Update README: Add v2.1.0 changelog (SOPS + .env automation)

README.md

@@ -3,7 +3,8 @@
 Unified API proxy + infrastructure management for Homelab Pfannkuchen.
 
 **Base URL:** `http://10.4.1.116:8888`
-**Auth:** `Authorization: Bearer <BUTLER_TOKEN>`
+**Auth:** `Authorization: Bearer ***`
+**Version:** 2.1.0
 
 ## Service Proxy
 
@@ -49,6 +50,20 @@ Steps: iso-builder → Proxmox VM → wait SSH → add to pfannkuchen.ini → An
 | `/inventory/host` | POST | Add host to pfannkuchen.ini (idempotent, with group) |
 | `/ansible/run` | POST | Run Ansible playbook on host |
 
+### POST /ansible/run
+```json
+{"hostname": "lychee"}
+```
+
+**Post-Run Automation** (after successful Ansible):
+1. **Hawser Token Sync** – Reads `/etc/hawser/config` from VM, syncs token to Dockhand environment
+2. **SOPS + .env Setup** – If `compose.yaml` exists in `/app-config/github/{hostname}/`:
+   - Generates secure secrets (admin password, DB password, secret key)
+   - Creates `.env` file with service-specific variables
+   - Encrypts to `.env.enc` using SOPS (Age key from automation1)
+   - Copies both files to VM's git repo directory
+   - Stores secrets in Butler vault cache for future reference
+
 ### POST /inventory/host
 ```json
 {"name": "lychee", "ip": "10.5.1.115", "group": "auto"}
@@ -83,3 +98,13 @@ Requires:
 - `.env` with `BUTLER_TOKEN`
 - `/app-config/kiro/api/` flat-file credentials
 - SSH key mount (`/home/sascha/.ssh:/root/.ssh:ro`) for VM operations
+
+## Changelog
+
+### v2.1.0 (22.04.2026)
+- ✅ **Hawser Token Auto-Sync** – After `/ansible/run`, reads token from VM and updates Dockhand environment
+- ✅ **SOPS + .env Automation** – Auto-generates and encrypts environment files for Git-centric deployments
+- ✅ **Service Detection** – Recognizes Paperless-ngx and other services from hostname, generates appropriate env vars
+
+### v2.0.0
+- Initial unified API proxy release