diff --git a/MetaObjects/renovate-keys.yml b/MetaObjects/renovate-keys.yml
index 6217f3e..5d37ca3 100644
--- a/MetaObjects/renovate-keys.yml
+++ b/MetaObjects/renovate-keys.yml
@@ -1,28 +1,12 @@
 apiVersion: external-secrets.io/v1alpha1
-kind: SecretStore
-metadata:
-  name: ext-renovate-backend
-  namespace: ci
-spec:
-  provider:
-    vault:
-      server: "http://vault.vault:8200"
-      path: "kv"
-      version: "v2"
-      auth:
-        kubernetes:
-          mountPath: "kubernetes"
-          role: "kube-role"
----
-apiVersion: external-secrets.io/v1alpha1
 kind: ExternalSecret
 metadata:
   name: ext-renovate
   namespace: ci
 spec:
   secretStoreRef:
-    name: ext-renovate-backend
-    kind: SecretStore
+    name: secret-store
+    kind: ClusterSecretStore
   target:
     name: renovate-secret
   data:
diff --git a/MetaObjects/secret-store.yml b/MetaObjects/secret-store.yml
new file mode 100644
index 0000000..c480e0d
--- /dev/null
+++ b/MetaObjects/secret-store.yml
@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ClusterSecretStore
+metadata:
+  name: secret-store
+  namespace: external-secrets
+spec:
+  provider:
+    vault:
+      server: "http://vault.vault:8200"
+      path: "kv"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "kube-role"