diff --git a/api/kyverno/v1/constants.go b/api/kyverno/v1/constants.go
index a5e948e741..570675c28a 100644
--- a/api/kyverno/v1/constants.go
+++ b/api/kyverno/v1/constants.go
@@ -3,4 +3,8 @@ package v1
 const (
 	// PodControllersAnnotation defines the annotation key for Pod-Controllers
 	PodControllersAnnotation = "pod-policies.kyverno.io/autogen-controllers"
+	// LabelAppManagedBy defines the label key for managed-by label
+	LabelAppManagedBy = "app.kubernetes.io/managed-by"
+	// ValueKyvernoApp defines the kyverno application value
+	ValueKyvernoApp = "kyverno"
 )
diff --git a/pkg/background/common/labels.go b/pkg/background/common/labels.go
index 05deb82a97..577985f2e5 100644
--- a/pkg/background/common/labels.go
+++ b/pkg/background/common/labels.go
@@ -5,6 +5,7 @@ import (
 	"reflect"
 	"strings"
 
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	pkglabels "k8s.io/apimachinery/pkg/labels"
@@ -70,8 +71,8 @@ func GenerateLabelsSet(policyKey string, trigger Object) pkglabels.Set {
 
 func managedBy(labels map[string]string) {
 	// ManagedBy label
-	key := "app.kubernetes.io/managed-by"
-	value := "kyverno"
+	key := kyvernov1.LabelAppManagedBy
+	value := kyvernov1.ValueKyvernoApp
 	val, ok := labels[key]
 	if ok {
 		if val != value {
diff --git a/pkg/policyreport/policyreport.go b/pkg/policyreport/policyreport.go
index 8b810c5217..c6bd61dfed 100644
--- a/pkg/policyreport/policyreport.go
+++ b/pkg/policyreport/policyreport.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	"github.com/cornelk/hashmap"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
@@ -230,7 +231,7 @@ func CleanupPolicyReport(client versioned.Interface) error {
 	var gracePeriod int64 = 0
 
 	deleteOptions := metav1.DeleteOptions{GracePeriodSeconds: &gracePeriod}
-	selector := labels.SelectorFromSet(labels.Set(map[string]string{LabelSelectorKey: LabelSelectorValue}))
+	selector := labels.SelectorFromSet(labels.Set(map[string]string{LabelSelectorKey: kyvernov1.ValueKyvernoApp}))
 
 	err := client.KyvernoV1alpha2().ClusterReportChangeRequests().DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
 	if err != nil {
diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go
index 08668e6282..1c7712d6a0 100644
--- a/pkg/policyreport/reportcontroller.go
+++ b/pkg/policyreport/reportcontroller.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
@@ -38,8 +39,7 @@ const (
 	prWorkQueueName     = "policy-report-controller"
 	clusterpolicyreport = "clusterpolicyreport"
 
-	LabelSelectorKey   = "managed-by"
-	LabelSelectorValue = "kyverno"
+	LabelSelectorKey = "managed-by"
 
 	deletedPolicyKey = "deletedpolicy"
 
@@ -48,7 +48,7 @@ const (
 
 var LabelSelector = &metav1.LabelSelector{
 	MatchLabels: map[string]string{
-		LabelSelectorKey: LabelSelectorValue,
+		LabelSelectorKey: kyvernov1.ValueKyvernoApp,
 	},
 }
 
diff --git a/pkg/tls/renewer.go b/pkg/tls/renewer.go
index 576158e035..98c8d3c1d2 100644
--- a/pkg/tls/renewer.go
+++ b/pkg/tls/renewer.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -213,7 +214,7 @@ func (c *CertRenewer) writeSecret(name string, key *rsa.PrivateKey, certs ...*x5
 				Name:      name,
 				Namespace: config.KyvernoNamespace(),
 				Labels: map[string]string{
-					ManagedByLabel: "kyverno",
+					ManagedByLabel: kyvernov1.ValueKyvernoApp,
 				},
 			},
 			Type: corev1.SecretTypeTLS,
diff --git a/pkg/tls/utils.go b/pkg/tls/utils.go
index afc9fe9b46..cb12735f4e 100644
--- a/pkg/tls/utils.go
+++ b/pkg/tls/utils.go
@@ -6,6 +6,7 @@ import (
 	"encoding/pem"
 	"time"
 
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -103,7 +104,7 @@ func IsSecretManagedByKyverno(secret *corev1.Secret) bool {
 		if labels == nil {
 			return false
 		}
-		if labels[ManagedByLabel] != "kyverno" {
+		if labels[ManagedByLabel] != kyvernov1.ValueKyvernoApp {
 			return false
 		}
 	}
diff --git a/pkg/webhookconfig/common.go b/pkg/webhookconfig/common.go
index 7435c0f906..a256fe5556 100644
--- a/pkg/webhookconfig/common.go
+++ b/pkg/webhookconfig/common.go
@@ -7,6 +7,7 @@ import (
 	"reflect"
 	"strings"
 
