diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index c718fe1bf..b3c0a93f2 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -425,3 +425,7 @@ rbenv_plugins:
   - { name: "rbenv-update",       repo: "https://github.com/rkh/rbenv-update.git",         version: "master" }
   - { name: "rbenv-whatis",       repo: "https://github.com/rkh/rbenv-whatis.git",         version: "master" }
   - { name: "rbenv-use",          repo: "https://github.com/rkh/rbenv-use.git",            version: "master" }
+
+template_notice: |
+  # Managed via ofn-install, any changes will be overwritten.
+  # Please notify @devs of any changes in [#devops](https://openfoodnetwork.slack.com/archives/CEBMTRCNS) (But do not share secrets in public channel!)
diff --git a/roles/app/templates/env.j2 b/roles/app/templates/env.j2
index 1822de2ab..5877527c3 100644
--- a/roles/app/templates/env.j2
+++ b/roles/app/templates/env.j2
@@ -1,4 +1,4 @@
-# Managed via ofn-install
+{{ template_notice }}
 
 SECRET_TOKEN="{{ secret_token }}"
 
diff --git a/roles/app/templates/postgresql.yml.j2 b/roles/app/templates/postgresql.yml.j2
index 61c09a5fd..57285699d 100644
--- a/roles/app/templates/postgresql.yml.j2
+++ b/roles/app/templates/postgresql.yml.j2
@@ -1,3 +1,5 @@
+{{ template_notice }}
+
 development:
   adapter: postgresql
   encoding: unicode
diff --git a/roles/app_user/templates/bash_profile.j2 b/roles/app_user/templates/bash_profile.j2
index 80ef1599f..740422b8d 100644
--- a/roles/app_user/templates/bash_profile.j2
+++ b/roles/app_user/templates/bash_profile.j2
@@ -1,3 +1,5 @@
+{{ template_notice }}
+
 set -o allexport
 . /etc/default/openfoodnetwork
 set +o allexport
diff --git a/roles/app_user/templates/defaults.j2 b/roles/app_user/templates/defaults.j2
index 7722ac16b..639121c2f 100644
--- a/roles/app_user/templates/defaults.j2
+++ b/roles/app_user/templates/defaults.j2
@@ -1,3 +1,5 @@
+{{ template_notice }}
+
 RAILS_ENV={{ rails_env }}
 
 {% if db_user is defined %}
diff --git a/roles/app_user/templates/sudoers.j2 b/roles/app_user/templates/sudoers.j2
index 48cf125b6..1f74f0c86 100644
--- a/roles/app_user/templates/sudoers.j2
+++ b/roles/app_user/templates/sudoers.j2
@@ -1,2 +1,4 @@
+{{ template_notice }}
+
 # app user needs passwordless sudo for concrete commands
 {{ app_user }} ALL=(ALL) NOPASSWD: /bin/systemctl start puma.service, /bin/systemctl stop puma.service, /bin/systemctl restart puma.service,  /bin/systemctl reload puma.service, /bin/systemctl start sidekiq.service, /bin/systemctl stop sidekiq.service, /bin/systemctl restart sidekiq.service