diff --git a/README.security b/README.security
new file mode 100644
index 0000000..bad04af
--- /dev/null
+++ b/README.security
@@ -0,0 +1,10 @@
+By default etcd doesn't require authentication.  If you configure etcd to be reachable
+over the network, have untrustworthy local users on the system where etc runs or store
+date in etcd that needs to be kept confidential please make sure to enable authentication.
+
+You can do that by configuring the settings under [security] in /etc/sysconfig/etcd.
+For additional guidance please red
+https://coreos.com/etcd/docs/latest/v2/security.html
+and
+https://coreos.com/etcd/docs/latest/op-guide/authentication.html
+to ensure that you enforce proper access control
diff --git a/etcd.changes b/etcd.changes
index bcd75e1..e890953 100644
--- a/etcd.changes
+++ b/etcd.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Jun  5 13:08:46 UTC 2019 -  <jsegitz@suse.com>
+
+- Added README.security and wording in the configuration file to
+  ensure users are aware that they need to configure etcd to require
+  authentication
+
 -------------------------------------------------------------------
 Wed Jan 30 11:58:15 UTC 2019 - Panagiotis Georgiadis pgeorgiadis@suse.com
 
diff --git a/etcd.conf b/etcd.conf
index 0391f6d..8804e5e 100644
--- a/etcd.conf
+++ b/etcd.conf
@@ -5,6 +5,10 @@ ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
 #ETCD_SNAPSHOT_COUNT="10000"
 #ETCD_HEARTBEAT_INTERVAL="100"
 #ETCD_ELECTION_TIMEOUT="1000"
+# Before changing this setting allowing etcd to be reachable over the network
+# or if you have untrustworthy local users on the system where etc runs please
+# make sure to enable authentication in the [security] section below. Please
+# also read README.security for this package
 #ETCD_LISTEN_PEER_URLS="http://localhost:2380"
 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
 #ETCD_MAX_SNAPSHOTS="5"
diff --git a/etcd.spec b/etcd.spec
index a8862cb..1d5b3bb 100644
--- a/etcd.spec
+++ b/etcd.spec
@@ -33,6 +33,7 @@ Source1:        %{name}.conf
 Source2:        %{name}.service
 Source3:        etcd_client_firewall
 Source4:        etcd_server_firewall
+Source5:        README.security
 BuildRequires:  golang-packaging
 BuildRequires:  shadow
 BuildRequires:  systemd-rpm-macros
@@ -68,6 +69,7 @@ to explore an etcd cluster.
 
 %prep
 %setup -q
+cp %{SOURCE5} .
 
 %build
 %{goprep} github.com/coreos/etcd
@@ -111,7 +113,7 @@ getent passwd %{name} >/dev/null || %{_sbindir}/useradd -r -g %{name} -d %{_loca
 
 %files
 %defattr(-,root,root)
-%doc CONTRIBUTING.md README.md DCO NOTICE
+%doc CONTRIBUTING.md README.md DCO NOTICE README.security
 %license LICENSE
 %{_sbindir}/%{name}