diff --git a/services/teleport-agent/.sops.yaml b/services/teleport-agent/.sops.yaml
index 9fa527f..68cff37 100644
--- a/services/teleport-agent/.sops.yaml
+++ b/services/teleport-agent/.sops.yaml
@@ -1,6 +1,6 @@
 creation_rules:
   # encrypt all values from file
-  - path_regex: \.private\.dec\.yaml$
+  - path_regex: \.dec\.yaml$
     encrypted_regex: '^(.*)$'
     age:
       - age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
diff --git a/services/teleport-agent/deploy/app/helm-values.yaml b/services/teleport-agent/deploy/app/helm-values.yaml
index 2e76393..fce2ee7 100644
--- a/services/teleport-agent/deploy/app/helm-values.yaml
+++ b/services/teleport-agent/deploy/app/helm-values.yaml
@@ -1,27 +1,21 @@
-apiVersion: v1
-kind: Secret
-metadata:
-    name: teleport-agent-helm-values
-type: Opaque
-stringData:
-    roles: ENC[AES256_GCM,data:dZbBW2pN4bvnAc3JKkm14K0j,iv:FNW6J7fBDwvzpd4wFNMV9s5xPhzgcinNc35AJe92vS8=,tag:std8hln71lkmJa8JOA9qyA==,type:str]
-    authToken: ENC[AES256_GCM,data:TaSucn3vGY7+jyGPVfq+LKEkvZQjC0Xph9SyfaW71mg=,iv:MS88d4Srv0TubcE14bb+c2y7k2TH1NIGuym9mjl080g=,tag:p8/ScCUqijPofvNohH7+6Q==,type:str]
-    proxyAddr: ENC[AES256_GCM,data:kEkE6sA63fe55OTQpuopTDtvTR2CGjjqD+t9Tp3vNQ==,iv:nx3DW4gXqA+0YEDrcoo0JQ/vApCNb6PylIos2aT8MoA=,tag:pYwYLhXGHx+l0Jtbc/jXlQ==,type:str]
-    kubeClusterName: ENC[AES256_GCM,data:0svPYQ==,iv:0KcabIrVDlFv2VYiqv+AXX4q8sHHmd9AQ+dWJ0n8LiM=,tag:k+iE5cVaAg6ETfbkM7dWLw==,type:str]
-    labels:
-        teleport.internal/resource-id: ENC[AES256_GCM,data:afTwUCv2+fsnclBsk90/1PVAMpffNvl8TzVRohuzOQ5RNgaE,iv:PnoP/fBw5XRLQj6+7n4AE8z0Bp7it11utnP+K73PuoM=,tag:ojJ90NYEvB2hFJ/W0RWRyA==,type:str]
+roles: ENC[AES256_GCM,data:V6c0nUJHEJSIn7x2td1fsu3Z,iv:SpunDcin29/HPTcYvrBg2TOuQ2nF84ws/Q2UcrKuM84=,tag:jiRmo1kTq2DBfSLEU5hs1g==,type:str]
+authToken: ENC[AES256_GCM,data:Vs9OdBiKGtOIqemaOxd7O80cg3iILFPeOoQE59xgsXs=,iv:wZq9Ku0mDKqxyNA+Kakf2pEBtTtoMU1GaU0rWNXZIJQ=,tag:ytUNpMFrvhvbxoKM+huh/Q==,type:str]
+proxyAddr: ENC[AES256_GCM,data:aK9ToxoMDdInzV2VJJc6kngwqWljIXKpUMezOtOz9w==,iv:zCapobE296+sF+dMAfVIbF3VjIOoHIfoCh+o+yC/4vo=,tag:fJUgpb7rGZEAjXFaxWza3w==,type:str]
+kubeClusterName: ENC[AES256_GCM,data:tcqJ9g==,iv:wHnEIYvY2xhDTXnyscc4pF2Nzi7nQ8LMsgo7WUSaY8s=,tag:NGdVwky0bNIuYoDP11F+UA==,type:str]
+labels:
