diff --git a/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml b/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml
index aa205c00..d85f96ee 100644
--- a/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml
+++ b/freeleaps/helm-pkg/devops/templates/devops/deployment.yaml
@@ -100,12 +100,25 @@ spec:
           {{- end}}
           env:
             {{- range $key, $value := .Values.devops.configs }}
+            {{- if not (or (eq $key "appMongodbUri") (eq $key "rabbitmqPassword")) }}
             - name: {{ $key | snakecase | upper }}
               valueFrom:
                 secretKeyRef:
                   name: devops-config
                   key: {{ $key | snakecase | upper }}
             {{- end }}
+            {{- end }}
+            # Inject secrets from FreeleapsSecret object
+            {{- if .Values.devops.secrets }}
+            {{ $targetSecretName := .Values.devops.secrets.target.name }}
+            {{- range .Values.devops.secrets.data }}
+            - name: {{ .key | snakecase | upper }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $targetSecretName }}
+                  key: {{ .key }}
+            {{- end }}
+            {{- end }}
 # {{- if .Values.logIngest.enabled }}
 #         volumeMounts:
 #           - name: app-logs
diff --git a/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml b/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml
index 3812e16e..f8bfeb39 100644
--- a/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml
+++ b/freeleaps/helm-pkg/devops/templates/devops/devops-config.yaml
@@ -13,7 +13,6 @@ data:
   REFRESH_TOKEN_EXPIRE_DAYS: {{ .Values.devops.configs.refreshTokenExpireDays | toString | b64enc | quote }}
   APP_MONGODB_NAME: {{ .Values.devops.configs.appMongodbName | b64enc | quote }}
   APP_MONGODB_PORT: {{ .Values.devops.configs.appMongodbPort | toString | b64enc | quote }}
-  APP_MONGODB_URI: {{ .Values.devops.configs.appMongodbUri | b64enc | quote }}
   METRICS_ENABLED: {{ .Values.devops.configs.metricsEnabled | toString | b64enc | quote }}
   PROBES_ENABLED: {{ .Values.devops.configs.probesEnabled | toString | b64enc | quote }}
   BASE_GITEA_URL: {{ .Values.devops.configs.baseGiteaUrl | b64enc | quote }}
@@ -29,7 +28,6 @@ data:
   RABBITMQ_HOST: {{ .Values.devops.configs.rabbitmqHost | b64enc | quote }}
   RABBITMQ_PORT: {{ .Values.devops.configs.rabbitmqPort | toString | b64enc | quote }}
   RABBITMQ_USERNAME: {{ .Values.devops.configs.rabbitmqUsername | b64enc | quote }}
-  RABBITMQ_PASSWORD: {{ .Values.devops.configs.rabbitmqPassword | b64enc | quote }}
   RABBITMQ_VIRTUAL_HOST: {{ .Values.devops.configs.rabbitmqVirtualHost | b64enc | quote }}
   RABBITMQ_OUTPUT_QUEUE_NAME: {{ .Values.devops.configs.rabbitmqOutputQueueName | b64enc | quote }}
   RABBITMQ_INPUT_QUEUE_NAME: {{ .Values.devops.configs.rabbitmqInputQueueName | b64enc | quote }}
\ No newline at end of file
diff --git a/freeleaps/helm-pkg/devops/templates/devops/freeleapssecret.yaml b/freeleaps/helm-pkg/devops/templates/devops/freeleapssecret.yaml
new file mode 100644
index 00000000..e170818a
--- /dev/null
+++ b/freeleaps/helm-pkg/devops/templates/devops/freeleapssecret.yaml
@@ -0,0 +1,20 @@
+apiVersion: freeleaps.com/v1alpha1
+kind: FreeleapsSecret
+metadata:
+  name: {{ .Values.devops.secrets.target.name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretStoreRef:
+    kind: {{ .Values.devops.secrets.secretStoreRef.kind }}
+    name: {{ .Values.devops.secrets.secretStoreRef.name }}
+  target:
+    name: {{ .Values.devops.secrets.target.name }}
+    creationPolicy: {{ .Values.devops.secrets.target.creationPolicy }}
+  refreshInterval: {{ .Values.devops.secrets.refreshInterval }}
+  data:
+{{- range .Values.devops.secrets.data }}
+  - secretKey: {{ .key }}
+    remoteRef:
+      key: {{ .remoteRef.key }}
+      type: {{ .remoteRef.type }}
+{{- end }}
diff --git a/freeleaps/helm-pkg/devops/values.alpha.yaml b/freeleaps/helm-pkg/devops/values.alpha.yaml
index 29a88495..c28d093f 100644
--- a/freeleaps/helm-pkg/devops/values.alpha.yaml
+++ b/freeleaps/helm-pkg/devops/values.alpha.yaml
@@ -46,7 +46,6 @@ devops:
     refreshTokenExpireDays: '1'
     appMongodbName: freeleaps2
     appMongodbPort: '27017'
-    appMongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
     metricsEnabled: 'false'
     probesEnabled: 'true'
     baseGiteaUrl: https://alpha.gitea.freeleaps.mathmast.com
@@ -62,10 +61,27 @@ devops:
     rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
     rabbitmqPort: 5672
     rabbitmqUsername: user
-    rabbitmqPassword: NjlhHFvnDuC7K0ir
     rabbitmqVirtualHost: /
     rabbitmqOutputQueueName: freeleaps.devops.reconciler.output
     rabbitmqInputQueueName: freeleaps.devops.reconciler.input
+  
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-devops-alpha-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: appMongodbUri
+        remoteRef:
+          key: "freeleaps-alpha-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-alpha-rabbitmq-password"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false
diff --git a/freeleaps/helm-pkg/devops/values.prod.yaml b/freeleaps/helm-pkg/devops/values.prod.yaml
index d6beddad..8c8aad90 100644
--- a/freeleaps/helm-pkg/devops/values.prod.yaml
+++ b/freeleaps/helm-pkg/devops/values.prod.yaml
@@ -46,7 +46,6 @@ devops:
     refreshTokenExpireDays: '1'
     appMongodbName: freeleaps2
     appMongodbPort: '27017'
-    appMongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
     metricsEnabled: 'false'
     probesEnabled: 'true'
     baseGiteaUrl: https://alpha.gitea.freeleaps.mathmast.com
@@ -62,10 +61,27 @@ devops:
     rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
     rabbitmqPort: 5672
     rabbitmqUsername: user
-    rabbitmqPassword: NjlhHFvnDuC7K0ir
     rabbitmqVirtualHost: /
     rabbitmqOutputQueueName: freeleaps.devops.reconciler.output
     rabbitmqInputQueueName: freeleaps.devops.reconciler.input
+  # AKV secrets configuration
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-devops-prod-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: appMongodbUri
+        remoteRef:
+          key: "freeleaps-prod-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-prod-rabbitmq-password"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false
diff --git a/freeleaps/helm-pkg/devops/values.yaml b/freeleaps/helm-pkg/devops/values.yaml
index 6c2d99f5..dc9634de 100644
--- a/freeleaps/helm-pkg/devops/values.yaml
+++ b/freeleaps/helm-pkg/devops/values.yaml
@@ -72,6 +72,24 @@ devops:
     # Mock mode configuration
     mockMode: "false"
     mockResponseDelay: "1000"
+  # AKV secrets configuration
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-devops-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: appMongodbUri
+        remoteRef:
+          key: "freeleaps-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-rabbitmq-password"
+          type: Secret
   vpa:
     minAllowed:
       enabled: false