Update README

README.md

@@ -61,13 +61,6 @@ Dotenv is a zero-dependency module that loads environment variables from a `.env
 
 ## 🌱 Install
 
-<a href="https://www.youtube.com/watch?v=YtkZR0NFd1g">
-<div align="right">
-<img src="https://img.youtube.com/vi/YtkZR0NFd1g/hqdefault.jpg" alt="how to use dotenv video tutorial" align="right" width="330" />
-<img src="https://simpleicons.vercel.app/youtube/ff0000" alt="youtube/@dotenvorg" align="right" width="24" />
-</div>
-</a>
-
 ```bash
 # install locally (recommended)
 npm install dotenv --save
@@ -77,6 +70,13 @@ Or installing with yarn? `yarn add dotenv`
 
 ## 🏗️ Usage
 
+<a href="https://www.youtube.com/watch?v=YtkZR0NFd1g">
+<div align="right">
+<img src="https://img.youtube.com/vi/YtkZR0NFd1g/hqdefault.jpg" alt="how to use dotenv video tutorial" align="right" width="330" />
+<img src="https://simpleicons.vercel.app/youtube/ff0000" alt="youtube/@dotenvorg" align="right" width="24" />
+</div>
+</a>
+
 Create a `.env` file in the root of your project:
 
 ```dosini
@@ -193,44 +193,47 @@ You need to deploy your secrets in a cloud-agnostic manner? Use a `.env.vault` f
 </div>
 </a>
 
-**Note: Currently released as RC Candidate [dotenv@16.1.0-rc2](https://www.npmjs.com/package/dotenv/v/16.1.0-rc2)**
+**Note: Currently RC Candidate [dotenv@16.1.0-rc2](https://www.npmjs.com/package/dotenv/v/16.1.0-rc2)**
 
-Install the dotenv-vault cli ([github.com/dotenv-org/dotenv-vault](https://github.com/dotenv-org/dotenv-vault)).
+Install [dotenv-vault](https://github.com/dotenv-org/dotenv-vault#-install).
 
-```shell
+```bash
 $ brew install dotenv-org/brew/dotenv-vault
 ```
 
-Generate your `.env.vault` file.
+Encrypt your `.env.vault` file.
 
-```shell
-$ dotenv-vault local build
+```bash
+$ dotenv-vault build
 ```
 
-This creates two files:
-
-* `.env.vault` - encrypted .env file
-* `.env.keys` - decryptions keys
-
-Boot using `.env.vault`.
+Fetch your production `DOTENV_KEY`.
 
+```bash
+$ dotenv-vault keys production
 ```
-$ DOTENV_KEY=<key string from .env.keys> npm start
 
-[dotenv@16.1.0][INFO] Loading env from encrypted .env.vault
+Set `DOTENV_KEY` on your server.
+
+```bash
+# heroku example
+heroku config:set DOTENV_KEY=dotenv://:key_1234…@dotenv.org/vault/.env.vault?environment=production
 ```
 
-Great! Next, set the `DOTENV_KEY` on your server. For example in heroku:
+Commit your `.env.vault` file safely to code and deploy.
 
-```shell
-$ heroku config:set DOTENV_KEY=<key string from .env.keys>
+```bash
+$ git add .env.vault
+$ git commit -am "Update .env.vault"
+$ git push
+$ git push heroku main # heroku example
 ```
 
-Commit your `.env.vault` file safely to code and deploy.
+That's it! On deploy, your `.env.vault` file will be decrypted and its secrets injected as environment variables – just in time.
 
-Your `.env.vault` is decrypted on boot, its environment variables injected, and your app works as expected.
+See <a href="https://github.com/dotenv-org/dotenv-vault#dotenv-vault-"><img src="https://api.iconify.design/devicon/github.svg" alt="GitHub", width="14" /> dotenv-vault README</a> for more details.
 
-Congratulations, your secrets are now much safer than scattered across multiple servers and cloud providers! This [blog post](https://dotenv.org) goes into a full Hello World example.
+ℹ️ **A note from Mot**: Until recently, we did not have an opinion on how and where to store your secrets in production. We now strongly recommend generating a `.env.vault` file. It's the best way to prevent your secrets from being scattered across multiple servers and cloud providers – protecting you from breaches like the [CircleCI breach](https://techcrunch.com/2023/01/05/circleci-breach/). Also it unlocks interoperability WITHOUT native third-party integrations. Third-party integrations are [increasingly risky](https://coderpad.io/blog/development/heroku-github-breach/) to our industry. They may be the 'du jour' of today, but we imagine a better future with `.env.vault` files.
 
 ## 🌴 Manage Multiple Environments