diff --git a/postgres/config/attic_auth.yaml b/postgres/config/attic_auth.yaml
new file mode 100644
index 0000000..0e75d26
--- /dev/null
+++ b/postgres/config/attic_auth.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: attic-auth
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: attic_pw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    template:
+      data:
+        username: attic
+        password: "{{ .password }}"
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: attic-auth
diff --git a/postgres/config/clusters/main.yaml b/postgres/config/clusters/main.yaml
index c52e445..7f123a8 100644
--- a/postgres/config/clusters/main.yaml
+++ b/postgres/config/clusters/main.yaml
@@ -60,6 +60,12 @@ spec:
       login: true
       passwordSecret:
         name: netmaker-auth
+    - name: attic
+      ensure: present
+      comment: attic
+      login: true
+      passwordSecret:
+        name: attic-auth
     - name: pooler
       ensure: present
       comment: pooler
diff --git a/postgres/config/databases/attic.yaml b/postgres/config/databases/attic.yaml
new file mode 100644
index 0000000..5a4e36c
--- /dev/null
+++ b/postgres/config/databases/attic.yaml
@@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Database
+metadata:
+  name: attic
+spec:
+  name: attic
+  owner: attic
+  cluster:
+    name: weyma-pgsql
\ No newline at end of file