diff --git a/README.md b/README.md
index b9bd9df..88d16ac 100644
--- a/README.md
+++ b/README.md
@@ -30,3 +30,7 @@ One of the key questions I found myself asking while developing this was whether
 On the one hand the first solution would work when being offline because it can be cached in the browser. But seriously: I've never seen a OTP query when not being online so this wasn't a valid reason. On the other hand transmitting the secrets into the browser IMHO would be a major security flaw as - given the case you loose control over your browser having all those secrets stored in the local storage - an attacker would have the chance to generate unlimited one-time passwords for your accounts.
 
 In the end I went with the solution to transmit only names and the currently valid code. This means being offline you are not able to generate a new code but also this means you can revoke access to the Vault keys and immediately stop the attackers ability to generate codes on your behalf.
+
+----
+
+![project status](https://d2o84fseuhwkxk.cloudfront.net/vault-otp-ui.svg)