diff --git a/infrastructure/databases/cloudnative-pg/clusters/firefly-db.yaml b/infrastructure/databases/cloudnative-pg/clusters/firefly-db.yaml
new file mode 100644
index 0000000..cddd1fc
--- /dev/null
+++ b/infrastructure/databases/cloudnative-pg/clusters/firefly-db.yaml
@@ -0,0 +1,16 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: firefly-db
+spec:
+  instances: 1
+
+  storage:
+    size: 10Gi
+
+  bootstrap:
+    initdb:
+      database: firefly
+      owner: firefly
+      secret:
+        name: app1-db-credentials
diff --git a/infrastructure/databases/cloudnative-pg/clusters/kustomization.yaml b/infrastructure/databases/cloudnative-pg/clusters/kustomization.yaml
new file mode 100644
index 0000000..5abe078
--- /dev/null
+++ b/infrastructure/databases/cloudnative-pg/clusters/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- firefly-db.yaml
diff --git a/infrastructure/databases/cloudnative-pg/kustomization.yaml b/infrastructure/databases/cloudnative-pg/kustomization.yaml
index 1daa53a..936c098 100644
--- a/infrastructure/databases/cloudnative-pg/kustomization.yaml
+++ b/infrastructure/databases/cloudnative-pg/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Kustomization
 resources:
 - values.yaml
 - helmrelease.yaml
+- clusters
diff --git a/secrets/fireflysecrets.yaml b/secrets/fireflysecrets.yaml
new file mode 100644
index 0000000..d7c31ab
--- /dev/null
+++ b/secrets/fireflysecrets.yaml
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: firefly-secrets
+  namespace: firefly
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: bitwarden
+    kind: ClusterSecretStore
+
+  target:
+    name: firefly-secrets
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      mergePolicy: Merge
+      data:
+        username: firefly
+        password: '{{ index . "firefly-db-password" }}'
+  data:
+    - secretKey: firefly-db-password
+      remoteRef:
+        key: firefly-db-password
diff --git a/secrets/kustomization.yaml b/secrets/kustomization.yaml
index 409d503..cb3622c 100644
--- a/secrets/kustomization.yaml
+++ b/secrets/kustomization.yaml
@@ -4,3 +4,4 @@ resources:
 - kimaisecrets.yaml
 - namespace.yaml
 - velerosecrets.yaml
+- fireflysecrets.yaml