diff --git a/services/zot/configmap.yaml b/services/zot/configmap.yaml
index d4fe544..0261fc1 100644
--- a/services/zot/configmap.yaml
+++ b/services/zot/configmap.yaml
@@ -18,7 +18,25 @@ data:
         "address": "0.0.0.0",
         "port": "5000",
         "realm": "zot-registry",
-        "compat": ["docker2s2"]
+        "compat": ["docker2s2"],
+        "auth": {
+          "htpasswd": { "path": "/etc/zot/htpasswd" }
+        },
+        "accessControl": {
+          "repositories": {
+            "**": {
+              "policies": [
+                { "users": ["bstein"], "actions": ["read", "create", "update", "delete"] }
+              ],
+              "defaultPolicy": [],
+              "anonymousPolicy": []
+            }
+          },
+          "adminPolicy": {
+            "users": ["bstein"],
+            "actions": ["read", "create", "update", "delete"]
+          }
+        }
       },
       "log": { "level": "info" },
       "extensions": {
diff --git a/services/zot/deployment.yaml b/services/zot/deployment.yaml
index 45fca5e..e4fdc1f 100644
--- a/services/zot/deployment.yaml
+++ b/services/zot/deployment.yaml
@@ -42,6 +42,10 @@ spec:
               mountPath: /etc/zot/config.json
               subPath: config.json
               readOnly: true
+            - name: htpasswd
+              mountPath: /etc/zot/htpasswd
+              subPath: htpasswd
+              readOnly: true
             - name: zot-data
               mountPath: /var/lib/registry
           readinessProbe:
@@ -60,6 +64,9 @@ spec:
         - name: cfg
           configMap:
             name: zot-config
+        - name: htpasswd
+          secret:
+            secretName: zot-htpasswd
         - name: zot-data
           persistentVolumeClaim:
             claimName: zot-data