diff --git a/README.md b/README.md
index c8b7d660b636526a91933d9530c19e32eb515ff6..27c1f28c423bcf2fa95c2cff65b7b5be659fd896 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Options:
     	pprof listening address, e.g. 'localhost:6060'
   -proxyHeadersTimeout duration
     	How long to wait for response headers when proxying the request (default 5m0s)
-  -secretFile string
+  -secretPath string
     	File with secret key to authenticate with authBackend (default "./.gitlab_workhorse_secret")
   -version
     	Print version and exit
diff --git a/authorization_test.go b/authorization_test.go
index 3181867ceb88704c6a3982768cf335d701e9736a..602389cc2f88fefcf32c30045dfbde359a758973 100644
--- a/authorization_test.go
+++ b/authorization_test.go
@@ -32,7 +32,7 @@ func runPreAuthorizeHandler(t *testing.T, ts *httptest.Server, suffix string, ur
 		t.Fatal(err)
 	}
 	parsedURL := helper.URLMustParse(ts.URL)
-	a := api.NewAPI(parsedURL, "123", testhelper.SecretFile(), badgateway.TestRoundTripper(parsedURL))
+	a := api.NewAPI(parsedURL, "123", testhelper.SecretPath(), badgateway.TestRoundTripper(parsedURL))
 
 	response := httptest.NewRecorder()
 	a.PreAuthorizeHandler(okHandler, suffix).ServeHTTP(response, httpRequest)
@@ -86,7 +86,7 @@ func TestPreAuthorizeJWT(t *testing.T) {
 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
 			}
-			secretBytes, err := (&api.Secret{File: testhelper.SecretFile()}).Bytes()
+			secretBytes, err := (&api.Secret{Path: testhelper.SecretPath()}).Bytes()
 			if err != nil {
 				return nil, fmt.Errorf("read secret from file: %v", err)
 			}
diff --git a/internal/api/api.go b/internal/api/api.go
index 50e3463180d93ef3cd505823de3735df46c846a5..bfeab65c49070b549c70b34263f5e26283100ebc 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -27,12 +27,12 @@ type API struct {
 	Secret  *Secret
 }
 
-func NewAPI(myURL *url.URL, version, secretFile string, roundTripper *badgateway.RoundTripper) *API {
+func NewAPI(myURL *url.URL, version, secretPath string, roundTripper *badgateway.RoundTripper) *API {
 	return &API{
 		Client:  &http.Client{Transport: roundTripper},
 		URL:     myURL,
 		Version: version,
-		Secret:  &Secret{File: secretFile},
+		Secret:  &Secret{Path: secretPath},
 	}
 }
 
diff --git a/internal/api/secret.go b/internal/api/secret.go
index c7cae519c8504aad1a53bf74c275f7560b959c40..023bd1a1863f965250cc743f5939d3d1331b9a54 100644
--- a/internal/api/secret.go
+++ b/internal/api/secret.go
@@ -10,7 +10,7 @@ import (
 const numSecretBytes = 32
 
 type Secret struct {
-	File  string
+	Path  string
 	bytes []byte
 	sync.RWMutex
 }
@@ -33,9 +33,9 @@ func (s *Secret) getBytes() []byte {
 }
 
 func (s *Secret) setBytes() ([]byte, error) {
-	base64Bytes, err := ioutil.ReadFile(s.File)
+	base64Bytes, err := ioutil.ReadFile(s.Path)
 	if err != nil {
-		return nil, fmt.Errorf("read Secret.File: %v", err)
+		return nil, fmt.Errorf("read Secret.Path: %v", err)
 	}
 
 	secretBytes := make([]byte, base64.StdEncoding.DecodedLen(len(base64Bytes)))
@@ -45,7 +45,7 @@ func (s *Secret) setBytes() ([]byte, error) {
 	}
 
 	if n != numSecretBytes {
-		return nil, fmt.Errorf("expected %d secretBytes in %s, found %d", numSecretBytes, s.File, n)
+		return nil, fmt.Errorf("expected %d secretBytes in %s, found %d", numSecretBytes, s.Path, n)
 	}
 
