diff --git a/secret/secret.go b/secret/secret.go
index 6549f06a7..b4c778c16 100644
--- a/secret/secret.go
+++ b/secret/secret.go
@@ -21,6 +21,7 @@ type secretValue struct {
 	Length  int
 }
 
+// GeneratePasswords generates passwords.
 func GeneratePasswords(count, length uint) ([]string, error) {
 	passwords, err := passgen.GeneratePasswords(
 		count,
@@ -35,6 +36,7 @@ func GeneratePasswords(count, length uint) ([]string, error) {
 	return passwords, nil
 }
 
+// GeneratePassphrases generates human readable and rememberable passphrases.
 func GeneratePassphrases(count uint) ([]string, error) {
 	passphrases, err := passgen.GeneratePassphrases(
 		count,
@@ -62,12 +64,14 @@ func ReadSecretEnvVars(appEnv config.AppEnv) map[string]string {
 	return secretEnvVars
 }
 
+// TODO: should probably go in the config/app package?
 func ParseSecretEnvVarName(secretEnvVar string) string {
 	withoutPrefix := strings.TrimPrefix(secretEnvVar, "SECRET_")
 	withoutSuffix := strings.TrimSuffix(withoutPrefix, "_VERSION")
 	return strings.ToLower(withoutSuffix)
 }
 
+// TODO: should probably go in the config/app package?
 func ParseGeneratedSecretName(secret string, appEnv config.App) string {
 	name := fmt.Sprintf("%s_", appEnv.StackName())
 	withoutAppName := strings.TrimPrefix(secret, name)
@@ -75,6 +79,7 @@ func ParseGeneratedSecretName(secret string, appEnv config.App) string {
 	return withoutAppName[:idx]
 }
 
+// TODO: should probably go in the config/app package?
 func ParseSecretEnvVarValue(secret string) (secretValue, error) {
 	values := strings.Split(secret, "#")
 	if len(values) == 0 {
@@ -95,6 +100,7 @@ func ParseSecretEnvVarValue(secret string) (secretValue, error) {
 	}
 }
 
+// GenerateSecrets generates secrets locally and sends them to a remote server for storage.
 func GenerateSecrets(secretEnvVars map[string]string, appName, server string) (map[string]string, error) {
 	secrets := make(map[string]string)