diff --git a/flux/cluster/apps/test/registry-creds.yaml b/flux/cluster/apps/test/registry-creds.yaml
new file mode 100644
index 0000000..5d3fec1
--- /dev/null
+++ b/flux/cluster/apps/test/registry-creds.yaml
@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: registry-creds
+  namespace: test
+spec:
+  refreshInterval: "5m"
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: registry-creds
+    template:
+      type: kubernetes.io/dockerconfigjson
+  data:
+    - secretKey: .dockerconfigjson
+      remoteRef:
+        key: registry-creds
+        property: dockerconfigjson
\ No newline at end of file
diff --git a/flux/cluster/apps/test/vault-secret-store.yaml b/flux/cluster/apps/test/vault-secret-store.yaml
deleted file mode 100644
index a52d141..0000000
--- a/flux/cluster/apps/test/vault-secret-store.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: external-secrets.io/v1beta1
-kind: ClusterSecretStore
-metadata:
-  name: vault
-  namespace: test
-spec:
-  provider:
-    vault:
-      server: "https://vault.asraphiel.dev"
-      path: "k8s"
-      version: "v2"
-      auth:
-        # VaultAppRole authenticates with Vault using the
-        # App Role auth mechanism
-        # https://www.vaultproject.io/docs/auth/approle
-        appRole:
-          # Path where the App Role authentication backend is mounted
-          path: "approle"
-          # RoleID configured in the App Role authentication backend
-          roleId: "48a0e39d-e7e8-4ac2-529c-db99ffa1f6b0"
-          # Reference to a key in a K8 Secret that contains the App Role SecretId
-          # (not commited in git)
-          secretRef:
-            name: "vault-secret-id"
-            namespace: "external-secrets"
-            key: "secret-id"