Add encryption details to README

Author: theandrew168

README.md

@@ -39,6 +39,17 @@ The following environment variables are required to run pg2s3:
 | `PG2S3_BACKUP_PREFIX`        | Prefix attached to the name of each backup |
 | `PG2S3_BACKUP_RETENTION`     | Number of backups to retain after pruning |
 
+## Encryption
+Backups managed by pg2s3 can be optionally encrypted using [age](https://github.com/FiloSottile/age).
+To enable this feature, an age public key must be defined as an additional environment variable.
+Note that your age private key must be kept safe and secure!
+When restoring a backup, pg2s3 will prompt for a private key.
+This key is explicitly kept out of pg2s3's environment in order to require user intervention for any data decryption.
+
+| Variable                  | Description |
+| ------------------------- | ----------- |
+| `PG2S3_AGE_PUBLIC_KEY`    | Public key generated by [age](https://github.com/FiloSottile/age) |
+
 ## Usage
 The pg2s3 command-line tool offers three commands:
 * `pg2s3 backup` - Create a new backup and upload to S3

pg2s3.go

@@ -51,7 +51,7 @@ func New(pgConnectionURI, s3Endpoint, s3AccessKeyID, s3SecretAccessKey, s3Bucket
 	return &client, nil
 }
 
-// pg_dump -Fc -f dvdrental.backup $PG2S3_DATABASE_URL
+// pg_dump -Fc -f dvdrental.backup $PG2S3_PG_CONNECTION_URI
 func (c *Client) CreateBackup(path string) error {
 	args := []string{
 		"-Fc",
@@ -73,7 +73,7 @@ func (c *Client) CreateBackup(path string) error {
 	return nil
 }
 
-// pg_restore -c -d $PG2S3_DATABASE_URL testdata/dvdrental.backup
+// pg_restore -c -d $PG2S3_PG_CONNECTION_URI testdata/dvdrental.backup
 func (c *Client) RestoreBackup(path string) error {
 	args := []string{
 		"-c",