diff --git a/README.md b/README.md
index 540c84a..cd1cb95 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,43 @@
-# LiteCharmsSecurity
\ No newline at end of file
+# LiteCharmsSecurity
+
+An enterprise-grade Identity and Access Management (IAM) solution built on top of **Skoruba Duende IdentityServer**. This repository houses the entire security architecture for the Lite Charms ecosystem, providing Single Sign-On (SSO), OAuth 2.0, and OpenID Connect (OIDC) capabilities.
+
+---
+
+## 🌐 Infrastructure Architecture
+
+This solution is optimized for production-grade self-hosting behind a secure reverse-proxy tunnel.
+
+* **Identity Provider (STS):** `sts.security.khongisa.co.za` (Port `8083`)
+* **Management Console (Admin UI):** `admin.security.khongisa.co.za` (Port `8081`)
+* **Management Backend (Admin API):** `api.security.khongisa.co.za` (Port `8082`)
+
+### Deployment Stack
+* **Reverse Proxy / Edge Router:** Pangolin (Handles full external SSL termination).
+* **Container Orchestrator:** Dockhand VM (Automated GitOps deployments pulled directly from Gitea).
+* **Database Layer:** Dedicated PostgreSQL running in an isolated Proxmox LXC Container (`192.168.1.170`).
+
+---
+
+## 🛠️ Environment Variables Configuration
+
+Do not check production secrets into Git. Define the following environment variables within the **Dockhand UI** before launching or updating the stack:
+
+| Variable | Description | Example / Default |
+| :--- | :--- | :--- |
+| `DB_PASSWORD` | Master password for the Postgres LXC container database instance. | *[Secure Sensitive Value]* |
+| `SMTP_PASSWORD` | Password for the outbox notification transactional mail provider. | *[Secure Sensitive Value]* |
+| `SMTP_HOST` | Outbound mail relay server domain. | `mail.litecharms.co.za` |
+| `SMTP_LOGIN` | Corporate security transactional system email account. | `security@litecharms.co.za` |
+| `APPLY_MIGRATIONS` | Toggles automatic Entity Framework database migrations on startup. | `true` (First Run Only) |
+| `APPLY_SEED` | Seeds baseline system roles, client configurations, and default admin users. | `true` (First Run Only) |
+
+---
+
+## 🚀 Deployment Instructions via Dockhand
+
+### 1. First-Time Setup (Initialization Mode)
+When deploying this stack for the absolute first time onto a blank database instance, ensure both flags are explicitly enabled in the Dockhand dashboard:
+```env
+APPLY_MIGRATIONS=true
+APPLY_SEED=true
\ No newline at end of file