Secret Naming Convention
The naming convention detailed below is also defined in ADR-020 where it specifically relates to the namin of GitHub Personal Access Tokens in the bot account. However the required properties of the name apply to any secret created.
The naming convention consists of three parts which should ensure uniqueness; <business_domain>_<usage>_<permission_type>
- Business domain; this should succintly describe the business domain or blobbum for which the token is created.
For example,
DORMANT_USERS,DNS,JOIN_GITHUB. - Usage; this should describe the intended use of the token within the given business domain. For example,
- When used for everything in the business domain;
GENERAL - When used for a specific tool or integration;
SENTRY,SLACK,GITHUB,TERRAFORM.
- When used for everything in the business domain;
- Permission type; this should indicate the amount of power the token wields. For example,
ADMIN,WRITE,READare clear and sufficient.
Examples,
DORMANT_USERS_SLACK_ADMINDNS_OCTODNS_WRITEJOIN_GITHUB_FLASK_ADMINOPS_ENG_GENERAL_ADMIN
This page was last reviewed on 5 November 2024.
It needs to be reviewed again on 5 February 2025
by the page owner #operations-engineering-alerts
.
This page was set to be reviewed before 5 February 2025
by the page owner #operations-engineering-alerts.
This might mean the content is out of date.