diff --git a/k8s/core/external-secrets-extra/external-secrets.yaml b/k8s/core/external-secrets-extra/external-secrets.yaml
deleted file mode 100644
index 8c693d0..0000000
--- a/k8s/core/external-secrets-extra/external-secrets.yaml
+++ /dev/null
@@ -1,150 +0,0 @@
-# ---
-# apiVersion: v1
-# kind: Secret
-# metadata:
-#   name: bitwarden-cli
-#   namespace: external-secrets
-# data:
-#   BW_HOST: base64(url)
-#   BW_USERNAME: base64(name)
-#   BW_PASSWORD: base64(pass)
-# 81212111-6350-4069-8bcf-19a67d3964a5
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bitwarden-cli
-  namespace: external-secrets
-  labels:
-    reloader.stakater.com/auto: "true"
-    app.kubernetes.io/instance: bitwarden-cli
-    app.kubernetes.io/name: bitwarden-cli
-spec:
-  replicas: 1
-  strategy:
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: bitwarden-cli
-      app.kubernetes.io/instance: bitwarden-cli
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: bitwarden-cli
-        app.kubernetes.io/instance: bitwarden-cli
-    spec:
-      nodeSelector:
-        kubernetes.io/arch: amd64
-        kubernetes.io/hostname: master.tail2fe2d.ts.net
-      containers:
-        - name: bitwarden-cli
-          image: ultradesu/bitwarden-client:2024.7.2
-          imagePullPolicy: Always
-          env:
-            - name: BW_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-cli
-                  key: BW_HOST
-            - name: BW_USER
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-cli
-                  key: BW_USERNAME
-            - name: BW_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: bitwarden-cli
-                  key: BW_PASSWORD
-          ports:
-            - name: http
-              containerPort: 8087
-              protocol: TCP
-          livenessProbe:
-            exec:
-              command:
-                - wget
-                - -q
-                - http://127.0.0.1:8087/sync
-                - --post-data=''
-            initialDelaySeconds: 20
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 120
-          readinessProbe:
-            tcpSocket:
-              port: 8087
-            initialDelaySeconds: 20
-            failureThreshold: 3
-            timeoutSeconds: 1
-            periodSeconds: 10
-          startupProbe:
-            tcpSocket:
-              port: 8087
-            initialDelaySeconds: 10
-            failureThreshold: 30
-            timeoutSeconds: 1
-            periodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: bitwarden-cli
-  namespace: external-secrets
-  labels:
-    app.kubernetes.io/instance: bitwarden-cli
-    app.kubernetes.io/name: bitwarden-cli
-  annotations:
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8087
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app.kubernetes.io/name: bitwarden-cli
-    app.kubernetes.io/instance: bitwarden-cli
----
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  namespace: external-secrets
-  name: external-secret-2-bw-cli
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/instance: bitwarden-cli
-      app.kubernetes.io/name: bitwarden-cli
-  ingress:
-    - from:
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/instance: external-secrets
-              app.kubernetes.io/name: external-secrets
-
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vaultwarden-login
-spec:
-  provider:
-    webhook:
-      url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}"
-      headers:
-        Content-Type: application/json
-      result:
-        jsonPath: "$.data.{{ .remoteRef.property }}"
----
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vaultwarden-fields
-spec:
-  provider:
-    webhook:
-      url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}"
-      result:
-        jsonPath: "$.data.fields[?@.name==\"{{ .remoteRef.property }}\"].value"
-
diff --git a/k8s/state/apps/external-secrets-extra.yaml b/k8s/state/apps/external-secrets-extra.yaml
deleted file mode 100644
index 422cf8c..0000000
--- a/k8s/state/apps/external-secrets-extra.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: external-secrets-extras
-  namespace: argocd
-spec:
-  project: homelab
-  source:
-    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
-    targetRevision: HEAD
-    path: k8s/core/external-secrets-extra
-    directory:
-      recurse: true
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: external-secrets
-  syncPolicy:
-    automated:
-      selfHeal: true
-      prune: true
-
diff --git a/k8s/state/apps/external-secrets.yaml b/k8s/state/apps/external-secrets.yaml
index aee3372..8bed413 100644
--- a/k8s/state/apps/external-secrets.yaml
+++ b/k8s/state/apps/external-secrets.yaml
@@ -5,19 +5,15 @@ metadata:
   namespace: argocd
 spec:
   project: homelab
-  source:
-    repoURL: https://charts.external-secrets.io
-    chart: external-secrets
-    targetRevision: 0.9.13
-    helm:
-      releaseName: external-secrets
-      values: |
-        installCRDs: true
   destination:
-    server: https://kubernetes.default.svc
     namespace: external-secrets
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: ssh://git@gt.hexor.cy:30022/ab/homelab.git
+    targetRevision: HEAD
+    path: k8s/core/external-secrets
   syncPolicy:
     automated:
-      prune: true
       selfHeal: true
+      prune: true