From f668fd9db56786fa53810f91395c3b23f13eeb27 Mon Sep 17 00:00:00 2001
From: alpha-nerd-nomyo <alpha-nerd@nomyo.ai>
Date: Sat, 17 Jan 2026 11:04:54 +0100
Subject: [PATCH] docs: improvement

---
 README.md | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bb110df..7a124b1 100644
--- a/README.md
+++ b/README.md
@@ -63,12 +63,21 @@ python3 test.py
 - **Optional persistence**: Keys can be saved to `client_keys/` directory for reuse across sessions
 - **Password protection**: Optional password encryption for private keys (recommended for production)
 - **Secure permissions**: Private keys stored with restricted permissions (600 - owner-only access)
-- **Secure memory protection**: Plaintext payloads protected from disk swapping and memory lingering### Secure Memory Protection
+- **Secure memory protection**: Plaintext payloads protected from disk swapping and memory lingering
+
+### Secure Memory Protection
+
+### Ephemeral AES Keys
+
+- **Per-request encryption keys**: A unique AES-256 key is generated for each request
+- **Automatic rotation**: AES keys are never reused - a fresh key is created for every encryption operation
+- **Forward secrecy**: Compromise of one AES key only affects that single request
+- **Secure generation**: AES keys are generated using cryptographically secure random number generation (`secrets.token_bytes`)
+- **Automatic cleanup**: AES keys are zeroed from memory immediately after use
 - **Automatic protection**: Plaintext payloads are automatically protected during encryption
 - **Prevents memory swapping**: Sensitive data cannot be swapped to disk
 - **Guaranteed zeroing**: Memory is zeroed after encryption completes
 - **Fallback mechanism**: Graceful degradation if SecureMemory module unavailable
-- **Configurable**: Can be disabled with `secure_memory=False` parameter (not recommended)
 
 ## 🔄 OpenAI Compatibility