diff --git a/clusters/cl01tl/platform/vault/templates/external-secret.yaml b/clusters/cl01tl/platform/vault/templates/external-secret.yaml
index 09dc2c517..bc8964df3 100644
--- a/clusters/cl01tl/platform/vault/templates/external-secret.yaml
+++ b/clusters/cl01tl/platform/vault/templates/external-secret.yaml
@@ -50,63 +50,31 @@ spec:
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/vault/approle/job
+        key: /cl01tl/vault/snapshot/s3
         metadataPolicy: None
         property: AWS_ACCESS_KEY_ID
     - secretKey: AWS_DEFAULT_REGION
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/vault/approle/job
+        key: /cl01tl/vault/snapshot/s3
         metadataPolicy: None
         property: AWS_DEFAULT_REGION
     - secretKey: AWS_ENDPOINT_URL
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/vault/approle/job
+        key: /cl01tl/vault/snapshot/s3
         metadataPolicy: None
         property: AWS_ENDPOINT_URL
     - secretKey: AWS_SECRET_ACCESS_KEY
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/vault/approle/job
+        key: /cl01tl/vault/snapshot/s3
         metadataPolicy: None
         property: AWS_SECRET_ACCESS_KEY
 
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: vault-unseal-agent-token
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: vault-unseal-agent-token
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: unseal
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: VAULT_APPROLE_ROLE_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/vault/unseal/approle
-        metadataPolicy: None
-        property: role-id
-    - secretKey: VAULT_APPROLE_SECRET_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/vault/unseal/approle
-        metadataPolicy: None
-        property: secret-id
-
 ---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret