diff --git a/platform/renovate/templates/secret.yaml b/platform/renovate/templates/secret.yaml
new file mode 100644
index 0000000000..fe32bc1cdd
--- /dev/null
+++ b/platform/renovate/templates/secret.yaml
@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: {{ .Values.renovate.existingSecret }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    template:
+      engineVersion: v2
+      data:
+        RENOVATE_TOKEN: {{` "{{ .token }}" `}}
+  data:
+    - secretKey: token
+      remoteRef:
+        key: /gitea/renovate
+        property: token
diff --git a/platform/renovate/values.yaml b/platform/renovate/values.yaml
index 2a1c9c9dd6..c3801694e9 100644
--- a/platform/renovate/values.yaml
+++ b/platform/renovate/values.yaml
@@ -10,9 +10,6 @@ renovate:
         "platform": "gitea",
         "endpoint": "https://git.khuedoan.com/api/v1",
         "gitAuthor": "Renovate Bot <bot@renovateapp.com>",
-        "token": "31a914fe134384e4044a7d3f7f965bea7a5be5b0",
-        "autodiscover": false,
-        "repositories": [
-          "ops/homelab"
-        ]
+        "autodiscover": true
       }
+  existingSecret: renovate-secret