diff --git a/pkg/internal/cyberark/dataupload/dataupload.go b/pkg/internal/cyberark/dataupload/dataupload.go
index e2b8a868..dfc6365f 100644
--- a/pkg/internal/cyberark/dataupload/dataupload.go
+++ b/pkg/internal/cyberark/dataupload/dataupload.go
@@ -16,6 +16,7 @@ import (
 	"k8s.io/client-go/transport"
 
 	"github.com/jetstack/preflight/api"
+	"github.com/jetstack/preflight/pkg/internal/cyberark"
 	"github.com/jetstack/preflight/pkg/version"
 )
 
@@ -23,11 +24,6 @@ const (
 	// maxRetrievePresignedUploadURLBodySize is the maximum allowed size for a response body from the
 	// Retrieve Presigned Upload URL service.
 	maxRetrievePresignedUploadURLBodySize = 10 * 1024
-
-	// apiPathSnapshotLinks is the URL path of the snapshot-links endpoint of the inventory API.
-	// This endpoint returns an AWS presigned URL.
-	// TODO(wallrj): Link to CyberArk API documentation when it is published.
-	apiPathSnapshotLinks = "/api/ingestions/kubernetes/snapshot-links"
 )
 
 type CyberArkClient struct {
@@ -114,7 +110,7 @@ func (c *CyberArkClient) PostDataReadingsWithOptions(ctx context.Context, payloa
 }
 
 func (c *CyberArkClient) retrievePresignedUploadURL(ctx context.Context, checksum string, opts Options) (string, error) {
-	uploadURL, err := url.JoinPath(c.baseURL, apiPathSnapshotLinks)
+	uploadURL, err := url.JoinPath(c.baseURL, cyberark.EndpointSnapshotLinks)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/internal/cyberark/dataupload/dataupload_test.go b/pkg/internal/cyberark/dataupload/dataupload_test.go
index cadb296a..7b80aec6 100644
--- a/pkg/internal/cyberark/dataupload/dataupload_test.go
+++ b/pkg/internal/cyberark/dataupload/dataupload_test.go
@@ -1,4 +1,4 @@
-package dataupload_test
+package dataupload
 
 import (
 	"crypto/x509"
@@ -11,13 +11,13 @@ import (
 
 	"github.com/stretchr/testify/require"
 	"k8s.io/klog/v2"
-	"k8s.io/klog/v2/ktesting"
 
 	"github.com/jetstack/preflight/api"
-	"github.com/jetstack/preflight/pkg/internal/cyberark/dataupload"
 	"github.com/jetstack/preflight/pkg/internal/cyberark/identity"
 	"github.com/jetstack/preflight/pkg/internal/cyberark/servicediscovery"
+	cyberarktesting "github.com/jetstack/preflight/pkg/internal/cyberark/testing"
 
+	"k8s.io/klog/v2/ktesting"
 	_ "k8s.io/klog/v2/ktesting/init"
 )
 
@@ -39,7 +39,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 			},
 		},
 	}
-	defaultOpts := dataupload.Options{
+	defaultOpts := Options{
 		ClusterName: "success-cluster-id",
 	}
 
@@ -54,7 +54,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 		name         string
 		payload      api.DataReadingsPost
 		authenticate func(req *http.Request) error
-		opts         dataupload.Options
+		opts         Options
 		requireFn    func(t *testing.T, err error)
 	}{
 		{
@@ -69,7 +69,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 		{
 			name:         "error when cluster name is empty",
 			payload:      defaultPayload,
-			opts:         dataupload.Options{ClusterName: ""},
+			opts:         Options{ClusterName: ""},
 			authenticate: setToken("success-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.ErrorContains(t, err, "programmer mistake: the cluster name")
@@ -87,7 +87,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 		{
 			name:         "invalid JSON from server (RetrievePresignedUploadURL step)",
 			payload:      defaultPayload,
-			opts:         dataupload.Options{ClusterName: "invalid-json-retrieve-presigned"},
+			opts:         Options{ClusterName: "invalid-json-retrieve-presigned"},
 			authenticate: setToken("success-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.ErrorContains(t, err, "while retrieving snapshot upload URL: rejecting JSON response from server as it was too large or was truncated")
@@ -96,7 +96,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 		{
 			name:         "500 from server (RetrievePresignedUploadURL step)",
 			payload:      defaultPayload,
-			opts:         dataupload.Options{ClusterName: "invalid-response-post-data"},
+			opts:         Options{ClusterName: "invalid-response-post-data"},
 			authenticate: setToken("success-token"),
 			requireFn: func(t *testing.T, err error) {
 				require.ErrorContains(t, err, "while retrieving snapshot upload URL: received response with status code 500: mock error")
@@ -106,7 +106,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			server := dataupload.MockDataUploadServer()
+			server := cyberarktesting.MockDataUploadServer()
 			defer server.Close()
 
