diff --git a/clusters/cl01tl/applications/searxng/templates/external-secret.yaml b/clusters/cl01tl/applications/searxng/templates/external-secret.yaml
new file mode 100644
index 000000000..79273bb1b
--- /dev/null
+++ b/clusters/cl01tl/applications/searxng/templates/external-secret.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: searxng-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: searxng-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: settings.yml
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/searxng/config
+        metadataPolicy: None
+        property: settings.yml
diff --git a/clusters/cl01tl/applications/searxng/values.yaml b/clusters/cl01tl/applications/searxng/values.yaml
index 636759bca..9fe21bc79 100644
--- a/clusters/cl01tl/applications/searxng/values.yaml
+++ b/clusters/cl01tl/applications/searxng/values.yaml
@@ -60,6 +60,17 @@ searxng:
         - hosts:
             - searxng-cl01tl
   persistence:
+    config:
+      enabled: true
+      type: secret
+      name: searxng-config-secret
+      advancedMounts:
+        main:
+          main:
+            - path: /usr/local/searxng/searx/settings.yml
+              readOnly: true
+              mountPropagation: None
+              subPath: settings.yml
     data:
       storageClass: ceph-block-delete
       accessMode: ReadWriteOnce