diff --git a/README.md b/README.md
index f1b24a4..4b4b080 100644
--- a/README.md
+++ b/README.md
@@ -1,47 +1,7 @@
-# Helius RPC Proxy
+# RPC Proxy for Helius
 
-[![RPC Proxy](docs/rpc_proxy.png)](https://helius.xyz)
+The RPC Proxy is handled by a Cloudflare Worker.
 
-This repo hosts a one-click-deploy Cloudflare worker that proxies RPC requests to Helius. The proxy will allow you to keep your API key
-hidden from public requests made by clients. You will need both a [Helius](https://helius.xyz) account and a [Cloudflare](https://cloudflare.com) account to deploy this. Helius offers 100k credits for free each month, and Cloudflare workers can execute 100k invocations each day for free. Most projects can easily get started within these free tiers.
+Within Cloudflare, the `rpc-proxy-staging` worker denotes the worker corresponding to the Solana Devnet environment. Deployments to the staging RPC Proxy occur directly via GitHub Actions when PRs are merged to Main and on successful completion of the test suite.
 
-Both standard JSON RPC and Websockets are supported!
-
-[Video Walkthrough](https://www.loom.com/share/a7add579f1c349d2a4bcab96ee04c47e)
-
-# Setup
-### Step 1
-
-Press the button below to deploy this to your own Cloudflare account:
-
-[![Deploy to Cloudflare Workers](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=https://github.com/helius-labs/helius-rpc-proxy)
-
-### Step 2
-
-Navigate to your newly deployed worker, and click "Settings" and then "Variables":
-
-![Variables](docs/add_variable.png)
-
-### Step 3
-Add a new variable with the key name `HELIUS_API_KEY` and your Helius API key as the value:
-
-![Add Secret](docs/add_secret.png)
-
-> NOTE: We recommend selecting "Encrypt". This will hide your key from the UI and API responses, and redact them from logs.
-
-![Encrypt](docs/encrypt.png)
-
-### Step 4
-Refresh the page and confirm that your key is now saved and encrypted:
-
-![Confirm](docs/confirm.png)
-
-You can now use your worker URL as an the RPC endpoint in all SDK and client side configurations without your API key leaking!
-# Additional Security Steps
-This implementation is intentionally left in a less-than-ideal security state to facilitate easy deployment by anyone. If you would like to
-lock down your RPC proxy further, consider the following steps after you have successfully deployed the worker:
-
-
-* Update the `Access-Control-Allow-Origin` header by adding a new variable with the key name `CORS_ALLOW_ORIGIN` to contain the host that your requests are coming from (usually your client application). For example, if you wanted to allow requests from `https://example.com`, you would change the header to `https://example.com`.
-* [Cloudflare Web Application Firewall (WAF)](https://www.cloudflare.com/lp/ppc/waf-x/) - You can configure the WAF to inspect requests and allow/deny based on your own business logic.
-* Modify the IP address allow list in Helius for your API key to only accept connections from the Cloudflare ranges (https://cloudflare.com/ips-v4).
+Similarly, the `rpc-proxy` worker denotes the worker corresponding to the Solana Mainnet environment. Deployments to the production RPC Proxy occur manually via the GitHub Actions control plane and can only be performed by those with requisite permissions and only after successful completion of the test suite.
\ No newline at end of file
diff --git a/docs/add_secret.png b/docs/add_secret.png
deleted file mode 100644
index b93cdaa..0000000
Binary files a/docs/add_secret.png and /dev/null differ
diff --git a/docs/add_variable.png b/docs/add_variable.png
deleted file mode 100644
index ed58405..0000000
Binary files a/docs/add_variable.png and /dev/null differ
diff --git a/docs/confirm.png b/docs/confirm.png
deleted file mode 100644
index 2d42c96..0000000
Binary files a/docs/confirm.png and /dev/null differ
diff --git a/docs/encrypt.png b/docs/encrypt.png
deleted file mode 100644
index 1625bd0..0000000
Binary files a/docs/encrypt.png and /dev/null differ
diff --git a/docs/rpc_proxy.png b/docs/rpc_proxy.png
deleted file mode 100644
index 2dc6041..0000000
Binary files a/docs/rpc_proxy.png and /dev/null differ
diff --git a/jest-setup.ts b/jest-setup.ts
index c52ba93..5138755 100644
--- a/jest-setup.ts
+++ b/jest-setup.ts
@@ -8,7 +8,8 @@ jest.setMock('node-fetch', fetch);
 
