diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1d5fbd6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,54 @@
+# OVH DNS Update
+
+<!-- action-docs-description -->
+## Description
+
+Update a given DNS record using the OVH API.
+<!-- action-docs-description -->
+<!-- action-docs-inputs -->
+## Inputs
+
+| parameter | description | required | default |
+| --- | --- | --- | --- |
+| subdomain | The subdomain to update (e.g. _release) | `true` |  |
+| domain | The domain (zoneName in the OVH API) | `true` |  |
+| record-id | The ID of the record to update | `true` |  |
+| value | The TXT value to set | `true` |  |
+| ovh-endpoint | The OVH API endpoint | `false` | `ovh-eu` |
+| ovh-app-key | The OVH API Application Key | `true` |  |
+| ovh-app-secret | The OVH API Application Secret | `true` |  |
+| ovh-consumer-key | The OVH API Consumer Key | `true` |  |
+<!-- action-docs-inputs -->
+
+## Security notice
+
+You should create restricted credentials for only the specific record you want to update. See https://api.ovh.com/console/#/domain/zone/%7BzoneName%7D/record~GET to retrieve its `record-id` and then visit https://www.ovh.com/auth/api/createToken?PUT=/domain/zone/{domain}/record/{record-id} (replacing the placeholders) to create dedicated credentials.
+
+**However be aware that the credentials can also update the subdmain!** This means that anyone with this credentials can publish a TXT record under any `subdomain` of the `domain` (for instance to get a signed certificate by completing the [DNS challenge of the ACME protocol](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)).
+
+To mitigate this issue, [forgejo.org decided to use a dedicated `domain`](https://codeberg.org/forgejo/infrastructure-as-code/issues/5) with only TXT records (and CNAME records on the main `domain`, which points to those TXT records).
+
+
+## Example
+
+```
+on: [tag]
+jobs:
+  upload-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: ">=1.21"
+          check-latest: true
+      - uses: actions/forgejo-release@v1
+        with:
+          subdomain: _release
+          domain: example.org
+          record-id: 12345
+          value: v=${{ github.ref_name }}
+          ovh-app-key: ${{ secrets.OVH_APP_KEY }}
+          ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
+          ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
+```
diff --git a/action.yml b/action.yml
index f109758..c69fd3f 100644
--- a/action.yml
+++ b/action.yml
@@ -1,6 +1,6 @@
 # SPDX-FileCopyrightText: 2023 Olivier Charvin <git@olivier.pfad.fr>
 # SPDX-License-Identifier: CC0-1.0
-name: 'OVH DNS TXT Update'
+name: 'OVH DNS Update'
 description: 'Update a DNS TXT record using the OVH API'
 inputs:
   subdomain: