AlphaThis is a new service – your feedback will help us to improve it.

  1. Home
  2. Documentation
  3. Cloud Optimisation and Accountability
  4. Secret Naming Convention

Secret Naming Convention

Secret Naming Convention

The naming convention detailed below is also defined in ADR-020 where it specifically relates to the namin of GitHub Personal Access Tokens in the bot account. However the required properties of the name apply to any secret created.

The naming convention consists of three parts which should ensure uniqueness; <business_domain>_<usage>_<permission_type>

  • Business domain; this should succintly describe the business domain or blobbum for which the token is created. For example, DORMANT_USERS, DNS, JOIN_GITHUB.
  • Usage; this should describe the intended use of the token within the given business domain. For example,
    • When used for everything in the business domain; GENERAL
    • When used for a specific tool or integration; SENTRY, SLACK, GITHUB, TERRAFORM.
  • Permission type; this should indicate the amount of power the token wields. For example, ADMIN, WRITE, READ are clear and sufficient.

Examples,

  • DORMANT_USERS_SLACK_ADMIN
  • DNS_OCTODNS_WRITE
  • JOIN_GITHUB_FLASK_ADMIN
  • OPS_ENG_GENERAL_ADMIN
Last reviewed: 10 February 2026Review status: ✓ Up to dateOwner: #coat-notificationsSource: View source on GitHub

Was this page useful?