diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md
index c3a8c62..a82fc9d 100644
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@@ -453,9 +453,7 @@ http:
     X-Content-Type-Options: [nosniff]
     X-Frame-Options: [DENY]
     X-XSS-Protection: [1; mode=block]
-  # Enable public read access
-  secret: "your-secret-key-here"
-  # Restrict write access to specific IPs
+  # Public read access, authentication required for push
   auth:
     htpasswd:
       realm: basic-realm
@@ -468,10 +466,16 @@ health:
 EOF
 ```
 
+**What this configuration does:**
+- **Public Read Access**: Anyone can pull images without authentication
+- **Authenticated Push**: Only authenticated users can push images
+- **Security Headers**: Protects against common web vulnerabilities
+- **No Secret Key**: The `secret` field was unnecessary and has been removed
+
 #### 4.3 Create Authentication File
 
 ```bash
-# Create htpasswd file for authentication
+# Create htpasswd file for authentication (required for push operations)
 mkdir -p /opt/registry/auth
 htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /opt/registry/auth.htpasswd
 
@@ -479,6 +483,12 @@ htpasswd -Bbn push-user "$(openssl rand -base64 32)" > /opt/registry/auth.htpass
 htpasswd -Bbn read-user "$(openssl rand -base64 32)" >> /opt/registry/auth.htpasswd
 ```
 
+**What this does**: Creates user credentials for registry authentication.
+- `push-user`: Can push and pull images (used by CI/CD pipeline for deployments)
+- `read-user`: Can only pull images (optional, for read-only access)
+
+**Note**: Pull operations are public and don't require authentication, but push operations require these credentials.
+
 #### 4.4 Create Docker Compose for Registry
 
 ```bash