Remove the useless 'secret key', since it doesn't add any more security than the path.

readme.md

@@ -14,8 +14,7 @@ The server can be configured via the following environment variables:
 The webhooks configuration file should be an array of entries with the following keys:
 
 * name - A human-readable name that explains the webhook's purpose.
-* path - The webhook will be served by the app at this path.
-* secret_key - An authentication value for reading and writing to the webhook. This must be included in all requests. (see Usage for format)
+* path - The webhook will be served by the app at this path. **Treat this as a secret value.**
 * num_switches - the number of data points / indexes expected with each POST.
 * momentary_switches - an array of any indexes that refer to 'momentary' switches.  
   The value of these indexes will be reset to 0 after the next GET request to the webhook.
@@ -37,7 +36,7 @@ And run with:
 A dockerfile is also included, along with a sample docker-compose.yml demonstrating
 how the server might be run in a containerized environment.
 
-Note that you SHOULD always run this service behind a TLS-encrypted proxy. Using plain http WILL expose your secret keys.
+Note that you SHOULD always run this service behind a TLS-encrypted proxy. Using plain http WILL expose your secrets.
 
 
 ## Usage
@@ -45,7 +44,7 @@ Note that you SHOULD always run this service behind a TLS-encrypted proxy. Using
 To read the current webhook data, simply send a GET to the webhook URL, with the `key` parameter appropriately set. Example:
 
 ```
-curl -x GET "https://example.com/WEBHOOK_PATH?key=WEBHOOK_KEY
+curl -x GET "https://example.com/WEBHOOK_PATH
 ```
 
 To write data, send a POST to the same URL, with a json-formatted body in the following format:
@@ -53,3 +52,8 @@ To write data, send a POST to the same URL, with a json-formatted body in the fo
 ```
 [value0, value1, value2, ...]
 ```
+
+
+## Future Development
+
+* Use a more robust secret than "the URL is hidden behind TLS." Maybe client-side x509 certs.