diff --git a/kubernetes/talos-flux/apps/secops/kustomization.yaml b/kubernetes/talos-flux/apps/secops/kustomization.yaml
new file mode 100644
index 000000000..47087f54c
--- /dev/null
+++ b/kubernetes/talos-flux/apps/secops/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./vault-auth.yaml
diff --git a/kubernetes/talos-flux/apps/secops/namespace.yaml b/kubernetes/talos-flux/apps/secops/namespace.yaml
new file mode 100644
index 000000000..844445780
--- /dev/null
+++ b/kubernetes/talos-flux/apps/secops/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: secops
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/talos-flux/apps/secops/vault-auth.yaml b/kubernetes/talos-flux/apps/secops/vault-auth.yaml
new file mode 100644
index 000000000..578bf72d0
--- /dev/null
+++ b/kubernetes/talos-flux/apps/secops/vault-auth.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault-auth
+  namespace: secops
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: vault-auth:system:auth-delegator
+  namespace: secops
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - kind: ServiceAccount
+    name: vault-auth
+    namespace: secops