diff --git a/services/gitea/deployment.yaml b/services/gitea/deployment.yaml
index 4568972..66670a9 100644
--- a/services/gitea/deployment.yaml
+++ b/services/gitea/deployment.yaml
@@ -131,6 +131,16 @@ spec:
               value: "trace"
             - name: GITEA__service__REQUIRE_SIGNIN_VIEW
               value: "false"
+            - name: GITEA__security__SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secret
+                  key: SECRET_KEY
+            - name: GITEA__security__INTERNAL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-secret
+                  key: INTERNAL_TOKEN
             - name: DB_TYPE
               value: "postgres"
             - name: DB_HOST
diff --git a/services/gitea/kustomization.yaml b/services/gitea/kustomization.yaml
index 36d6c23..1ea9af4 100644
--- a/services/gitea/kustomization.yaml
+++ b/services/gitea/kustomization.yaml
@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - namespace.yaml
+  - secret.yaml
   - deployment.yaml
   - service.yaml
   - pvc.yaml
diff --git a/services/gitea/secret.yaml b/services/gitea/secret.yaml
new file mode 100644
index 0000000..11a533d
--- /dev/null
+++ b/services/gitea/secret.yaml
@@ -0,0 +1,10 @@
+# services/gitea/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gitea-secret
+  namespace: gitea
+type: Opaque
+stringData:
+  SECRET_KEY: "QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc"
+  INTERNAL_TOKEN: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE3NTQ1NzU3Mzd9.QVOarq1Tb8Lxm2esuB7MoWeK7wkNGpdePFRDyBhj1Rc"