diff --git a/clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml b/clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml
new file mode 100644
index 000000000..d9d2c4b76
--- /dev/null
+++ b/clusters/cl01tl/applications/tubearchivist/templates/elasticsearch.yaml
@@ -0,0 +1,42 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: elasticsearch-tubearchivist
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: elasticsearch-tubearchivist
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  version: 8.18.0
+  auth:
+    fileRealm:
+      - secretName: tubearchivist-elasticsearch-secret
+  nodeSets:
+    - name: default
+      count: 1
+      config:
+        node.store.allow_mmap: false
+        path.repo: /usr/share/elasticsearch/data/snapshot
+      podTemplate:
+        spec:
+          volumes:
+            - name: tubearchivist-snapshot-nfs-storage
+              nfs:
+                path: /volume2/Storage/TubeArchivist
+                server: synologybond.alexlebens.net
+          containers:
+            - name: elasticsearch
+              volumeMounts:
+                - name: tubearchivist-snapshot-nfs-storage
+                  mountPath: /usr/share/elasticsearch/data/snapshot
+      volumeClaimTemplates:
+        - metadata:
+            name: elasticsearch-data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 10Gi
+            storageClassName: ceph-block
diff --git a/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml
index ec4c41d1c..15668071b 100644
--- a/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/tubearchivist/templates/external-secret.yaml
@@ -49,6 +49,27 @@ spec:
         key: /cl01tl/tubearchivist/env
         metadataPolicy: None
         property: ELASTIC_PASSWORD
+    - secretKey: username
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/tubearchivist/elasticsearch
+        metadataPolicy: None
+        property: username
+    - secretKey: password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/tubearchivist/elasticsearch
+        metadataPolicy: None
+        property: password
+    - secretKey: roles
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/tubearchivist/elasticsearch
+        metadataPolicy: None
+        property: roles
 
 ---
 apiVersion: external-secrets.io/v1