diff --git a/infra/crossplane/templates/secrets.yml b/infra/crossplane/templates/secrets.yml
deleted file mode 100644
index 8e01ca5..0000000
--- a/infra/crossplane/templates/secrets.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: proxmox-secret
-spec:
-  secretStoreRef:
-    name: vault
-    kind: ClusterSecretStore
-  target:
-    name: db-pass
-  data:
-    - secretKey: pm_api_url
-      remoteRef:
-        key: kv/crossplane/proxmox
-        property: pm_api_url
-    - secretKey: pm_password
-      remoteRef:
-        key: kv/crossplane/proxmox
-        property: pm_password
-    - secretKey: pm_user
-      remoteRef:
-        key: kv/crossplane/proxmox
-        property: pm_user
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: vault
diff --git a/infra/crossplane/templates/tofu.yml b/infra/crossplane/templates/tofu.yml
index 8ba1c12..6539434 100644
--- a/infra/crossplane/templates/tofu.yml
+++ b/infra/crossplane/templates/tofu.yml
@@ -4,3 +4,28 @@ metadata:
   name: provider-opentofu
 spec:
   package: xpkg.upbound.io/upbound/provider-opentofu:v0
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: proxmox-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: db-pass
+  data:
+    - secretKey: pm_api_url
+      remoteRef:
+        key: kv/crossplane/proxmox
+        property: pm_api_url
+    - secretKey: pm_password
+      remoteRef:
+        key: kv/crossplane/proxmox
+        property: pm_password
+    - secretKey: pm_user
+      remoteRef:
+        key: kv/crossplane/proxmox
+        property: pm_user