diff --git a/freeleaps/helm-pkg/notification/templates/notification/deployment.yaml b/freeleaps/helm-pkg/notification/templates/notification/deployment.yaml
index 6125ef46..d1930d64 100644
--- a/freeleaps/helm-pkg/notification/templates/notification/deployment.yaml
+++ b/freeleaps/helm-pkg/notification/templates/notification/deployment.yaml
@@ -100,12 +100,24 @@ spec:
           {{- end}}
           env:
             {{- range $key, $value := .Values.notification.configs }}
+            {{- if not (or (eq $key "mongodbUri") (eq $key "rabbitmqPassword") (eq $key "secretKey") (eq $key "sendgridApiKey") (eq $key "twilioAccountSid") (eq $key "twilioAuthToken")) }}
             - name: {{ $key | snakecase | upper }}
               valueFrom:
                 secretKeyRef:
                   name: notification-config
                   key: {{ $key | snakecase | upper }}
             {{- end }}
+            {{- end }}
+            {{- if .Values.notification.secrets }}
+            {{ $targetSecretName := .Values.notification.secrets.target.name }}
+            {{- range .Values.notification.secrets.data }}
+            - name: {{ .key | snakecase | upper }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $targetSecretName }}
+                  key: {{ .key }}
+            {{- end }}
+            {{- end }}
 {{- if .Values.logIngest.enabled }}
           volumeMounts:
             - name: app-logs
diff --git a/freeleaps/helm-pkg/notification/templates/notification/freeleapssecret.yaml b/freeleaps/helm-pkg/notification/templates/notification/freeleapssecret.yaml
new file mode 100644
index 00000000..41e59ec7
--- /dev/null
+++ b/freeleaps/helm-pkg/notification/templates/notification/freeleapssecret.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.notification.secrets }}
+---
+apiVersion: freeleaps.com/v1alpha1
+kind: FreeleapsSecret
+metadata:
+  name: {{ .Values.notification.secrets.target.name }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretStoreRef:
+    kind: {{ .Values.notification.secrets.secretStoreRef.kind }}
+    name: {{ .Values.notification.secrets.secretStoreRef.name }}
+  target:
+    name: {{ .Values.notification.secrets.target.name }}
+    creationPolicy: {{ .Values.notification.secrets.target.creationPolicy }}
+  refreshInterval: {{ .Values.notification.secrets.refreshInterval }}
+  data:
+{{- range .Values.notification.secrets.data }}
+    - secretKey: {{ .key }}
+      remoteRef:
+        key: {{ .remoteRef.key }}
+        type: {{ .remoteRef.type }}
+{{- end }}
+{{- end }}
diff --git a/freeleaps/helm-pkg/notification/templates/notification/notification-config.yaml b/freeleaps/helm-pkg/notification/templates/notification/notification-config.yaml
index c3fd942f..0c04720c 100644
--- a/freeleaps/helm-pkg/notification/templates/notification/notification-config.yaml
+++ b/freeleaps/helm-pkg/notification/templates/notification/notification-config.yaml
@@ -12,17 +12,11 @@ data:
   RABBITMQ_HOST: {{ .Values.notification.configs.rabbitmqHost | b64enc | quote }}
   RABBITMQ_PORT: {{ .Values.notification.configs.rabbitmqPort | toString | b64enc }}
   RABBITMQ_USERNAME: {{ .Values.notification.configs.rabbitmqUsername | b64enc | quote }}
-  RABBITMQ_PASSWORD: {{ .Values.notification.configs.rabbitmqPassword | b64enc | quote }}
   RABBITMQ_VRITUAL_HOST: {{ .Values.notification.configs.rabbitmqVritualHost | b64enc | quote }}
   SYSTEM_USER_ID: {{ .Values.notification.configs.systemUserId | b64enc | quote }}
   SMS_FROM: {{ .Values.notification.configs.smsFrom | b64enc | quote }}
   EMAIL_FROM: {{ .Values.notification.configs.emailFrom | b64enc | quote }}
-  SECRET_KEY: {{ .Values.notification.configs.secretKey | b64enc | quote }}
   MONGODB_NAME: {{ .Values.notification.configs.mongodbName | b64enc | quote }}
   MONGODB_PORT: {{ .Values.notification.configs.mongodbPort | toString | b64enc }}
-  MONGODB_URI: {{ .Values.notification.configs.mongodbUri | b64enc | quote }}
-  SENDGRID_API_KEY: {{ .Values.notification.configs.sendgridApiKey | b64enc | quote }}
-  TWILIO_ACCOUNT_SID: {{ .Values.notification.configs.twilioAccountSid | b64enc | quote }}
-  TWILIO_AUTH_TOKEN: {{ .Values.notification.configs.twilioAuthToken | b64enc | quote }}
   METRICS_ENABLED: {{ .Values.notification.configs.metricsEnabled | default false | toString | b64enc }}
   PROBES_ENABLED: {{ .Values.notification.configs.probesEnabled | default false | toString | b64enc }}
\ No newline at end of file
diff --git a/freeleaps/helm-pkg/notification/values.alpha.yaml b/freeleaps/helm-pkg/notification/values.alpha.yaml
index ee98b010..d9882da5 100644
--- a/freeleaps/helm-pkg/notification/values.alpha.yaml
+++ b/freeleaps/helm-pkg/notification/values.alpha.yaml
@@ -82,19 +82,13 @@ notification:
     serviceApiAccessPort: 8003
     mongodbName: freeleaps2
