docs: update README - remove S3 vars, document Blocks for secrets

README.md

@@ -51,9 +51,6 @@ In the stack configuration, add the following environment variables:
 | `DB_PORT` | PostgreSQL port | `5432` |
 | `DB_USER` | Database user | `prefect` |
 | `DB_PASSWORD` | Database password | *secret* |
-| `S3_ACCESS_KEY` | Garage S3 access key | *secret* |
-| `S3_SECRET_KEY` | Garage S3 secret key | *secret* |
-| `S3_ENDPOINT_URL` | Garage S3 endpoint | `https://s3.taila5ad8.ts.net` |
 
 > **Tip**: Use Komodo's secret variables (marked with 🔒) for sensitive values.
 
@@ -82,25 +79,34 @@ Once deployed: https://prefect.taila5ad8.ts.net
 | `redis` | Messaging broker | `redis:7-alpine` |
 | `prefect-server` | API + UI | `prefecthq/prefect:3-latest` |
 | `prefect-services` | Background services | `prefecthq/prefect:3-latest` |
-| `prefect-worker-pg-backup` | Worker for PostgreSQL backups | `gitea.arnodo.fr/damien/prefect-worker-pg-backup` |
 
-## Work Pools
+## Workers & Secrets
 
-The `prefect-worker-pg-backup` service automatically creates and listens to the `pg-backup-pool` work pool (type: process).
+Workers are deployed separately with their own docker-compose. Flow-specific secrets (S3 credentials, API keys, etc.) should be managed via **Prefect Blocks**, not environment variables.
 
-To deploy a flow to this pool:
+### Creating a Block (example with S3/Garage)
+
+```python
+from prefect_aws import AwsCredentials
+
+creds = AwsCredentials(
+    aws_access_key_id="xxx",
+    aws_secret_access_key="xxx",
+    aws_endpoint_url="https://s3.taila5ad8.ts.net"
+)
+creds.save("garage-credentials")
+```
+
+### Using in a flow
 
 ```python
 from prefect import flow
+from prefect_aws import AwsCredentials
 
 @flow
 def my_backup_flow():
-    ...
-
-my_backup_flow.deploy(
-    name="my-backup",
-    work_pool_name="pg-backup-pool"
-)
+    creds = AwsCredentials.load("garage-credentials")
+    # use creds...
 ```
 
 ## Repository Structure