1 files changed, 31 insertions, 7 deletions

diff --git a/docs/stanford-naming b/docs/stanford-naming
index f887a69..f2a45a7 100644
--- a/docs/stanford-naming
+++ b/docs/stanford-naming
@@ -70,13 +70,6 @@ Object Naming
     Then, we use the following naming conventions for different types of
     objects:
 
-    <group>-<service>-db-<name>
-
-        Stores the database password for the database named <name>.  This
-        may be a file containing only the database password or a Perl
-        AppConfig configuration file with the database connection
-        information including the password.
-
     <group>-<server>-htpasswd-<app>
 
         An .htpasswd file for HTTP Basic Authentication for special-case
@@ -109,6 +102,30 @@ Object Naming
         The public certificate we manage external to wallet since it
         doesn't need to be protected or encrypted.
 
+    <group>-<server>-tivoli-key
+
+        The Tivoli backup encryption key for this server.  This is stored
+        in the same file as the password used to connect to the Tivoli
+        server, so both are stored together.  This file is found at
+        /etc/adsm/TSM.PWD.  It must be base64-encoded before being stored
+        in the wallet.
+
+    <group>-<service>-config-<name>
+
+        A configuration file named <name> that contains some secure
+        information, such as a database password.  Ideally, the secure
+        data should be stored in a separate file and assembled into the
+        configuration file, but that isn't always the path of least
+        resistance.  Only use this naming convention if there is not a
+        more specific one below.
+
+    <group>-<service>-db-<name>
+
+        Stores the database password for the database named <name>.  This
+        may be a file containing only the database password or a Perl
+        AppConfig configuration file with the database connection
+        information including the password.
+
     <group>-<service>-gpg-key
 
         Stores the GnuPG private key for a service that needs to do GnuPG
@@ -122,6 +139,13 @@ Object Naming
         sometimes it's too hard to separate out chunks of a properties
         file.
 
+    <group>-<service>-puppetconf
+
+        A puppet.conf configuration file for Puppet that contains some
+        secure data (such as SSL key passwords or database passwords).
+        Ideally the secure data should be stored in separate files, but
+        Puppet likes to use a single configuration file.
+
     <group>-<service>-shibboleth
 
         The shibboleth.xml configuration file for a service, when it