diff --git a/infra/argocd/templates/crossplane-config.yaml b/infra/argocd/templates/crossplane-config.yaml
new file mode 100644
index 0000000..62ac79b
--- /dev/null
+++ b/infra/argocd/templates/crossplane-config.yaml
@@ -0,0 +1,66 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: argocd-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: argocd-secret
+  data:
+    - secretKey: authToken
+      remoteRef:
+        key: kv/argocd/provider-argocd
+        property: token
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: prod-kubeconfig
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: prod-kubeconfig
+  data:
+    - secretKey: kubeconfig
+      remoteRef:
+        key: kv/argocd/prd
+        property: kubeconfig
+
+---
+apiVersion: argocd.crossplane.io/v1alpha1
+kind: ProviderConfig
+metadata:
+  name: argocd-provider
+spec:
+  serverAddr: argocd-server.argocd.svc:443
+  insecure: true
+  plainText: false
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane
+      name: argocd-secret
+      key: authToken
+
+---
+apiVersion: cluster.argocd.crossplane.io/v1alpha1
+kind: Cluster
+metadata:
+  name: prd-cluster
+  labels:
+    purpose: prd
+spec:
+  forProvider:
+    name: prd-cluster
+    config:
+      kubeconfigSecretRef:
+        name: prod-kubeconfig
+        namespace: crossplane
+        key: kubeconfig
+  providerConfigRef:
+    name: argocd-provider