diff --git a/headlamp/external-secret.yaml b/headlamp/external-secret.yaml
new file mode 100644
index 0000000..f35d0c7
--- /dev/null
+++ b/headlamp/external-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: headlamp-oidc
+  namespace: headlamp
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: headlamp-oidc
+    creationPolicy: Owner
+  data:
+    - secretKey: clientSecret
+      remoteRef:
+        key: cluster-infrastructure/authelia
+        property: HEADLAMP_CLIENT_SECRET
diff --git a/headlamp/helm-values.yaml b/headlamp/helm-values.yaml
index 74525d1..093917b 100644
--- a/headlamp/helm-values.yaml
+++ b/headlamp/helm-values.yaml
@@ -32,9 +32,17 @@ ingress:
 
 # Config
 config:
-  baseURL: ""
+  baseURL: "https://kubernetes0213.kro.kr"
   oidc:
-    clientID: ""
+    clientID: "headlamp"
     clientSecret: ""
-    issuerURL: ""
-    scopes: ""
+    issuerURL: "https://auth0213.kro.kr"
+    scopes: "openid profile email groups"
+
+# OIDC client secret from ExternalSecret
+env:
+  - name: HEADLAMP_CONFIG_OIDC_clientSecret
+    valueFrom:
+      secretKeyRef:
+        name: headlamp-oidc
+        key: clientSecret
diff --git a/headlamp/kustomization.yaml b/headlamp/kustomization.yaml
index bd43e8a..6c563b1 100644
--- a/headlamp/kustomization.yaml
+++ b/headlamp/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ingress.yaml
+- external-secret.yaml