update readme

2026-04-04 12:06:21 +08:00
parent 4429d8ea38
commit 5f7b6a8013
1 changed files with 8 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -7,3 +7,11 @@
 | postmessage| Post a message to Hatter showing how to handle a confidential token |


+## SKILL Internals
+
+### How `get-secret.ts` works?
+
+On Alibaba Cloud ECS/Simple Application Server, `get-secret.ts` retrieves a PKCS#7 identity document from `100.100.100.200`. It uses this Alibaba Cloud-signed document to request secrets from the service. The server verifies the signature to authenticate the client before returning the secret value.
+
+在阿里云 ECS 或轻量应用服务器环境中，`get-secret.ts` 脚本首先从元数据服务地址 `100.100.100.200` 获取 PKCS#7 格式的身份文档。随后，脚本利用该由阿里云签名的文档向密钥管理服务发起获取请求。服务端在核验签名以完成客户端身份认证后，才会返回相应的密钥值。
+