Update README for encryption in transit

docs/README.md

@@ -24,6 +24,11 @@ This driver is in alpha stage. Basic volume operations that are functional inclu
 ## Features
 Currently only static provisioning is supported. This means a AWS EFS filesystem needs to be created manually on AWS first. After that it could be mounted inside container as a volume using AWS EFS CSI Driver.
 
+### Encryption In Transit
+One of the advantages of using EFS is that it provides [encryption in transit](https://aws.amazon.com/blogs/aws/new-encryption-of-data-in-transit-for-amazon-efs/) support using TLS. Using encryption in transit, data will be encrypted during its transition over the network to EFS service. This provides extra layer of depth-in-depth for applications that requires higher secuity compliance.
+
+To enable encryption in transit, `tls` needs to be set at `NodePublishVolumeRequest.VolumeCapability.MountVolume` object's `MountFlags` fields. For example of using it in kuberentes, see persistence volume manifest in [Example](#kubernetes-example)
+
 # Kubernetes Example
 This example demos how to make a EFS filesystem mounted inside container using the driver. Before this, get yourself familiar with setting up kubernetes on AWS and [creating EFS filesystem](https://docs.aws.amazon.com/efs/latest/ug/getting-started.html). And when creating EFS filesystem, make sure it is accessible from kuberenetes cluster. This can be achieved by creating EFS filesystem inside the same VPC as kubernetes cluster or using VPC peering.
 
@@ -55,12 +60,16 @@ spec:
     - ReadWriteOnce
   persistentVolumeReclaimPolicy: Recycle
   storageClassName: efs-sc
+  mountOptions:
+    - tls
   csi:
     driver: efs.csi.aws.com
     volumeHandle: [FileSystemId] 
 ```
 Replace `VolumeHandle` with `FileSystemId` of the EFS filesystem that needs to be mounted. You can find it using AWS CLI:
 
+**Note**: encryption in transit is enabled using mount option.
+
 ```
 aws efs describe-file-systems 
 ```