diff --git a/capten/common-pkg/k8s/external_secret.go b/capten/common-pkg/k8s/external_secret.go
index a700f327..9e17b0cf 100644
--- a/capten/common-pkg/k8s/external_secret.go
+++ b/capten/common-pkg/k8s/external_secret.go
@@ -112,6 +112,7 @@ func (k *K8SClient) CreateOrUpdateSecretStore(ctx context.Context, secretStoreNa
 	}
 
 	secretStoreData, err := yaml.Marshal(&secretStore)
+
 	if err != nil {
 		return
 	}
@@ -134,6 +135,7 @@ func (k *K8SClient) CreateOrUpdateExternalSecret(ctx context.Context, externalSe
 				Property: key,
 			},
 		}
+
 		secretKeysData = append(secretKeysData, secretKeyData)
 	}
 	externalSecret := ExternalSecret{
diff --git a/capten/config-worker/internal/crossplane/config_cluster_secrets.go b/capten/config-worker/internal/crossplane/config_cluster_secrets.go
index 823e65b0..f41b3372 100644
--- a/capten/config-worker/internal/crossplane/config_cluster_secrets.go
+++ b/capten/config-worker/internal/crossplane/config_cluster_secrets.go
@@ -39,6 +39,7 @@ func (cp *CrossPlaneApp) configureExternalSecretsOnCluster(ctx context.Context,
 	}
 
 	vaultAddressStr := fmt.Sprintf(vaultAddress, cp.cfg.DomainName)
+
 	for _, namespace := range namespaces {
 		cred := map[string][]byte{"token": []byte(token)}
 		err = k8sclient.CreateOrUpdateSecret(ctx, namespace, vaultAppRoleTokenSecret, v1.SecretTypeOpaque, cred, nil)
diff --git a/charts/kad/Chart.yaml b/charts/kad/Chart.yaml
index 18a5f479..952dd47c 100644
--- a/charts/kad/Chart.yaml
+++ b/charts/kad/Chart.yaml
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.19
+version: 0.2.20
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.28.1"
+appVersion: "1.28.2"
diff --git a/charts/kad/crossplane_plugin_config.json b/charts/kad/crossplane_plugin_config.json
index 47657e7d..d0c4df92 100644
--- a/charts/kad/crossplane_plugin_config.json
+++ b/charts/kad/crossplane_plugin_config.json
@@ -19,8 +19,8 @@
       "secretName": "vault-nats-secret",
       "vaultSecrets": [
       {
-          "secretKey": "generic/nats/auth-token",
-          "secretPath": "nats"
+          "secretKey": "token",
+          "secretPath": "generic/nats/auth-token"
       }
       ]
       },
@@ -29,19 +29,20 @@
       "secretName": "vault-cosign-secret",
       "vaultSecrets": [
       {
-          "secretKey": "generic/cosign/signer",
-          "secretPath": "cosign.pub"
+          "secretKey": "cosign.pub",
+          "secretPath": "generic/cosign/signer"
       }
       ]
       },
+      
       {
       "namespace": "ml-server",
       "secretName": "regcred-ghcr",
       "secretType": "kubernetes.io/dockerconfigjson",
       "vaultSecrets": [
       {
-          "secretKey": "generic/container-registry/docker-config",
-           "secretPath": ".dockerconfigjson"
+          "secretKey": ".dockerconfigjson",
+           "secretPath": "generic/container-registry/docker-config"
       }
     ]
       },
@@ -50,8 +51,8 @@
       "secretName": "vault-cosign-secret",
       "vaultSecrets": [
       {
-          "secretKey": "generic/cosign/signer",
-          "secretPath": "cosign.pub"
+          "secretKey": "cosign.pub",
+          "secretPath": "generic/cosign/signer"
       }
       ]
       }
diff --git a/server/pkg/plugin-store/plugin_store_handler.go b/server/pkg/plugin-store/plugin_store_handler.go
index 767b0f34..29f218e5 100644
--- a/server/pkg/plugin-store/plugin_store_handler.go
+++ b/server/pkg/plugin-store/plugin_store_handler.go
@@ -313,10 +313,12 @@ func (p *PluginStore) DeployPlugin(orgId, clusterId string, storeType pluginstor
 	}
 
 	if isUISSOCapabilitySupported(validCapabilities) {
-		clientId, clientSecret, err := p.registerPluginSSO(orgId, clusterId, pluginName, pluginConfig.UIEndpoint)
+
+		clientId, clientSecret, err := p.registerPluginSSO(orgId, clusterId, pluginName, uiEndpoint)
 		if err != nil {
 			return err
 		}
+
 		overrideValuesMapping[oAuthBaseURLName] = p.cfg.CaptenOAuthURL
 		overrideValuesMapping[oAuthClientIdName] = clientId
 		overrideValuesMapping[oAuthClientSecretName] = clientSecret
@@ -472,7 +474,9 @@ func (p *PluginStore) getOverrideTemplateValues(orgId, clusterID string) (map[st
 	overrideValues := map[string]string{}
 	for key, val := range clusterGlobalValues {
 		overrideValues[key] = fmt.Sprintf("%v", val)
+
 	}
+
 	return overrideValues, nil
 }
 
@@ -532,6 +536,7 @@ func replaceTemplateValuesInString(data string, values map[string]string) (trans
 	}
 
 	transformedData = string(buf.Bytes())
+
 	return
 }