diff --git a/k8s/apps/gitea/external-secrets.yaml b/k8s/apps/gitea/external-secrets.yaml
index 60c4514..f7ad74e 100644
--- a/k8s/apps/gitea/external-secrets.yaml
+++ b/k8s/apps/gitea/external-secrets.yaml
@@ -13,6 +13,10 @@ spec:
       data:
         token: |-
           {{ .password }}
+        GITEA__service__CF_TURNSTILE_SITEKEY: |-
+          {{ .CF_TURNSTILE_SITEKEY }}
+        GITEA__service__CF_TURNSTILE_SECRET: |-
+          {{ .CF_TURNSTILE_SECRET }}
   data:
     - secretKey: password
       sourceRef:
@@ -22,42 +26,19 @@ spec:
       remoteRef:
         key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
         property: login.password
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: gitea-recapcha-creds
-spec:
-  refreshInterval: 1m
-  target:
-    name: gitea-recapcha-creds
-    deletionPolicy: Delete
-    template:
-      type: Opaque
-      data:
-        GITEA__service__HCAPTCHA_SITEKEY: |-
-          {{ .HCAPTCHA_SITEKEY }}
-        GITEA__service__HCAPTCHA_SECRET: |-
-          {{ .HCAPTCHA_SECRET }}
-        GITEA__service__CF_TURNSTILE_SITEKEY: |-
-          {{ .CF_TURNSTILE_SITEKEY }}
-        GITEA__service__CF_TURNSTILE_SECRET: |-
-          {{ .CF_TURNSTILE_SECRET }}
-  data:
-    - secretKey: HCAPTCHA_SITEKEY
+    - secretKey: CF_TURNSTILE_SITEKEY
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
-        property: login.username
-    - secretKey: HCAPTCHA_SECRET
+        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
+        property: fields[0].value
+    - secretKey: CF_TURNSTILE_SECRET
       sourceRef:
         storeRef:
           name: vaultwarden-login
           kind: ClusterSecretStore
       remoteRef:
-        key: 89c8d8d2-6b53-42c5-805f-38a341ef163e
-        property: login.password
\ No newline at end of file
+        key: e475b5ab-ea3c-48a5-bb4c-a6bc552fc064
+        property: fields[1].value