diff --git a/.env.template b/.env.template
index f01896f35d9f678fcba7c5a968d16ee3c115769a..05ab3a8960882958c0e9f1043fa87f61579272d1 100644
--- a/.env.template
+++ b/.env.template
@@ -20,8 +20,7 @@ DATABASE_USER
 DATABASE_PASSWORD
 DATABASE_NAME
 
-# rename this to backoffice token ?
-SGE_API_TOKEN
+BO_API_TOKEN
 
 GRDF_CLIENT_ID
 GRDF_CLIENT_SECRET
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9bb73691eaa3856199c4935935b9ebf56f5b1ea0..258ea3124f8cffde8471803535840b6f3d4b2f60 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -141,7 +141,7 @@ deploy_rec:
     - sed -i "s/{{DATABASE_PASSWORD}}/$REC_DATABASE_PASSWORD/" ./k8s/secrets/ecolyo-agent-database.yml
     - sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
-    - sed -i "s/{{SGE_API_TOKEN}}/$REC_SGE_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+    - sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
@@ -173,7 +173,7 @@ deploy_prod:
     - sed -i "s/{{DATABASE_PASSWORD}}/$PROD_DATABASE_PASSWORD/" ./k8s/secrets/ecolyo-agent-database.yml
     - sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
-    - sed -i "s/{{SGE_API_TOKEN}}/$PROD_SGE_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
+    - sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
     - sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 860511c060dda2a24bec483dee7ccbde5f074ccd..8838dbdd5de3fa28619526e689eeb988a6b5fa9d 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -25,9 +25,9 @@ const (
 var (
 	AnimatorRole = common.StringValueFromEnv("ANIMATOR_ROLE", "ANIMATORS")
 	// AdminRole represents the role reserved for admins
-	AdminRole   = common.StringValueFromEnv("ADMIN_ROLE", "ADMINS")
-	hostname    = common.StringValueFromEnv("HOSTNAME", "ecolyobackoffice.127.0.0.1.nip.io")
-	SGEApiToken = common.StringValueFromEnv("SGE_API_TOKEN", "sgetoken")
+	AdminRole  = common.StringValueFromEnv("ADMIN_ROLE", "ADMINS")
+	hostname   = common.StringValueFromEnv("HOSTNAME", "ecolyobackoffice.127.0.0.1.nip.io")
+	BOApiToken = common.StringValueFromEnv("BO_API_TOKEN", "sgetoken")
 )
 
 // User represents a logged in user
@@ -120,7 +120,7 @@ func ValidateAuthMiddleware(next http.Handler, allowedRoles []string, checkXSRF
 func BOAuthMiddleware(next http.Handler) http.Handler {
 	tokenChecker := func(w http.ResponseWriter, r *http.Request) {
 		// Check API Token
-		if r.Header.Get("Authorization") != "Bearer "+SGEApiToken {
+		if r.Header.Get("Authorization") != "Bearer "+BOApiToken {
 			http.Error(w, "invalid token", http.StatusUnauthorized)
 			return
 		}
diff --git a/internal/rootmux/rootmux_test.go b/internal/rootmux/rootmux_test.go
index f5de0866c37b003aec423fc178a2c825b30f7ac1..1258e607fea578697c8f1da1d537642032b298cb 100644
--- a/internal/rootmux/rootmux_test.go
+++ b/internal/rootmux/rootmux_test.go
@@ -66,7 +66,7 @@ func TestMain(m *testing.M) {
 	os.Setenv("TOKEN_URL", oAuth2Server.URL+"/token")
 	os.Setenv("USERINFO_URL", oAuth2Server.URL+"/animatorinfo")
 	os.Setenv("LOGOUT_URL", oAuth2Server.URL+"/logout")
-	os.Setenv("SGE_API_TOKEN", "sgeApiToken")
+	os.Setenv("BO_API_TOKEN", "boApiToken")
 
 	// Setup the token manager to use debug mode
 	os.Setenv("DEBUG_MODE", "true")
@@ -301,7 +301,7 @@ func sgeTests(t *testing.T) {
 	do("DELETE", "/api/sge/consent/1", noH, "", http.StatusUnauthorized, ErrorInvalidToken)
 
 	// Create correct authorization header
-	boApiHeader := map[string]string{"Authorization": "Bearer " + auth.SGEApiToken}
+	boApiHeader := map[string]string{"Authorization": "Bearer " + auth.BOApiToken}
 	// Try to create a consent  (must pass)
 	do("POST", "/api/sge/consent", boApiHeader, consentStr, http.StatusCreated, `{"ID":"52fdfc07-2182-454f-963f-5f0f9a621d72"`)
 	// Try to create another consent  (must pass)
@@ -328,7 +328,7 @@ func grdfTests(t *testing.T) {
 	do("DELETE", "/api/grdf/consent/1", noH, "", http.StatusUnauthorized, ErrorInvalidToken)
 
 	// Create correct authorization header
-	boApiHeader := map[string]string{"Authorization": "Bearer " + auth.SGEApiToken}
+	boApiHeader := map[string]string{"Authorization": "Bearer " + auth.BOApiToken}
 	// Try to create a consent  (must pass)
 	do("POST", "/api/grdf/consent", boApiHeader, grdfConsentStr, http.StatusCreated, `{"ID":"81855ad8-681d-4d86-91e9-1e00167939cb"`)
 	// Try to create another consent  (must pass)
diff --git a/k8s/secrets/ecolyo-agent-server-config.yml b/k8s/secrets/ecolyo-agent-server-config.yml
index 8974c8859484cd795e436a6099fa62327854795b..8beaebcd8d310d2546c52060152f15e5fa404c80 100644
--- a/k8s/secrets/ecolyo-agent-server-config.yml
+++ b/k8s/secrets/ecolyo-agent-server-config.yml
@@ -17,7 +17,7 @@ stringData:
   IMAGE_FOLDER: mnt/image-lib
   MOCK_OAUTH2: 'false'
   REDIRECT_URL: 'https://{{HOSTNAME}}/OAuth2Callback'
-  SGE_API_TOKEN: {{SGE_API_TOKEN}}
+  BO_API_TOKEN: {{BO_API_TOKEN}}
   TOKEN_URL: {{TOKEN_URL}}
   USERINFO_URL: {{USERINFO_URL}}
   GRDF_CLIENT_ID: {{GRDF_CLIENT_ID}}