an X.509 certificate](x_509.md). 
+If the manifest definition file has `private_key` and `sign_cert` fields, then the tool signs the manifest using the private key and certificate they specify, respectively.  Otherwise, the tool uses the built-in test certificate and key, which is suitable ONLY for development and testing.  You can also specify the private key and certificate using environment variables; for more information, see [Creating and using an X.509 certificate](x_509.md). 
+
+**WARNING**: Accessing the private key and signing certificate directly like this is fine during development, but doing so in production may be insecure. Instead use a Key Management Service (KMS) or a hardware security module (HSM) to access the certificate and key; for example as show in the [C2PA Python Example](https://github.com/contentauth/c2pa-python-example).
 
 #### Specifying a parent file