diff --git a/applicationsets/applicationset-secrets.yaml b/applicationsets/applicationset-secrets.yaml
new file mode 100644
index 0000000..3280130
--- /dev/null
+++ b/applicationsets/applicationset-secrets.yaml
@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: cloudflare-tunnel-secrets
+  namespace: argocd
+spec:
+  generators:
+    - list:
+        elements:
+          - appName: cloudflare-tunnel-infra
+          - appName: cloudflare-tunnel-my-apps
+  template:
+    metadata:
+      name: "{{appName}}-secret"
+    spec:
+      project: cloudflare
+      source:
+        repoURL: ssh://git@gitea-ssh.dev-tools.svc.cluster.local:2222/dvirlabs/cloudflare.git
+        targetRevision: HEAD
+        path: manifests/{{appName}}
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: cloudflare
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - CreateNamespace=true
diff --git a/applicationsets/applicationset.yaml b/applicationsets/applicationset.yaml
index b97b492..59cebe9 100644
--- a/applicationsets/applicationset.yaml
+++ b/applicationsets/applicationset.yaml
@@ -22,6 +22,9 @@ spec:
           releaseName: "{{appName}}"
           valueFiles:
             - "../../manifests/{{appName}}/values.yaml"
+          parameters:
+            - name: cloudflare.secretName
+              value: "{{appName}}-credentials"
       destination:
         server: https://kubernetes.default.svc
         namespace: "cloudflare"
diff --git a/manifests/cloudflare-tunnel-infra/secret.yaml b/manifests/cloudflare-tunnel-infra/secret.yaml
new file mode 100644
index 0000000..c00a92b
--- /dev/null
+++ b/manifests/cloudflare-tunnel-infra/secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-tunnel-infra-credentials
+  namespace: cloudflare
+type: Opaque
+stringData:
+  credentials.json: |
+    {
+      "AccountTag": "",
+      "TunnelSecret": "",
+      "TunnelID": ""
+    }
diff --git a/manifests/cloudflare-tunnel-my-apps/secret.yaml b/manifests/cloudflare-tunnel-my-apps/secret.yaml
new file mode 100644
index 0000000..0b673ba
--- /dev/null
+++ b/manifests/cloudflare-tunnel-my-apps/secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-tunnel-my-apps-credentials
+  namespace: cloudflare
+type: Opaque
+stringData:
+  credentials.json: |
+    {
+      "AccountTag": "d4704b8c40b2f95b2c7bf7ee4ecc52f8",
+      "TunnelID": "6de9c798-265c-421d-9547-5797342eee5e",
+      "TunnelSecret": "ZDExNDJmYjEtMDY0OS00N2I5LTk3ZDEtYTIwZGYxM2Y2MzNm"
+    }
\ No newline at end of file
diff --git a/manifests/cloudflare-tunnel-my-apps/values.yaml b/manifests/cloudflare-tunnel-my-apps/values.yaml
index 8fbf508..5c74201 100644
--- a/manifests/cloudflare-tunnel-my-apps/values.yaml
+++ b/manifests/cloudflare-tunnel-my-apps/values.yaml
@@ -1,18 +1,12 @@
 cloudflare:
-  tunnelName: b50bbf48-0a2f-47ce-b73e-336b6718318b
+  tunnelName: 6de9c798-265c-421d-9547-5797342eee5e
   enableWarp: false
-  secretName: cloudflared-creds
-  ingress:
-cloudflared:
-  image:
-    repository: cloudflare/cloudflared
-    tag: "2025.6.0"
-    pullPolicy: IfNotPresent
-  metrics:
-    enabled: false
-  args:
-    - tunnel
-    - --config
-    - /etc/cloudflared/config/config.yaml
-    - run
-    - b50bbf48-0a2f-47ce-b73e-336b6718318b
+  secretName: cloudflare-tunnel-my-apps-credentials
+  ingress: []
+
+image:
+  repository: cloudflare/cloudflared
+  tag: "2025.6.0"
+  pullPolicy: IfNotPresent
+
+replicaCount: 2