 	s.Lock()
diff --git a/internal/artifacts/artifacts_upload_test.go b/internal/artifacts/artifacts_upload_test.go
index 8c5e59cfb997cc3dbe83cf63fbdd90eca14ac117..e9a214e99e3c36396958422818863de1a500e13a 100644
--- a/internal/artifacts/artifacts_upload_test.go
+++ b/internal/artifacts/artifacts_upload_test.go
@@ -93,7 +93,7 @@ func testUploadArtifacts(contentType string, body io.Reader, t *testing.T, ts *h
 	response := httptest.NewRecorder()
 	parsedURL := helper.URLMustParse(ts.URL)
 	roundTripper := badgateway.TestRoundTripper(parsedURL)
-	apiClient := api.NewAPI(parsedURL, "123", testhelper.SecretFile(), roundTripper)
+	apiClient := api.NewAPI(parsedURL, "123", testhelper.SecretPath(), roundTripper)
 	proxyClient := proxy.NewProxy(parsedURL, "123", roundTripper)
 	UploadArtifacts(apiClient, proxyClient).ServeHTTP(response, httpRequest)
 	return response
diff --git a/internal/testhelper/testhelper.go b/internal/testhelper/testhelper.go
index 63ad7b0925d16d02ee5e8a528ffc63c5bdd70ff0..09f409f48c4f110e68c65743896a889e943de0e6 100644
--- a/internal/testhelper/testhelper.go
+++ b/internal/testhelper/testhelper.go
@@ -15,7 +15,7 @@ import (
 	"testing"
 )
 
-func SecretFile() string {
+func SecretPath() string {
 	return path.Join(RootDir(), "testdata/test-secret")
 }
 
diff --git a/internal/upstream/routes.go b/internal/upstream/routes.go
index b7ecb2693ebd4c5c91642265878578cffd1d9d89..cfcb488b93030288f86cc4ee6fa49914ab94f05f 100644
--- a/internal/upstream/routes.go
+++ b/internal/upstream/routes.go
@@ -37,7 +37,7 @@ func (u *Upstream) configureRoutes() {
 	api := apipkg.NewAPI(
 		u.Backend,
 		u.Version,
-		u.SecretFile,
+		u.SecretPath,
 		u.RoundTripper,
 	)
 	static := &staticpages.Static{u.DocumentRoot}
diff --git a/internal/upstream/upstream.go b/internal/upstream/upstream.go
index 27a27af5813191c9e5bf25d043560d0c0474271f..a04e5051b01a871fde6821ce9ceadbafa0a6b154 100644
--- a/internal/upstream/upstream.go
+++ b/internal/upstream/upstream.go
@@ -23,7 +23,7 @@ var DefaultBackend = helper.URLMustParse("http://localhost:8080")
 type Upstream struct {
 	Backend         *url.URL
 	Version         string
-	SecretFile      string
+	SecretPath      string
 	DocumentRoot    string
 	DevelopmentMode bool
 
@@ -36,7 +36,7 @@ func NewUpstream(backend *url.URL, socket, version, secretFile, documentRoot str
 	up := Upstream{
 		Backend:         backend,
 		Version:         version,
-		SecretFile:      secretFile,
+		SecretPath:      secretFile,
 		DocumentRoot:    documentRoot,
 		DevelopmentMode: developmentMode,
 	}
diff --git a/main.go b/main.go
index 8a4962decf972e2671961e72058a1497b77c7946..0e77872137f4574c666f6e2c80c1b1ac76069bb4 100644
--- a/main.go
+++ b/main.go
@@ -40,7 +40,7 @@ var pprofListenAddr = flag.String("pprofListenAddr", "", "pprof listening addres
 var documentRoot = flag.String("documentRoot", "public", "Path to static files content")
 var proxyHeadersTimeout = flag.Duration("proxyHeadersTimeout", 5*time.Minute, "How long to wait for response headers when proxying the request")
 var developmentMode = flag.Bool("developmentMode", false, "Allow to serve assets from Rails app")
-var secretFile = flag.String("secretFile", "./.gitlab_workhorse_secret", "File with secret key to authenticate with authBackend")
+var secretPath = flag.String("secretPath", "./.gitlab_workhorse_secret", "File with secret key to authenticate with authBackend")
 
 func main() {
 	flag.Usage = func() {
@@ -87,7 +87,7 @@ func main() {
 		*authBackend,
 		*authSocket,
 		Version,
-		*secretFile,
+		*secretPath,
 		*documentRoot,
 		*developmentMode,
 		*proxyHeadersTimeout,
diff --git a/main_test.go b/main_test.go
index 2cbb5910c2b20fee559c6cd48d573d7acf04965f..23a68361886b9bc1f970a2811d0e424ab515af12 100644
--- a/main_test.go
+++ b/main_test.go
@@ -868,7 +868,7 @@ func startWorkhorseServer(authBackend string) *httptest.Server {
 		helper.URLMustParse(authBackend),
 		"",
 		"123",
-		testhelper.SecretFile(),
+		testhelper.SecretPath(),
 		testDocumentRoot,
 		false,
 		0,