     mongodbPort: 27017
-    mongodbUri: mongodb+srv://jetli:8IHKx6dZK8BfugGp@freeleaps2.hanbj.mongodb.net/
     rabbitmqHost: freeleaps-alpha-rabbitmq.freeleaps-alpha.svc.freeleaps.cluster
     rabbitmqPort: 5672
     rabbitmqUsername: user
-    rabbitmqPassword: NjlhHFvnDuC7K0ir
     rabbitmqVritualHost: /
     systemUserId: 117f191e810c19729de860aa
     smsFrom: '+16898887156' 
     emailFrom: freeleaps@freeleaps.com
-    secretKey: 8f87ca8c3c9c3df09a9c78e0adb0927855568f6072d9efc892534aee35f5867b 
-    sendgridApiKey: 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  
-    twilioAccountSid: ACf8c9283a6acda060258eadb29be58bc8  
-    twilioAuthToken: ef160748cc22c8b7195b49df4b8eca7e 
     metricsEnabled: 'false'
     probesEnabled: 'true'
   vpa:
@@ -109,3 +103,37 @@ notification:
     controlledResources:
     - cpu
     - memory
+
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-notification-alpha-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-alpha-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-alpha-rabbitmq-password"
+          type: Secret
+      - key: secretKey
+        remoteRef:
+          key: "freeleaps-alpha-secret-key"
+          type: Secret
+      - key: sendgridApiKey
+        remoteRef:
+          key: "freeleaps-alpha-sendgrid-api-key"
+          type: Secret
+      - key: twilioAccountSid
+        remoteRef:
+          key: "freeleaps-alpha-twilio-account-sid"
+          type: Secret
+      - key: twilioAuthToken
+        remoteRef:
+          key: "freeleaps-alpha-twilio-auth-token"
+          type: Secret
diff --git a/freeleaps/helm-pkg/notification/values.prod.yaml b/freeleaps/helm-pkg/notification/values.prod.yaml
index 57db9503..924617ad 100644
--- a/freeleaps/helm-pkg/notification/values.prod.yaml
+++ b/freeleaps/helm-pkg/notification/values.prod.yaml
@@ -68,21 +68,49 @@ notification:
     serviceApiAccessPort: 8003
     mongodbName: freeleaps2
     mongodbPort: 27017
-    mongodbUri: mongodb+srv://freeadmin:0eMV0bt8oyaknA0m@freeleaps2.zmsmpos.mongodb.net/?retryWrites=true&w=majority
     rabbitmqHost: freeleaps-prod-rabbitmq-headless.freeleaps-prod.svc.freeleaps.cluster
     rabbitmqPort: 5672
     rabbitmqUsername: user
-    rabbitmqPassword: D3b0HKz71T0OcYF8
     rabbitmqVritualHost: /
     systemUserId: 117f191e810c19729de860aa
     smsFrom: '+16898887156'
     emailFrom: freeleaps@freeleaps.com
-    secretKey: ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0
-    sendgridApiKey: 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
-    twilioAccountSid: ACf8c9283a6acda060258eadb29be58bc8
-    twilioAuthToken: ef160748cc22c8b7195b49df4b8eca7e
     metricsEnabled: 'true'
     probesEnabled: 'true'
+
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-notification-prod-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-prod-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-prod-rabbitmq-password"
+          type: Secret
+      - key: secretKey
+        remoteRef:
+          key: "freeleaps-prod-secret-key"
+          type: Secret
+      - key: sendgridApiKey
+        remoteRef:
+          key: "freeleaps-prod-sendgrid-api-key"
+          type: Secret
+      - key: twilioAccountSid
+        remoteRef:
+          key: "freeleaps-prod-twilio-account-sid"
+          type: Secret
+      - key: twilioAuthToken
+        remoteRef:
+          key: "freeleaps-prod-twilio-auth-token"
+          type: Secret
   vpa:
     minAllowed:
       enabled: true
diff --git a/freeleaps/helm-pkg/notification/values.yaml b/freeleaps/helm-pkg/notification/values.yaml
index 736247a0..aced8f64 100644
--- a/freeleaps/helm-pkg/notification/values.yaml
+++ b/freeleaps/helm-pkg/notification/values.yaml
@@ -100,4 +100,38 @@ notification:
       memory: "1Gi"
     controlledResources:
       - cpu
-      - memory
\ No newline at end of file
+      - memory
+
+  secrets:
+    secretStoreRef:
+      kind: FreeleapsSecretStore
+      name: freeleaps-main-secret-store
+    target:
+      name: "freeleaps-notification-secrets"
+      creationPolicy: "Owner"
+    refreshInterval: 30s
+    data:
+      - key: mongodbUri
+        remoteRef:
+          key: "freeleaps-mongodb-uri"
+          type: Secret
+      - key: rabbitmqPassword
+        remoteRef:
+          key: "freeleaps-rabbitmq-password"
+          type: Secret
+      - key: secretKey
+        remoteRef:
+          key: "freeleaps-secret-key"
+          type: Secret
+      - key: sendgridApiKey
+        remoteRef:
+          key: "freeleaps-sendgrid-api-key"
+          type: Secret
+      - key: twilioAccountSid
+        remoteRef:
+          key: "freeleaps-twilio-account-sid"
+          type: Secret
+      - key: twilioAuthToken
+        remoteRef:
+          key: "freeleaps-twilio-auth-token"
+          type: Secret
\ No newline at end of file