diff --git a/README.md b/README.md
index d5c16f8585b53e5cf1481bbe0a3d3da8bc274eb3..97158180cf293c0a415522737ee23bddeb3f43d5 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,11 @@
 - [How many personal GitLab projects I can create?](#project-limit)
 - [What is the default project visibility?](#project-visibility)
 - [What is a GitLab group?](#GitLab-group)
+- [Why my search turnout nothing?](#serach-scope)
+- [Can I safeguard secrets in a private repo?](#no-secrets)
+- [What are GitLab usage limits?](#usage-limits)
 - [Is GitLab intergated with Stanford workgroup?](#workgroup)
+- [Can I use GitLab for PHI data?](#no-phi)
 
 ## <a name="minimum-setup" ></a> What is the minimum setup before I start using GitLab?
 
@@ -58,7 +62,39 @@ Project visibility level in GitLab can be either private, internal or public. Th
 
 Gitlab group allows you group projects together into one namespace (directory), so you can give other users permission to all projects in one place. You are allowed to create groups or transfer personal projects to a group that you own. Here is more information about [GitLab groups](http://doc.GitLab.com/ee/workflow/groups.html#GitLab-groups).
 
+## <a name="search-scope"></a>Why my search turnout nothing?
+Gitlab search scopes for CE version are limited to projects, issues, merge request. *Code* search is not supported. See [Search through GitLab](https://docs.gitlab.com/ce/user/search/)
+
+## <a name="no-secrets"></a>Can I safeguard secrets in private repo?
+Private repos will limit the visibility to it's members but it **IS NOT** a place to keep your secrets.
+
+All git repo contents are stored **UNENCRYPTED** on the storage backend and accessiable by whoever has the access privileges to the backend. 
+
+Clone a repo will also distribute all secrets it contains and it is impossible to control the usage of the secrets after they are cloned.
+
+**WARNING:** Do not store any secrets or config files that may contain secrets to a GitLab project regardless of its visibility.
+
+You should use a secret/key management system for all secrets, e.g. [SoM Vault](https://vault.med.stanford.edu), [LastPass](https://lastpass.com), etc.
+
+If you do want to use GitLab repo for secrets:
+ * Use [git-crypt](https://github.com/AGWA/git-crypt) to protect the secrets.
+ * You are on your own.
+
+## <a name="usage-limits"></a>What are GitLab usage limits?
+ 
+ * Gitlab is NOT for PHI data
+ * Personal projects limit: 30
+ * Group projects limit: unlimited
+ * Maximum attachment size: 10MB
+
+ **WARNING:** Please don't use GitLab to store large binary data file, e.g. compiled code, images, and vedios, etc.. Use a cloud storage bucket, i.e. S3, Box, or GCS.
+
 ## <a name="workgroup"></a>Is GitLab intergated with Stanford's workgroup?
 
 No. You can freely assemble your project team from members in different groups.
 
+
+## <a name="no-phi"></a>Can I use GitLab for PHI data?
+
+**NO** You can not.
+**WARNING** Do not store PHI data in any GitLab projects!
\ No newline at end of file