diff --git a/deployments/backups/pelican-pg-externalsecret.yaml b/deployments/backups/pelican-pg-externalsecret.yaml
new file mode 100644
index 0000000..d21d711
--- /dev/null
+++ b/deployments/backups/pelican-pg-externalsecret.yaml
@@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-pg-backup-credentials
+  namespace: backups
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: pelican-pg-backup-credentials
+    creationPolicy: Owner
+  data:
+    - secretKey: username
+      remoteRef:
+        key: Talos Cluster/pelican/panel/db
+        property: DB_USER
+    - secretKey: password
+      remoteRef:
+        key: Talos Cluster/pelican/panel/db
+        property: DB_PASSWORD
+    - secretKey: database
+      remoteRef:
+        key: Talos Cluster/pelican/panel/db
+        property: DB_NAME