diff --git a/dmz/traefik/templates/middleware.yaml b/dmz/traefik/templates/middleware.yaml
index 7e95660..e8dc601 100644
--- a/dmz/traefik/templates/middleware.yaml
+++ b/dmz/traefik/templates/middleware.yaml
@@ -1,8 +1,8 @@
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
-    name: authentik-proxy-provider
-    namespace: traefik
+  name: authentik-proxy-provider
+  namespace: traefik
 spec:
   forwardAuth:
     address: http://ak-outpost-dmz-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik?rd=$scheme://$http_host$request_uri
@@ -21,7 +21,6 @@ spec:
       - X-authentik-meta-version
 
 ---
-
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -33,3 +32,22 @@ spec:
       - 192.168.0.0/16
       - 172.16.0.0/12
       - 10.0.0.0/8
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: bouncer
+  namespace: traefik
+spec:
+  plugin:
+    bouncer:
+      enabled: true
+      crowdsecMode: stream
+      crowdsecLapiScheme: https
+      crowdsecLapiHost: crowdsec-service.crowdsec:8080
+      crowdsecLapiKey:
+        valueFrom:
+          secretKeyRef:
+            name: crowdsec-lapi-key
+            key: lapi-key
diff --git a/dmz/traefik/templates/secrets.yaml b/dmz/traefik/templates/secrets.yaml
new file mode 100644
index 0000000..4d72356
--- /dev/null
+++ b/dmz/traefik/templates/secrets.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: crowdsec-lapi-key
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: crowdsec-lapi-key
+  data:
+    - secretKey: lapi-key
+      remoteRef:
+        key: kv/crowdsec/api
+        property: key
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault