diff --git a/README.md b/README.md
index ab2a296..efde14e 100644
--- a/README.md
+++ b/README.md
@@ -28,3 +28,43 @@ usage: kv_mgmt.py [-h] [--client_id CLIENT_ID] [--client_secret CLIENT_SECRET]
 |secret_name    |                  |  yes      |
 |secret_value   |                  | yes       |
 |content        |                  |  yes      |
+
+
+## How program works
+
+``` 
+This python program leverages the azure sdks - azure identity and azure-keyvault-secrets.
+Azure identity is used for authentication to azure and azure-keyvault-secrets to work with keyvault secrets.
+```
+* Azure Identity - uses DefaultAzureCredential method for authentication.
+    - This uses the service principal app id, service principal secret and tenant id to do the authentication
+      make sure you have the below.
+    ```
+    AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID are the environment variables it will be using
+    ```
+* I use the .env to supply the above vars and load them using python-dotenv package and use it. or you can pass it as 
+    environment variable and use by os method.
+
+The .env file will be of following 
+```
+AZURE_CLIENT_ID= "value"
+AZURE_CLIENT_SECRET = "value"
+AZURE_SUBSCRIPTION_ID = "value"
+AZURE_TENANT_ID = "value"
+```
+replace the value with your original values.
+
+AZURE_SUBSCRIPTION_ID - an optional parameter in .env file.
+
+* The environment variables are passed in the github workflows in a differnt method.
+    ```
+    jobs:
+        keyvault_management:
+            runs-on: ubuntu-latest
+            env:
+            AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+            AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+            AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+    ```
+    * I have configued AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID as repository secrets / organizational secrets.
+