diff --git a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml
index 337663687..51a984b5b 100644
--- a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml
@@ -1,30 +1,66 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: slskd-wireguard-conf
+  name: airvpn-wireguard-conf
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: slskd-wireguard-conf
+    app.kubernetes.io/name: airvpn-wireguard-conf
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
-    name: vault
+    name: openbao
   data:
+    - secretKey: conf
+      remoteRef:
+        key: /airvpn/config
+        property: conf
     - secretKey: private-key
       remoteRef:
-        key: /airvpn/conf/cl01tl
+        key: /airvpn/config
         property: private-key
     - secretKey: preshared-key
       remoteRef:
-        key: /airvpn/conf/cl01tl
+        key: /airvpn/config
         property: preshared-key
     - secretKey: addresses
       remoteRef:
-        key: /airvpn/conf/cl01tl
+        key: /airvpn/config
         property: addresses
     - secretKey: input-ports
       remoteRef:
-        key: /airvpn/conf/cl01tl
+        key: /airvpn/config
         property: input-ports
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: protonvpn-wireguard-conf
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: protonvpn-wireguard-conf
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: openbao
+  data:
+    - secretKey: conf
+      remoteRef:
+        key: /protonvpn/config
+        property: conf
+    - secretKey: email
+      remoteRef:
+        key: /protonvpn/config
+        property: email
+    - secretKey: password
+      remoteRef:
+        key: /protonvpn/config
+        property: password
+    - secretKey: private-key
+      remoteRef:
+        key: /protonvpn/config
+        property: private-key
diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml
index 9b846e42a..164b34124 100644
--- a/clusters/cl01tl/helm/slskd/values.yaml
+++ b/clusters/cl01tl/helm/slskd/values.yaml
@@ -60,29 +60,14 @@ slskd:
                 command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
           env:
             - name: VPN_SERVICE_PROVIDER
-              value: airvpn
+              value: protonvpn
             - name: VPN_TYPE
               value: wireguard
             - name: WIREGUARD_PRIVATE_KEY
               valueFrom:
                 secretKeyRef:
-                  name: slskd-wireguard-conf
+                  name: protonvpn-wireguard-conf
                   key: private-key
-            - name: WIREGUARD_PRESHARED_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: slskd-wireguard-conf
-                  key: preshared-key
-            - name: WIREGUARD_ADDRESSES
-              valueFrom:
-                secretKeyRef:
-                  name: slskd-wireguard-conf
-                  key: addresses
-            - name: FIREWALL_VPN_INPUT_PORTS
-              valueFrom:
-                secretKeyRef:
-                  name: slskd-wireguard-conf
-                  key: input-ports
             - name: FIREWALL_OUTBOUND_SUBNETS
               value: 192.168.1.0/24,10.244.0.0/16
             - name: FIREWALL_INPUT_PORTS