 process.env.CORS_ALLOW_ORIGIN = 'CORS_ALLOW_ORIGIN';
 process.env.HELIUS_API_KEY = 'HELIUS_API_KEY';
-process.env.SESSION_KEY = 'SESSION_KEY';
+process.env.SESSION_KEY_PREV = 'SESSION_KEY_PREV';
+process.env.SESSION_KEY_CURR = 'SESSION_KEY_CURR';
 process.env.AWS_REGION = 'AWS_REGION';
 process.env.AWS_ACCESS_KEY_ID = 'AWS_ACCESS_KEY_ID';
 process.env.AWS_SECRET_ACCESS_KEY = 'AWS_SECRET_ACCESS_KEY';
diff --git a/src/index.ts b/src/index.ts
index 94058e3..41f4ba2 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -40,10 +40,10 @@ export default {
 		// other query string params
 		const { searchParams, pathname } = new URL(request.url);
 		const sessionKey = searchParams.get('session-key');
-		if (sessionKey != env.SESSION_KEY) {
+		if (!sessionKey || ![env.SESSION_KEY_CURR, env.SESSION_KEY_PREV].includes(sessionKey)) {
 			return new Response(null, {
 				status: 404,
-				statusText: 'Unexpected path',
+				statusText: 'Invalid session key',
 			});
 		}
 		searchParams.delete('session-key');
diff --git a/src/tests/createLogStreamCommandBuilder.test.ts b/src/tests/createLogStreamCommandBuilder.test.ts
index deffa2e..dd1e8ee 100644
--- a/src/tests/createLogStreamCommandBuilder.test.ts
+++ b/src/tests/createLogStreamCommandBuilder.test.ts
@@ -13,7 +13,8 @@ describe('createLogStreamCommandBuilder', () => {
 	const originalEnv = {
 		CORS_ALLOW_ORIGIN: process.env.CORS_ALLOW_ORIGIN,
 		HELIUS_API_KEY: process.env.HELIUS_API_KEY,
-		SESSION_KEY: process.env.SESSION_KEY,
+		SESSION_KEY_PREV: process.env.SESSION_KEY_PREV,
+		SESSION_KEY_CURR: process.env.SESSION_KEY_CURR,
 		AWS_REGION: process.env.AWS_REGION,
 		AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
 		AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,
diff --git a/src/tests/errorHandler.test.ts b/src/tests/errorHandler.test.ts
index 68d6f9b..a6fe55a 100644
--- a/src/tests/errorHandler.test.ts
+++ b/src/tests/errorHandler.test.ts
@@ -21,7 +21,8 @@ describe('errorHandler', () => {
 	const originalEnv = {
 		CORS_ALLOW_ORIGIN: process.env.CORS_ALLOW_ORIGIN,
 		HELIUS_API_KEY: process.env.HELIUS_API_KEY,
-		SESSION_KEY: process.env.SESSION_KEY,
+		SESSION_KEY_PREV: process.env.SESSION_KEY_PREV,
+		SESSION_KEY_CURR: process.env.SESSION_KEY_CURR,
 		AWS_REGION: process.env.AWS_REGION,
 		AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
 		AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,
diff --git a/src/tests/index.test.ts b/src/tests/index.test.ts
index 422e10e..f45cc32 100644
--- a/src/tests/index.test.ts
+++ b/src/tests/index.test.ts
@@ -11,7 +11,8 @@ describe('index', () => {
 	const originalEnv = {
 		CORS_ALLOW_ORIGIN: process.env.CORS_ALLOW_ORIGIN as string,
 		HELIUS_API_KEY: process.env.HELIUS_API_KEY as string,
-		SESSION_KEY: process.env.SESSION_KEY as string,
+		SESSION_KEY_PREV: process.env.SESSION_KEY_PREV as string,
+		SESSION_KEY_CURR: process.env.SESSION_KEY_CURR as string,
 		AWS_REGION: process.env.AWS_REGION as string,
 		AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID as string,
 		AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY as string,
@@ -23,7 +24,7 @@ describe('index', () => {
 		(fetch as jest.MockedFunction<typeof fetch>).mockImplementation();
 
 		const request = new Request(
-			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY}`,
+			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY_CURR}`,
 			{
 				method: 'POST',
 				headers: {
@@ -46,7 +47,7 @@ describe('index', () => {
 		(fetch as jest.MockedFunction<typeof fetch>).mockImplementation();
 
 		const request = new Request(
-			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY}`,
+			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY_CURR}`,
 			{
 				method: 'POST',
 				headers: {
@@ -64,6 +65,52 @@ describe('index', () => {
 		expect(fetch).not.toBeCalled();
 	});
 