+    teleport.internal/resource-id: ENC[AES256_GCM,data:IKbdgf4hNknfA/kXsaH1z0UQwhJsRu9KCNao7aL+TeFGGopt,iv:Ot0doICVrMgtQ9SLvix2rQt3Ha6EWr0QR05YNd63mTw=,tag:CQxPieOr3VNnTsD8SoMwVw==,type:str]
 sops:
     age:
         - enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdjJNMkdHUHd2NndvYkg2
-            akVxa2RzWEZKbUM2VmNnc0xNbjdoUjVLdTJvClhkRU45eUFER2ZtcmM4aWFidEhO
-            bjRkNU9qa3BGUUZwWUJvUVJQcStiUncKLS0tIHFtTG5UUWEvaFFvUSt6Z2tXTFcy
-            c0pQNzJzWUFORXF6Z1pyOWxHTFN3bW8KR3PKPKUlQGW9c3UNizaoIHEZGjXnE1cc
-            WwC5wnPzDM8KQCp2Pq1lTlgYqy4AXXrIfyCy8k+C/YXV2UJaoLS7rg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbm82K2wrVXJVTWh1RXRE
+            bUZiMGQ1ZlBpcUt4by9zeGJ6WnhnamZVRkdZCkRibUVCMnA3RTNqNndUNktBaHdN
+            VjhXZnErN1JFUllFbllnMmRod1hTRTgKLS0tIEhyc1FlMXpmV1hOMEFxaElDS0cx
+            emFwTWlMWjFBNFhtWmtxdHYvbmIwV3MKi83uXKpBbKYTiJIf6A1YMG+U/ZSX/UCE
+            V4h2xcLlsu1rjuailVgmtV8wVghhjVM6Wb8aZF4Q7ynhA74Dqxugvg==
             -----END AGE ENCRYPTED FILE-----
           recipient: age1f9e4pvp5y8gzuk8mz2s5xm85dd7znxhk56tcpuxqwn78qfjwja0qekwlju
-    encrypted_regex: ^(data|stringData)$
-    lastmodified: "2026-06-07T14:45:32Z"
-    mac: ENC[AES256_GCM,data:vWVha0Nhg2AuNtV5WTij8cM1wnVSxHDE7xHvAk1z6f1xRJwN8RNBK4g/+pYI4mYo0cUaX6gEyvJ63aBCqemfGUSCKyc48wBpl6wT9HwBwwxHZJRv4SnoYiMC6e8KfhbZuSduqMK4d6gMZnr0K0wYQcSoxSCW2Ug58eE6y28qycg=,iv:p6ePxnOTPEQ6kJE85SqT7NoQArN4A+uN/UTg8jfkm8k=,tag:IWRHiEKGcizuqc3KN+pt1w==,type:str]
+    encrypted_regex: ^(.*)$
+    lastmodified: "2026-06-07T15:01:33Z"
+    mac: ENC[AES256_GCM,data:hl8B/i8k1ZiRoFkPxGyHAy+L1xZk/gr10oXajvViTjtQ427/QPBRhNGSzW2zaCrHkJjrXiEeTwBL8Gr/UWuMnYOWSRQb7+HTfuc8CaPPKlyTF+ebQlaaTAJxxx+FtOPmVHa/Iff0bzwgo8GOINP7WGJBCJJe0TpEbIJ1NI5ACbw=,iv:9i3knyMoU6fwCeNKHO/muUAqkEsiCaDJXx+m++dVqkQ=,tag:QUO2oDebijoR+o4DN256aA==,type:str]
     version: 3.13.1
diff --git a/services/teleport-agent/deploy/app/kustomization.yaml b/services/teleport-agent/deploy/app/kustomization.yaml
index 08f15eb..c97da0d 100644
--- a/services/teleport-agent/deploy/app/kustomization.yaml
+++ b/services/teleport-agent/deploy/app/kustomization.yaml
@@ -4,4 +4,7 @@ namespace: teleport-agent
 resources:
  - helm-repo.yaml 
  - helm-release.yaml 
- - helm-values.yaml
\ No newline at end of file
+secretGenerator:
+  - name: teleport-agent-helm-values
+    files:
+      - values.yaml=helm-values.yaml