diff --git a/kubernetes/kubernetes.nix b/kubernetes/kubernetes.nix
index 40c1d45..3a7d6d6 100644
--- a/kubernetes/kubernetes.nix
+++ b/kubernetes/kubernetes.nix
@@ -2,6 +2,7 @@
   imports = [
     ./charts
     ./manifests
+    ./secrets
   ];
 
   networking.firewall.allowedTCPPorts = [6443];
diff --git a/kubernetes/secrets/cloundativepg/s3-backup-creds.nix b/kubernetes/secrets/cloudnativepg/s3-backup-creds.nix
similarity index 85%
rename from kubernetes/secrets/cloundativepg/s3-backup-creds.nix
rename to kubernetes/secrets/cloudnativepg/s3-backup-creds.nix
index 1330e42..07d6672 100644
--- a/kubernetes/secrets/cloundativepg/s3-backup-creds.nix
+++ b/kubernetes/secrets/cloudnativepg/s3-backup-creds.nix
@@ -1,6 +1,6 @@
 { config, ... }:
 {
-  sops.templates."omni-etcd-key.yaml" = {
+  sops.templates."cnpg-s3-backup-creds.yaml" = {
     mode = "0444";
     content = ''
       apiVersion: v1
@@ -9,7 +9,7 @@
         name: s3-backup-creds
         namespace: cloudnativepg
       type: Opaque
-      spec:
+      stringData:
         s3AccessKey: fmRuq5b96EKqQOGR1prs
         s3SecretKey: ${config.sops.placeholder.cnpg_s3_backup_key}
     '';
diff --git a/kubernetes/secrets/default.nix b/kubernetes/secrets/default.nix
index 320994f..fcb196e 100644
--- a/kubernetes/secrets/default.nix
+++ b/kubernetes/secrets/default.nix
@@ -1,5 +1,5 @@
 {
   imports = [
-    ./omni/omni-etcd-key.nix
+    ./cloudnativepg/s3-backup-creds.nix
   ];
 }
\ No newline at end of file
diff --git a/security/sops.nix b/security/sops.nix
index 240e3ac..c20dcb7 100644
--- a/security/sops.nix
+++ b/security/sops.nix
@@ -18,6 +18,7 @@
             pw_williamp = {
                 neededForUsers = true;
             };
+            cnpg_s3_backup_key = {};
         };
     };
 }
\ No newline at end of file