 			certPool := x509.NewCertPool()
@@ -115,7 +115,7 @@ func TestCyberArkClient_PostDataReadingsWithOptions(t *testing.T) {
 				Bytes: server.Server.TLS.Certificates[0].Certificate[0],
 			})))
 
-			cyberArkClient, err := dataupload.NewCyberArkClient(certPool, server.Server.URL, tc.authenticate)
+			cyberArkClient, err := NewCyberArkClient(certPool, server.Server.URL, tc.authenticate)
 			require.NoError(t, err)
 
 			err = cyberArkClient.PostDataReadingsWithOptions(t.Context(), tc.payload, tc.opts)
@@ -169,10 +169,10 @@ func TestPostDataReadingsWithOptionsWithRealAPI(t *testing.T) {
 	err = identityClient.LoginUsernamePassword(ctx, username, []byte(secret))
 	require.NoError(t, err)
 
-	cyberArkClient, err := dataupload.NewCyberArkClient(nil, serviceURL, identityClient.AuthenticateRequest)
+	cyberArkClient, err := NewCyberArkClient(nil, serviceURL, identityClient.AuthenticateRequest)
 	require.NoError(t, err)
 
-	err = cyberArkClient.PostDataReadingsWithOptions(ctx, api.DataReadingsPost{}, dataupload.Options{
+	err = cyberArkClient.PostDataReadingsWithOptions(ctx, api.DataReadingsPost{}, Options{
 		ClusterName: "bb068932-c80d-460d-88df-34bc7f3f3297",
 	})
 	require.NoError(t, err)
diff --git a/pkg/internal/cyberark/endpoints.go b/pkg/internal/cyberark/endpoints.go
new file mode 100644
index 00000000..34452b5a
--- /dev/null
+++ b/pkg/internal/cyberark/endpoints.go
@@ -0,0 +1,8 @@
+package cyberark
+
+const (
+	// EndpointSnapshotLinks is the URL path of the snapshot-links endpoint of the inventory API.
+	// This endpoint returns an AWS presigned URL.
+	// TODO(wallrj): Link to CyberArk API documentation when it is published.
+	EndpointSnapshotLinks = "/api/ingestions/kubernetes/snapshot-links"
+)
diff --git a/pkg/internal/cyberark/dataupload/mock.go b/pkg/internal/cyberark/testing/mock.go
similarity index 97%
rename from pkg/internal/cyberark/dataupload/mock.go
rename to pkg/internal/cyberark/testing/mock.go
index ad92e462..bda43aff 100644
--- a/pkg/internal/cyberark/dataupload/mock.go
+++ b/pkg/internal/cyberark/testing/mock.go
@@ -1,4 +1,4 @@
-package dataupload
+package testing
 
 import (
 	"crypto/sha256"
@@ -9,9 +9,8 @@ import (
 	"net/http"
 	"net/http/httptest"
 
+	"github.com/jetstack/preflight/pkg/internal/cyberark"
 	"github.com/jetstack/preflight/pkg/version"
-
-	_ "embed"
 )
 
 const (
@@ -37,7 +36,7 @@ func (mds *mockDataUploadServer) Close() {
 
 func (mds *mockDataUploadServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch r.URL.Path {
-	case apiPathSnapshotLinks:
+	case cyberark.EndpointSnapshotLinks:
 		mds.handleSnapshotLinks(w, r)
 		return
 	case "/presigned-upload":