diff --git a/projects/argocd/project.yml b/projects/argocd/project.yml
index 7ab8d6fe..e5fe8553 100644
--- a/projects/argocd/project.yml
+++ b/projects/argocd/project.yml
@@ -15,7 +15,7 @@ apps:
     keys:
     - admin.password
     - server.secretkey
-    - oidc.auth0.clientSecret
+    - dex.authentik.clientSecret
     - webhook.gogs.secret
   - name: ca-cert
     keys:
diff --git a/projects/argocd/values/argocd.yaml b/projects/argocd/values/argocd.yaml
index 4b673d1e..1e59b84c 100644
--- a/projects/argocd/values/argocd.yaml
+++ b/projects/argocd/values/argocd.yaml
@@ -111,26 +111,32 @@ server:
 
     oidc.config: |
       name: Authentik
+      type: oidc
+      id: authentik
       issuer: https://auth.dc/application/o/argocd/
-      clientID: 0c149045b7b87eb80e41fcdd3e788476472d7316
-      clientSecret: $oidc.auth0.clientSecret
-      requestedScopes: ["openid", "profile", "email", "groups"]
+      clientID: 3793eb413f1d568b9e9cf82fd4d8d596b2867ec5
+      clientSecret: $dex.authentik.clientSecret
+      scopes:
+          - openid
+          - profile
+          - email
+          - groups
 
   rbacConfig:
     policy.csv: |
       g, ArgoCDAdmins, role:admin
 
-  # Mount public CA cert
-  volumeMounts: []
-#  - name: certificate
-#    mountPath: /etc/ssl/certs/ca.crt
-#    subPath: ca
+  # Mount vault CA cert
+  volumeMounts:
+  - name: certificate
+    mountPath: /etc/ssl/certs/vault-ca-certificates.crt
+    subPath: ca
 
-  volumes: []
-#  - name: certificate
-#    secret:
-#      secretName: ca-cert
-#      defaultMode: 420
+  volumes:
+  - name: certificate
+    secret:
+      secretName: ca-cert
+      defaultMode: 420
 
   additionalApplications: []