Migration note: Migrated from ADR-0008 on 2026-05-02 per ADR-0047. Original file retained at
docs/adr/0008-caneast-public-naming.mdwith deprecation banner.
GOV-0005: CanEast Naming Convention for Public-Facing Documentation¶
Sources¶
- ADR-0008: CanEast naming convention for public-facing documentation (2026-03-31)
| Field | Value |
|---|---|
| ID | GOV-0005 |
| Date | 2026-03-31 |
| Status | Accepted |
| Deciders | Ben Peries |
| Class | security/GOV |
Status¶
Accepted — 2026-03-31
Context¶
The peries.ca portfolio site will publish documentation and architecture diagrams from the Archon platform. Exposing real hostnames, IP addresses, and port assignments creates an unnecessary attack surface.
Decision¶
All public-facing documentation uses CanEast as the platform alias with sanitized substitutions:
| Real | Public |
|---|---|
| caneast-site1-node2, caneast-site1-node3 | compute-node-01, compute-node-02 |
| 192.168.2.x | 10.x.x.0/24 (network/mask only) |
| Real port numbers | Functional description (e.g., "monitoring stack") |
| CanEast Workstation, CanEast Server | "x86 compute nodes" |
| CAE prefix | CanEast region prefix |
Internal documentation (caneast-site1-node2:[REDACTED]) uses real names and IPs. Only the MkDocs public layer for peries.ca uses CanEast naming.
Alternatives Considered¶
Full redaction — Removes too much context, diagrams become unreadable.
Real names in public docs — Unacceptable security posture for an internet-facing portfolio.
Generic names (node1, node2) — Less memorable and less enterprise-sounding than CanEast.
Consequences¶
- Two documentation layers: internal (real) and public (CanEast)
- Any automation agent updating docs must know which layer it is writing to
- Pipeline to auto-sanitize internal docs for public publish: see APPSEC-0002
References¶
- peries.ca (Cloudflare, Namespro.ca registrar)
- APPSEC-0002: Public docs DLP controls (sanitization pipeline implementing this naming convention)