diff --git a/charts/eck-resources/my-values/values-int.yaml b/charts/eck-resources/my-values/values-int.yaml
index 8159326..90aff5b 100644
--- a/charts/eck-resources/my-values/values-int.yaml
+++ b/charts/eck-resources/my-values/values-int.yaml
@@ -1,2 +1,6 @@
 env: int
-host: kibana-int.dvirlabs.com
\ No newline at end of file
+host: kibana-int.dvirlabs.com
+
+oidc:
+  existingSecret: kibana-oidc-secret
+  realm: lab
\ No newline at end of file
diff --git a/charts/eck-resources/my-values/values-prod.yaml b/charts/eck-resources/my-values/values-prod.yaml
index b27f32d..cecd3a2 100644
--- a/charts/eck-resources/my-values/values-prod.yaml
+++ b/charts/eck-resources/my-values/values-prod.yaml
@@ -1,2 +1,6 @@
 env: prod
-host: kibana.dvirlabs.com
\ No newline at end of file
+host: kibana.dvirlabs.com
+
+oidc:
+  existingSecret: kibana-oidc-secret
+  realm: lab
diff --git a/charts/eck-resources/templates/kibana.yaml b/charts/eck-resources/templates/kibana.yaml
index 5b8042b..58c0f8a 100644
--- a/charts/eck-resources/templates/kibana.yaml
+++ b/charts/eck-resources/templates/kibana.yaml
@@ -2,17 +2,28 @@ apiVersion: kibana.k8s.elastic.co/v1
 kind: Kibana
 metadata:
   name: kibana-{{ .Values.env }}
+  namespace: monitoring
 spec:
   version: 8.12.0
   count: 1
   elasticsearchRef:
     name: elasticsearch-{{ .Values.env }}
   config:
-    server:
-      basePath: ""
-      rewriteBasePath: false
-      ssl:
-        enabled: false
+    xpack.security.authc.providers:
+      oidc.oidc1:
+        order: 0
+        realm: "keycloak"
+    xpack.security.authc.oidc.realms.keycloak:
+      order: 0
+      rp.client_id: "kibana"
+      rp.response_type: "code"
+      rp.redirect_uri: "https://{{ .Values.host }}/api/security/oidc/callback"
+      rp.post_logout_redirect_uri: "https://{{ .Values.host }}"
+      rp.client_secret: {{ (lookup "v1" "Secret" "monitoring" .Values.oidc.existingSecret).data.clientSecret | b64dec | quote }}
+      idp.metadata_url: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}/.well-known/openid-configuration"
+      idp.entity_id: "https://keycloak.dvirlabs.com/realms/{{ .Values.oidc.realm }}"
+      claim_patterns.principal: "preferred_username"
+      claim_patterns.groups: "roles"
   http:
     tls:
       selfSignedCertificate:
diff --git a/manifests/external-secrets/grafana.yaml b/manifests/external-secrets/grafana/external-secret.yaml
similarity index 100%
rename from manifests/external-secrets/grafana.yaml
rename to manifests/external-secrets/grafana/external-secret.yaml
diff --git a/manifests/external-secrets/kibana/external-secret.yaml b/manifests/external-secrets/kibana/external-secret.yaml
new file mode 100644
index 0000000..70ad109
--- /dev/null
+++ b/manifests/external-secrets/kibana/external-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: kibana-oidc-secret
+  namespace: monitoring
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: kibana-oidc-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: clientSecret
+      remoteRef:
+        key: secret/kibana/oidc
+        property: clientSecret