+	test('handles invalid session-key',async () => {
+		(errorHandler as jest.Mock).mockImplementation();
+		(fetch as jest.MockedFunction<typeof fetch>).mockImplementation();
+
+		const request = new Request(
+			`https://solana-rpc.web.helium.io/?session-key=fail-me`,
+			{
+				method: 'POST',
+				headers: {
+					Host: 'solana-rpc.web.helium.io',
+				},
+				body: '{"jsonrpc": "2.0", }',
+			}
+		) as unknown as Parameters<typeof worker.fetch>[0];
+
+		const resp = await worker.fetch(request, originalEnv);
+
+		expect(resp.status).toEqual(404);
+
+		expect(errorHandler).not.toBeCalled();
+		expect(fetch).not.toBeCalled();
+	});
+
+	test('handles SESSION_KEY_PREV',async () => {
+		(errorHandler as jest.Mock).mockImplementation();
+		(fetch as jest.MockedFunction<typeof fetch>).mockImplementation();
+
+		const request = new Request(
+			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY_PREV}}`,
+			{
+				method: 'POST',
+				headers: {
+					Host: 'solana-rpc.web.helium.io',
+				},
+				body: '{"jsonrpc": "2.0", }',
+			}
+		) as unknown as Parameters<typeof worker.fetch>[0];
+
+		const resp = await worker.fetch(request, originalEnv);
+
+		expect(resp.status).toEqual(404);
+
+		expect(errorHandler).not.toBeCalled();
+		expect(fetch).not.toBeCalled();
+	});
+
 	test('does not invoke errorHandler', async () => {
 		(errorHandler as jest.Mock).mockImplementation();
 		(fetch as jest.MockedFunction<typeof fetch>).mockResolvedValue(
@@ -71,7 +118,7 @@ describe('index', () => {
 		);
 
 		const request = new Request(
-			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY}`,
+			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY_CURR}`,
 			{
 				method: 'POST',
 				headers: {
@@ -93,7 +140,7 @@ describe('index', () => {
 		);
 
 		const request = new Request(
-			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY}`,
+			`https://solana-rpc.web.helium.io/?session-key=${originalEnv.SESSION_KEY_CURR}`,
 			{
 				method: 'POST',
 				headers: {
diff --git a/src/tests/putLogEventsCommandBuilder.test.ts b/src/tests/putLogEventsCommandBuilder.test.ts
index d4ab535..04a5c42 100644
--- a/src/tests/putLogEventsCommandBuilder.test.ts
+++ b/src/tests/putLogEventsCommandBuilder.test.ts
@@ -15,7 +15,8 @@ describe('putLogEventsCommandBuilder', () => {
 	const originalEnv = {
 		CORS_ALLOW_ORIGIN: process.env.CORS_ALLOW_ORIGIN,
 		HELIUS_API_KEY: process.env.HELIUS_API_KEY,
-		SESSION_KEY: process.env.SESSION_KEY,
+		SESSION_KEY_PREV: process.env.SESSION_KEY_PREV,
+		SESSION_KEY_CURR: process.env.SESSION_KEY_CURR,
 		AWS_REGION: process.env.AWS_REGION,
 		AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,
 		AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,
diff --git a/src/types.ts b/src/types.ts
index 4abb52e..3d0c6cd 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -1,7 +1,8 @@
 export interface Env {
 	CORS_ALLOW_ORIGIN: string;
 	HELIUS_API_KEY: string;
-	SESSION_KEY: string;
+	SESSION_KEY_PREV: string;
+	SESSION_KEY_CURR: string;
 	AWS_REGION: string;
 	AWS_ACCESS_KEY_ID: string;
 	AWS_SECRET_ACCESS_KEY: string;