diff --git a/k8s/core/argocd/external-secrets.yaml b/k8s/core/argocd/external-secrets.yaml
new file mode 100644
index 0000000..9fc6363
--- /dev/null
+++ b/k8s/core/argocd/external-secrets.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: oidc-creds
+  namespace: argocd
+spec:
+  target:
+    name: oidc-creds
+    deletionPolicy: Delete
+    template:
+      type: Opaque
+      data:
+        client-id: |-
+          {{ .client-id }}
+        client-secret: |-
+          {{ .client-secret }}
+  data:
+    - secretKey: client-id
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 1062e5b4-5380-49f1-97c3-340f26f3487e
+        property: fields[0].value
+    - secretKey: client-secret
+      sourceRef:
+        storeRef:
+          name: vaultwarden-login
+          kind: ClusterSecretStore
+      remoteRef:
+        key: 1062e5b4-5380-49f1-97c3-340f26f3487e
+        property: fields[1].value
+