diff --git a/kubernetes/apps/network/external-dns/unifi/externalsecret.yaml b/kubernetes/apps/network/external-dns/unifi/externalsecret.yaml
index aa9c8cfbb..e3fbf9dce 100644
--- a/kubernetes/apps/network/external-dns/unifi/externalsecret.yaml
+++ b/kubernetes/apps/network/external-dns/unifi/externalsecret.yaml
@@ -3,15 +3,15 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: external-dns-unifi
+  name: unpoller
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: onepassword
   target:
-    name: external-dns-unifi-secret
-    template:
-      type: kubernetes.io/basic-auth
-  dataFrom:
-    - extract:
-        key: external-dns-unifi
+    name: external-dns-unifi
+  data:
+    - secretKey: UNIFI_API_KEY
+      remoteRef:
+        key: unifi
+        property: credential
diff --git a/kubernetes/apps/network/external-dns/unifi/helmrelease.yaml b/kubernetes/apps/network/external-dns/unifi/helmrelease.yaml
index 1802be189..d66f64287 100644
--- a/kubernetes/apps/network/external-dns/unifi/helmrelease.yaml
+++ b/kubernetes/apps/network/external-dns/unifi/helmrelease.yaml
@@ -37,16 +37,9 @@ spec:
         env:
           - name: UNIFI_HOST
             value: https://192.168.1.1
-          - name: UNIFI_USER
-            valueFrom:
-              secretKeyRef:
-                name: external-dns-unifi-secret
-                key: username
-          - name: UNIFI_PASS
-            valueFrom:
-              secretKeyRef:
-                name: external-dns-unifi-secret
-                key: password
+        envFrom:
+          - secretRef:
+              name: external-dns-unifi
         livenessProbe:
           httpGet:
             path: /healthz
@@ -66,7 +59,11 @@ spec:
     sources: ["ingress", "service"]
     txtOwnerId: kantai
     txtPrefix: edns.
-    domainFilters: ["${PUBLIC_DOMAIN0}", "${PUBLIC_DOMAIN1}", "${PUBLIC_DOMAIN2}", "internal."]
+    domainFilters:
+      - "${PUBLIC_DOMAIN0}"
+      - "${PUBLIC_DOMAIN1}"
+      - "${PUBLIC_DOMAIN2}"
+      - "internal."
     serviceMonitor:
       enabled: true
     podAnnotations:
diff --git a/kubernetes/apps/observability/unpoller/app/externalsecret.yaml b/kubernetes/apps/observability/unpoller/app/externalsecret.yaml
index 23f47537d..3dc70c445 100644
--- a/kubernetes/apps/observability/unpoller/app/externalsecret.yaml
+++ b/kubernetes/apps/observability/unpoller/app/externalsecret.yaml
@@ -10,6 +10,8 @@ spec:
     name: onepassword
   target:
     name: unpoller
-  dataFrom:
-    - extract:
-        key: unpoller
+  data:
+    - secretKey: UP_UNIFI_DEFAULT_API_KEY
+      remoteRef:
+        key: unifi
+        property: credential
diff --git a/kubernetes/apps/observability/unpoller/app/helmrelease.yaml b/kubernetes/apps/observability/unpoller/app/helmrelease.yaml
index 6c8d1af08..028aaddef 100644
--- a/kubernetes/apps/observability/unpoller/app/helmrelease.yaml
+++ b/kubernetes/apps/observability/unpoller/app/helmrelease.yaml
@@ -37,17 +37,10 @@ spec:
               UP_UNIFI_DEFAULT_ROLE: home-ops
               UP_UNIFI_DEFAULT_URL: https://udmpro-3014
               UP_UNIFI_DEFAULT_VERIFY_SSL: false
-              UP_UNIFI_DEFAULT_USER:
-                valueFrom:
-                  secretKeyRef:
-                    name: unpoller
-                    key: username
-              UP_UNIFI_DEFAULT_PASS:
-                valueFrom:
-                  secretKeyRef:
-                    name: unpoller
-                    key: password
               UP_INFLUXDB_DISABLE: true
+            envFrom:
+              - secretRef:
+                  name: unpoller
             probes:
               liveness:
                 enabled: true