From b00af0a1e9f57b507d092724da6dcfdad4c665e2 Mon Sep 17 00:00:00 2001
From: piekstra <piekstra@users.noreply.github.com>
Date: Tue, 27 Jan 2026 13:03:50 -0500
Subject: [PATCH] docs: add secure token storage examples to README

Fixes #93
---
 README.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/README.md b/README.md
index 8df59e5..64e8f37 100644
--- a/README.md
+++ b/README.md
@@ -676,6 +676,34 @@ export ATLASSIAN_API_TOKEN=your-api-token
 export CFL_URL=https://confluence.internal.corp.com  # Different URL for Confluence
 ```
 
+### Secure Token Storage
+
+Your API token is sensitive. Rather than storing it in a config file, we recommend using environment variables with a secret manager:
+
+**1Password CLI:**
+
+```bash
+# In your .zshrc or .bashrc
+export ATLASSIAN_API_TOKEN="$(op read 'op://Vault/Atlassian API Token/password')"
+```
+
+**macOS Keychain:**
+
+```bash
+# Store token
+security add-generic-password -s "atlassian-api" -a "api_token" -w "your-token-here"
+
+# Retrieve in shell config
+export ATLASSIAN_API_TOKEN="$(security find-generic-password -s 'atlassian-api' -a 'api_token' -w)"
+```
+
+**Windows Credential Manager:**
+
+```powershell
+# Store
+cmdkey /generic:atlassian-api /user:api_token /pass:your-token-here
+```
+
 ---
 
 ## Output Formats