diff --git a/deployments/auth/authentik.yaml b/deployments/auth/authentik.yaml
index 3495270..68e607b 100644
--- a/deployments/auth/authentik.yaml
+++ b/deployments/auth/authentik.yaml
@@ -34,19 +34,33 @@ spec:
     disableWait: false
   timeout: 10m
   values:
-    authentik:
-      secret_key: 'testtesttesttesttesttest'
-
+    secret:
+      create: false
+      existingSecret: authentik-secret
     server:
       ingress:
+        env:
+          - name: SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: authentik-secret
+                key: secret-key
         enabled: true
+        ingressClassName: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: "letsencrypt-prod"
+          external-dns.alpha.kubernetes.io/hostname: auth.hxme.net
         hosts:
-          - auth.hxme.net
-
+          - host: auth.hxme.net
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - secretName: authentik-tls
+            hosts:
+              - auth.hxme.net
     postgresql:
-      enabled: true
-      auth:
-        password: "JustAShitPassword"
-
+      enabled: true  # Set to false if using external DB
     redis:
-      enabled: true
+      enabled: true  # Set to false if using external Redis
+
diff --git a/deployments/kustomization.yaml b/deployments/kustomization.yaml
index 92e5910..04b8189 100644
--- a/deployments/kustomization.yaml
+++ b/deployments/kustomization.yaml
@@ -12,5 +12,6 @@ resources:
   - dns/bind.yaml
   - dns/externaldns.yaml
   - ssl/certmanager.yaml
+  - auth/authentik.yaml
   - files/nextcloud.yaml
   - files/syncthing.yaml