diff --git a/deployments/tailscale/tailscale/external-secret.yaml b/deployments/tailscale/tailscale/external-secret.yaml
new file mode 100644
index 0000000..a594918
--- /dev/null
+++ b/deployments/tailscale/tailscale/external-secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: tailscale-operator
+  namespace: tailscale
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault
+    kind: SecretStore
+  target:
+    name: tailscale-operator
+    template:
+      engineVersion: v2
+      data:
+        TS_AUTHKEY: "{{ .TS_AUTHKEY }}"
+  data:
+    - secretKey: TS_AUTHKEY
+      remoteRef:
+        key: secret/data/kubernetes/tailscale-operator
+        property: TS_AUTHKEY
\ No newline at end of file