diff --git a/authentik/index.ts b/authentik/index.ts
new file mode 100644
index 0000000..0d431c7
--- /dev/null
+++ b/authentik/index.ts
@@ -0,0 +1,29 @@
+import * as fs from "fs";
+import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
+import { Release } from "@cdktf/provider-helm/lib/release";
+import { Construct } from "constructs";
+
+type AuthentikServerOptions = {
+  provider: HelmProvider;
+  version: string;
+  name: string;
+  namespace: string;
+};
+
+export class AuthentikServer extends Construct {
+  constructor(scope: Construct, id: string, options: AuthentikServerOptions) {
+    super(scope, id);
+
+    new Release(this, id, {
+      ...options,
+      repository: "https://charts.goauthentik.io",
+      chart: "authentik",
+      createNamespace: true,
+      values: [
+        fs.readFileSync("helm/values/authentik.values.yaml", {
+          encoding: "utf8",
+        }),
+      ],
+    });
+  }
+}
diff --git a/helm/helmfile.yaml b/helm/helmfile.yaml
index 1ed86f3..260b1ec 100644
--- a/helm/helmfile.yaml
+++ b/helm/helmfile.yaml
@@ -11,8 +11,6 @@ repositories:
     url: https://charts.jetstack.io
   - name: prometheus-community
     url: https://prometheus-community.github.io/helm-charts
-  - name: authentik
-    url: https://charts.goauthentik.io
 ---
 releases:
   # Load Balancer
@@ -76,11 +74,3 @@ releases:
     version: 20.2.0
     values:
       - ./values/redis.values.yaml
-
-  # Authentik
-  - name: authentik
-    namespace: authentik-system
-    chart: authentik/authentik
-    version: 2024.10.5
-    values:
-      - ./values/authentik.values.yaml
diff --git a/main.ts b/main.ts
index 27d10bb..1c733c1 100644
--- a/main.ts
+++ b/main.ts
@@ -9,6 +9,7 @@ import { GiteaServer } from "./gitea";
 import { OnePassword } from "./1password";
 import { PostgresCluster } from "./postgres";
 import { Longhorn } from "./longhorn";
+import { AuthentikServer } from "./authentik";
 
 dotenv.config();
 
@@ -56,6 +57,13 @@ class Homelab extends TerraformStack {
       initSecretName: "postgres-password",
     });
 
+    new AuthentikServer(this, "authentik-server", {
+      provider: helm,
+      name: "authentik",
+      namespace: "authentik-system",
+      version: "2024.10.5",
+    });
+
     new GiteaServer(this, "gitea-server", {
       name: "gitea",
       namespace: "gitea-system",