diff --git a/helm/templates/backend/postgres.deployment.yaml b/helm/templates/backend/postgres.deployment.yaml
index a567461fb..02306a6aa 100644
--- a/helm/templates/backend/postgres.deployment.yaml
+++ b/helm/templates/backend/postgres.deployment.yaml
@@ -20,6 +20,7 @@ spec:
       labels:
         id: {{ .Release.Name }}-deployment-backend-postgres
     spec:
+      automountServiceAccountToken: false
       {{ if not .Values.development }}
       volumes:
         - name: {{ .Release.Name }}-data
diff --git a/helm/templates/docs/docs.deployment.yaml b/helm/templates/docs/docs.deployment.yaml
index d775c4710..50e140745 100644
--- a/helm/templates/docs/docs.deployment.yaml
+++ b/helm/templates/docs/docs.deployment.yaml
@@ -17,6 +17,7 @@ spec:
       labels:
         id: {{ .Release.Name }}-deployment-docs
     spec:
+      automountServiceAccountToken: false
       {{- include "capellacollab.pod.spec" . | indent 6 -}}
       containers:
         - name: {{ .Release.Name }}-docs
diff --git a/helm/templates/frontend/frontend.deployment.yaml b/helm/templates/frontend/frontend.deployment.yaml
index db1636692..d1730f28f 100644
--- a/helm/templates/frontend/frontend.deployment.yaml
+++ b/helm/templates/frontend/frontend.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config-promtail: {{ include (print $.Template.BasePath "/promtail" "/promtail.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         {{ if .Values.loki.enabled }}
         - name: logs
diff --git a/helm/templates/grafana/nginx.deployment.yaml b/helm/templates/grafana/nginx.deployment.yaml
index b4e8d77c8..057133335 100644
--- a/helm/templates/grafana/nginx.deployment.yaml
+++ b/helm/templates/grafana/nginx.deployment.yaml
@@ -22,6 +22,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/grafana/nginx.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-grafana-nginx
           configMap:
diff --git a/helm/templates/guacamole/guacamole.deployment.yaml b/helm/templates/guacamole/guacamole.deployment.yaml
index 0be4cac05..b2c86ec89 100644
--- a/helm/templates/guacamole/guacamole.deployment.yaml
+++ b/helm/templates/guacamole/guacamole.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config-promtail: {{ include (print $.Template.BasePath "/promtail" "/promtail.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         {{ if .Values.loki.enabled }}
         - name: unused
diff --git a/helm/templates/guacamole/guacd.deployment.yaml b/helm/templates/guacamole/guacd.deployment.yaml
index f54b529a3..f58dd9759 100644
--- a/helm/templates/guacamole/guacd.deployment.yaml
+++ b/helm/templates/guacamole/guacd.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config-promtail: {{ include (print $.Template.BasePath "/promtail" "/promtail.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         {{ if .Values.loki.enabled }}
         - name: logs
diff --git a/helm/templates/guacamole/postgres.deployment.yaml b/helm/templates/guacamole/postgres.deployment.yaml
index ec75a990c..4327f614e 100644
--- a/helm/templates/guacamole/postgres.deployment.yaml
+++ b/helm/templates/guacamole/postgres.deployment.yaml
@@ -24,6 +24,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/guacamole" "/postgres.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-data
           persistentVolumeClaim:
diff --git a/helm/templates/mock/oauth.deployment.yaml b/helm/templates/mock/oauth.deployment.yaml
index bc647f9ec..4fd68a113 100644
--- a/helm/templates/mock/oauth.deployment.yaml
+++ b/helm/templates/mock/oauth.deployment.yaml
@@ -22,6 +22,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/mock/oauth.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-oauth-mock
           configMap:
diff --git a/helm/templates/prometheus/nginx.deployment.yaml b/helm/templates/prometheus/nginx.deployment.yaml
index d16111388..c7976fb1a 100644
--- a/helm/templates/prometheus/nginx.deployment.yaml
+++ b/helm/templates/prometheus/nginx.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/prometheus/nginx.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-prometheus-nginx
           configMap:
diff --git a/helm/templates/prometheus/prometheus.deployment.yaml b/helm/templates/prometheus/prometheus.deployment.yaml
index a71a7cf32..fb1b4a481 100644
--- a/helm/templates/prometheus/prometheus.deployment.yaml
+++ b/helm/templates/prometheus/prometheus.deployment.yaml
@@ -22,6 +22,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/prometheus/prometheus.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       serviceAccountName: {{ .Release.Name }}-prometheus
       {{- include "capellacollab.pod.spec" . | indent 6 -}}
       containers: