diff --git a/argocd-apps/external-secrets-config.yaml b/argocd-apps/external-secrets-config.yaml
new file mode 100644
index 0000000..9d8b9c4
--- /dev/null
+++ b/argocd-apps/external-secrets-config.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-secrets-config
+  namespace: argocd
+spec:
+  project: dev-tools
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/dev-tools.git
+    targetRevision: master
+    path: manifests/external-secrets
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: external-secrets
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/manifests/external-secrets/clustersecretstore.yaml b/manifests/external-secrets/clustersecretstore.yaml
new file mode 100644
index 0000000..c73d977
--- /dev/null
+++ b/manifests/external-secrets/clustersecretstore.yaml
@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: "http://vault.dev-tools.svc.cluster.local:8200"
+      path: "secret"
+      version: "v2"
+      auth:
+        tokenSecretRef:
+          name: vault-init
+          key: root-token
+          namespace: dev-tools
\ No newline at end of file
diff --git a/manifests/external-secrets/values.yaml b/manifests/external-secrets/values.yaml
index c73d977..f3c16f0 100644
--- a/manifests/external-secrets/values.yaml
+++ b/manifests/external-secrets/values.yaml
@@ -1,15 +1,25 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vault-backend
-spec:
-  provider:
-    vault:
-      server: "http://vault.dev-tools.svc.cluster.local:8200"
-      path: "secret"
-      version: "v2"
-      auth:
-        tokenSecretRef:
-          name: vault-init
-          key: root-token
-          namespace: dev-tools
\ No newline at end of file
+installCRDs: true
+
+image:
+  repository: ghcr.io/external-secrets/external-secrets
+  tag: v0.9.19
+  pullPolicy: IfNotPresent
+  flavour: default
+
+webhook:
+  enabled: true
+  image:
+    repository: ghcr.io/external-secrets/external-secrets
+    tag: v0.9.19
+    flavour: webhook
+
+certController:
+  enabled: true
+  image:
+    repository: ghcr.io/external-secrets/external-secrets
+    tag: v0.9.19
+    flavour: cert-controller
+  certs:
+    duration: 8760h
+    renewBefore: 720h
+    selfSigned: true
\ No newline at end of file