diff --git a/code-server/kustomization.yaml b/code-server/kustomization.yaml
index 3c12939..a700a40 100644
--- a/code-server/kustomization.yaml
+++ b/code-server/kustomization.yaml
@@ -2,5 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: code-server
 resources:
-- vault/code-server-password.yaml
+- manifests/secret.yaml
 - manifests/rbac.yaml
diff --git a/code-server/vault/code-server-password.yaml b/code-server/manifests/secret.yaml
similarity index 100%
rename from code-server/vault/code-server-password.yaml
rename to code-server/manifests/secret.yaml
diff --git a/immich/kustomization.yaml b/immich/kustomization.yaml
index 50fb4cd..0455a27 100644
--- a/immich/kustomization.yaml
+++ b/immich/kustomization.yaml
@@ -2,6 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - manifests/pvc.yaml
-- vault/immich-postgres-password.yaml
-- vault/immich-oidc.yaml
+- manifests/secret.yaml
 namespace: immich
diff --git a/immich/vault/immich-oidc.yaml b/immich/manifests/secret.yaml
similarity index 50%
rename from immich/vault/immich-oidc.yaml
rename to immich/manifests/secret.yaml
index 1d8114e..32e4614 100644
--- a/immich/vault/immich-oidc.yaml
+++ b/immich/manifests/secret.yaml
@@ -1,5 +1,25 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
+metadata:
+  name: immich-postgres-password
+  namespace: immich
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: immich-postgres-password
+    creationPolicy: Owner
+  data:
+    - secretKey: password
+      remoteRef:
+        key: databases/postgresql
+        property: PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
 metadata:
   name: immich-oidc
   namespace: immich
diff --git a/immich/vault/immich-postgres-password.yaml b/immich/vault/immich-postgres-password.yaml
deleted file mode 100644
index 2ab759e..0000000
--- a/immich/vault/immich-postgres-password.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: immich-postgres-password
-  namespace: immich
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: immich-postgres-password
-    creationPolicy: Owner
-  data:
-    - secretKey: password
-      remoteRef:
-        key: databases/postgresql
-        property: PASSWORD
diff --git a/umami/kustomization.yaml b/umami/kustomization.yaml
index e6b1b38..c027c9c 100644
--- a/umami/kustomization.yaml
+++ b/umami/kustomization.yaml
@@ -1,5 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- vault/umami-password.yaml
+- manifests/secret.yaml
 - manifests/ingress.yaml
diff --git a/umami/vault/umami-password.yaml b/umami/manifests/secret.yaml
similarity index 100%
rename from umami/vault/umami-password.yaml
rename to umami/manifests/secret.yaml