diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go
index 36584da4add..390b8c5f1d8 100644
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@@ -25,6 +25,7 @@ import (
 	"time"
 
 	"k8s.io/api/core/v1"
+	bootstrapapi "k8s.io/kubernetes/pkg/bootstrap/api"
 	"k8s.io/kubernetes/pkg/registry/core/service/ipallocator"
 	"k8s.io/kubernetes/pkg/util/version"
 )
@@ -220,7 +221,7 @@ var (
 	AuthorizationWebhookConfigPath = filepath.Join(KubernetesDir, "webhook_authz.conf")
 
 	// DefaultTokenUsages specifies the default functions a token will get
-	DefaultTokenUsages = []string{"signing", "authentication"}
+	DefaultTokenUsages = bootstrapapi.KnownTokenUsages
 
 	// MasterComponents defines the master component names
 	MasterComponents = []string{KubeAPIServer, KubeControllerManager, KubeScheduler}
diff --git a/pkg/bootstrap/api/helpers.go b/pkg/bootstrap/api/helpers.go
index 01859bc37fe..c750cf75830 100644
--- a/pkg/bootstrap/api/helpers.go
+++ b/pkg/bootstrap/api/helpers.go
@@ -37,16 +37,15 @@ func ValidateBootstrapGroupName(name string) error {
 
 // ValidateUsages validates that the passed in string are valid usage strings for bootstrap tokens.
 func ValidateUsages(usages []string) error {
-	usageAuthentication := strings.TrimPrefix(BootstrapTokenUsageAuthentication, BootstrapTokenUsagePrefix)
-	usageSigning := strings.TrimPrefix(BootstrapTokenUsageSigningKey, BootstrapTokenUsagePrefix)
+	validUsages := sets.NewString(KnownTokenUsages...)
 	invalidUsages := sets.NewString()
 	for _, usage := range usages {
-		if usage != usageAuthentication && usage != usageSigning {
+		if !validUsages.Has(usage) {
 			invalidUsages.Insert(usage)
 		}
 	}
 	if len(invalidUsages) > 0 {
-		return fmt.Errorf("invalide bootstrap token usage string: %s, valid usage option: %s, %s", strings.Join(invalidUsages.List(), ","), usageAuthentication, usageSigning)
+		return fmt.Errorf("invalide bootstrap token usage string: %s, valid usage options: %s", strings.Join(invalidUsages.List(), ","), strings.Join(KnownTokenUsages, ","))
 	}
 	return nil
 }
diff --git a/pkg/bootstrap/api/types.go b/pkg/bootstrap/api/types.go
index a4e67a1c249..c30814c0e26 100644
--- a/pkg/bootstrap/api/types.go
+++ b/pkg/bootstrap/api/types.go
@@ -95,3 +95,6 @@ const (
 	// tokens (in addition to any groups from BootstrapTokenExtraGroupsKey).
 	BootstrapDefaultGroup = "system:bootstrappers"
 )
+
+// KnownTokenUsages specifies the known functions a token will get.
+var KnownTokenUsages = []string{"signing", "authentication"}