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/tls"
@@ -19,7 +20,6 @@ import (
 
 const (
 	managedByLabel string = "webhook.kyverno.io/managed-by"
-	kyvernoValue   string = "kyverno"
 )
 
 var (
@@ -38,7 +38,7 @@ var (
 	}
 	vertifyObjectSelector = &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			"app.kubernetes.io/name": kyvernoValue,
+			"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
 		},
 	}
 	update       = []admissionregistrationv1.OperationType{admissionregistrationv1.Update}
@@ -75,7 +75,7 @@ func getHealthyPodsIP(pods []corev1.Pod) []string {
 func (wrc *Register) GetKubePolicyClusterRoleName() (*rbacv1.ClusterRole, error) {
 	selector := &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			"app.kubernetes.io/name": kyvernoValue,
+			"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
 		},
 	}
 	clusterRoles, err := wrc.kubeClient.RbacV1().ClusterRoles().List(context.TODO(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)})
@@ -199,7 +199,7 @@ func generateObjectMeta(name string, owner ...metav1.OwnerReference) metav1.Obje
 	return metav1.ObjectMeta{
 		Name: name,
 		Labels: map[string]string{
-			managedByLabel: kyvernoValue,
+			managedByLabel: kyvernov1.ValueKyvernoApp,
 		},
 		OwnerReferences: owner,
 	}
diff --git a/pkg/webhookconfig/registration.go b/pkg/webhookconfig/registration.go
index 7aa95ef637..86a27f60fd 100644
--- a/pkg/webhookconfig/registration.go
+++ b/pkg/webhookconfig/registration.go
@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	kyvernov1informers "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
@@ -223,7 +224,7 @@ func (wrc *Register) GetWebhookTimeOut() time.Duration {
 func (wrc *Register) UpdateWebhooksCaBundle() error {
 	selector := &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			managedByLabel: kyvernoValue,
+			managedByLabel: kyvernov1.ValueKyvernoApp,
 		},
 	}
 	caData := wrc.readCaData()
@@ -419,7 +420,7 @@ func (wrc *Register) checkEndpoint() error {
 	}
 	selector := &metav1.LabelSelector{
 		MatchLabels: map[string]string{
-			"app.kubernetes.io/name": "kyverno",
+			"app.kubernetes.io/name": kyvernov1.ValueKyvernoApp,
 		},
 	}
 	pods, err := wrc.kubeClient.CoreV1().Pods(config.KyvernoNamespace()).List(context.TODO(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)})
diff --git a/pkg/webhookconfig/status.go b/pkg/webhookconfig/status.go
index 9cf82b55ad..4c4c49da5b 100644
--- a/pkg/webhookconfig/status.go
+++ b/pkg/webhookconfig/status.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/pkg/errors"
@@ -106,7 +107,7 @@ func (vc statusControl) UpdateLastRequestTimestmap(new time.Time) error {
 	label := lease.GetLabels()
 	if len(label) == 0 {
 		label = make(map[string]string)
-		label["app.kubernetes.io/name"] = "kyverno"
+		label["app.kubernetes.io/name"] = kyvernov1.ValueKyvernoApp
 	}
 	lease.SetLabels(label)
 
diff --git a/pkg/webhooks/resource/generation/generation.go b/pkg/webhooks/resource/generation/generation.go
index f8142f6df3..daa93ed429 100644
--- a/pkg/webhooks/resource/generation/generation.go
+++ b/pkg/webhooks/resource/generation/generation.go
@@ -156,7 +156,7 @@ func (h *generationHandler) HandleUpdatesForGenerateRules(request *admissionv1.A
 		h.handleUpdateGenerateSourceResource(resLabels)
 	}
 
-	if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && resLabels["policy.kyverno.io/synchronize"] == "enable" && request.Operation == admissionv1.Update {
+	if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp && resLabels["policy.kyverno.io/synchronize"] == "enable" && request.Operation == admissionv1.Update {
 		h.handleUpdateGenerateTargetResource(request, policies, resLabels)
 	}
 }
diff --git a/pkg/webhooks/resource/handlers.go b/pkg/webhooks/resource/handlers.go
index a834d64458..81c5193c71 100644
--- a/pkg/webhooks/resource/handlers.go
+++ b/pkg/webhooks/resource/handlers.go
@@ -211,7 +211,7 @@ func (h *handlers) handleDelete(logger logr.Logger, request *admissionv1.Admissi
 		}
 
 		resLabels := resource.GetLabels()
-		if resLabels["app.kubernetes.io/managed-by"] == "kyverno" {
+		if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp {
 			urName := resLabels["policy.kyverno.io/gr-name"]
 			ur, err := h.urLister.Get(urName)
 			if err != nil {
diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go
index 234da103a5..a8b90dcbde 100644
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/go-logr/logr"
 	"github.com/julienschmidt/httprouter"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/toggle"
 	"github.com/kyverno/kyverno/pkg/utils"
@@ -133,7 +134,7 @@ func protect(inner handlers.AdmissionHandler) handlers.AdmissionHandler {
 			}
 			for _, resource := range []unstructured.Unstructured{newResource, oldResource} {
 				resLabels := resource.GetLabels()
-				if resLabels["app.kubernetes.io/managed-by"] == "kyverno" {
+				if resLabels[kyvernov1.LabelAppManagedBy] == kyvernov1.ValueKyvernoApp {
 					if request.UserInfo.Username != fmt.Sprintf("system:serviceaccount:%s:%s", config.KyvernoNamespace(), config.KyvernoServiceAccountName()) {
 						logger.Info("Access to the resource not authorized, this is a kyverno managed resource and should be altered only by kyverno")
 						return admissionutils.ResponseFailure("A kyverno managed resource can only be modified by kyverno")