diff --git a/k8s/core/oauth2-proxy/external-secrets.yaml b/k8s/core/oauth2-proxy/external-secrets.yaml
index 85de258..fd9be9e 100644
--- a/k8s/core/oauth2-proxy/external-secrets.yaml
+++ b/k8s/core/oauth2-proxy/external-secrets.yaml
@@ -10,10 +10,10 @@ spec:
     template:
       type: Opaque
       data:
-        client_id: oauth2-proxy
-        client_secret: |-
+        client-id: oauth2-proxy
+        client-secret: |-
           {{ .client_secret }}
-        cookie_secret: |-
+        cookie-secret: |-
           {{ .cookie_secret }}
   data:
     - secretKey: client_secret
diff --git a/k8s/core/oauth2-proxy/values.yaml b/k8s/core/oauth2-proxy/values.yaml
index 987a52b..006e2a9 100644
--- a/k8s/core/oauth2-proxy/values.yaml
+++ b/k8s/core/oauth2-proxy/values.yaml
@@ -1,6 +1,7 @@
 replicaCount: 1
 
 config:
+  existingSecret: oauth2-proxy-creds
   configFile: |-
     provider = "keycloak-oidc"
     provider_display_name = "Keycloak"
@@ -21,23 +22,6 @@ config:
     code_challenge_method = "S256"
     scope = "openid profile email"
 
-extraEnv:
-  - name: OAUTH2_PROXY_CLIENT_ID
-    valueFrom:
-      secretKeyRef:
-        name: oauth2-proxy-creds
-        key: client_id
-  - name: OAUTH2_PROXY_CLIENT_SECRET
-    valueFrom:
-      secretKeyRef:
-        name: oauth2-proxy-creds
-        key: client_secret
-  - name: OAUTH2_PROXY_COOKIE_SECRET
-    valueFrom:
-      secretKeyRef:
-        name: oauth2-proxy-creds
-        key: cookie_secret
-
 ingress:
   enabled: true
   className: traefik