diff --git a/README.md b/README.md
index fd2d0dab2b50ff1975a1cac0b138b0d1c43b4155..023f892b87e89e6c189e710672d2591622791928 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,9 @@ This repository includes a few separate binaries:
 
 # Configuration
 
-The *sso-server* program requires a YAML configuration file. It
-understands the following attributes:
+The *sso-server* daemon requires a YAML configuration file,
+*/etc/sso/server.yml* by default. It understands the following
+attributes:
 
 * `secret_key_file`: path to the Ed25519 secret key (should be exactly
 64 bytes)
@@ -52,10 +53,10 @@ understands the following attributes:
   * `auth_key`: a long-term key to authenticate HTTP-based cookies
   * `geo_ip_data_files`: GeoIP databases to use (in mmdb format), if
     unset the module will use the default GeoLite2-Country db
-  * `remote_addr_header`: HTTP header to use to obtain the remote
-    client address, when the request comes from a trusted forwarder
 * `keystore`: configures the connection to the keystore service
   * `url`: URL for the keystore service
+  * `sharded`: if true, requests to the keystore service will be
+    partitioned according to the user's *shard* attribute
   * `tls_config`: client TLS configuration
     * `cert`: path to the client certificate
     * `key`: path to the private key
@@ -74,6 +75,8 @@ understands the following attributes:
     proxies). If a request comes from here, we will trust the
     X-Forwarded-Proto and X-Real-IP headers when determining the
     client IP address
+  * `max_inflight_requests`: maximum number of in-flight requests to
+    allow before server-side throttling kicks in
 
 ## Device tracking