diff --git a/services/keycloak/logs-oidc-secret-ensure-job.yaml b/services/keycloak/logs-oidc-secret-ensure-job.yaml
index f3fcaa3..43177ff 100644
--- a/services/keycloak/logs-oidc-secret-ensure-job.yaml
+++ b/services/keycloak/logs-oidc-secret-ensure-job.yaml
@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: logs-oidc-secret-ensure-7
+  name: logs-oidc-secret-ensure-8
   namespace: sso
 spec:
   backoffLimit: 0
@@ -31,7 +31,7 @@ spec:
             - |
               set -euo pipefail
               . /vault/secrets/keycloak-admin-env.sh
-              apk add --no-cache curl jq kubectl openssl >/dev/null
+              apk add --no-cache curl jq openssl >/dev/null
 
               KC_URL="http://keycloak.sso.svc.cluster.local"
               ACCESS_TOKEN=""
@@ -116,10 +116,5 @@ spec:
                 '{data:{client_id:$client_id,client_secret:$client_secret,cookie_secret:$cookie_secret}}')"
               curl -sS -X POST -H "X-Vault-Token: ${vault_token}" \
                 -d "${payload}" "${vault_addr}/v1/kv/data/atlas/logging/oauth2-proxy-logs-oidc" >/dev/null
-              kubectl -n logging create secret generic oauth2-proxy-logs-oidc \
-                --from-literal=client_id="logs" \
-                --from-literal=client_secret="${CLIENT_SECRET}" \
-                --from-literal=cookie_secret="${COOKIE_SECRET}" \
-                --dry-run=client -o yaml | kubectl -n logging apply -f - >/dev/null
           volumeMounts:
-      volumes:
\ No newline at end of file
+      volumes: