diff --git a/1password/index.ts b/1password/index.ts
index 5100cd2..475bae2 100644
--- a/1password/index.ts
+++ b/1password/index.ts
@@ -5,13 +5,14 @@ import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
 
 type OnePasswordSecret = {
   id?: string;
+  namespace?: string;
   name: string;
-  namespace: string;
   itemPath: string;
 };
 
 type OnePasswordOptions = {
   provider: KubernetesProvider;
+  namespace: string;
 };
 
 export class OnePassword extends Construct {
@@ -32,7 +33,7 @@ export class OnePassword extends Construct {
           kind: "OnePasswordItem",
           metadata: {
             name: secret.name,
-            namespace: secret.namespace,
+            namespace: secret.namespace ?? options.namespace,
             annotations: {
               "operator.1password.io/auto-restart": "true",
             },
diff --git a/1password/secrets.json b/1password/secrets.json
index 223cce1..277979e 100644
--- a/1password/secrets.json
+++ b/1password/secrets.json
@@ -1,78 +1,50 @@
 [
   {
     "name": "gitea-admin",
-    "namespace": "gitea-system",
     "itemPath": "vaults/Lab/items/gitea-admin"
   },
-  {
-    "name": "gitea-postgres",
-    "namespace": "gitea-system",
-    "itemPath": "vaults/Lab/items/gitea-postgres"
-  },
   {
     "name": "pihole-admin",
-    "namespace": "pihole-system",
     "itemPath": "vaults/Lab/items/pihole"
   },
   {
     "name": "postgres-password",
-    "namespace": "postgres-system",
     "itemPath": "vaults/Lab/items/Postgres"
   },
   {
     "name": "runner-secret",
-    "namespace": "gitea-system",
     "itemPath": "vaults/Lab/items/Gitea"
   },
   {
     "name": "cloudflare-token",
-    "namespace": "cert-manager",
-    "itemPath": "vaults/Lab/items/Cloudflare"
+    "itemPath": "vaults/Lab/items/cloudflare"
   },
   {
-    "name": "cloudflare-token",
-    "id": "cloudflare-ddns-api-token",
-    "namespace": "cloudflare-system",
-    "itemPath": "vaults/Lab/items/Cloudflare"
-  },
-  {
-    "name": "authentik-postgres",
-    "namespace": "authentik-system",
-    "itemPath": "vaults/Lab/items/authentik-postgres"
-  },
-  {
-    "name": "redis",
-    "namespace": "redis-system",
-    "itemPath": "vaults/Lab/items/redis"
-  },
-  {
-    "name": "authentik-redis",
-    "namespace": "authentik-system",
-    "itemPath": "vaults/Lab/items/redis"
+    "name": "valkey",
+    "itemPath": "vaults/Lab/items/valkey"
   },
   {
     "name": "gitea-oauth",
-    "namespace": "gitea-system",
     "itemPath": "vaults/Lab/items/gitea-oauth"
   },
   {
     "name": "gitea-elasticsearch",
-    "namespace": "gitea-system",
     "itemPath": "vaults/Lab/items/gitea-elasticsearch"
   },
-  {
-    "name": "gitea-redis",
-    "namespace": "gitea-system",
-    "itemPath": "vaults/Lab/items/gitea-redis"
-  },
   {
     "name": "smtp-token",
-    "namespace": "gitea-system",
     "itemPath": "vaults/Lab/items/smtp-token"
   },
   {
     "name": "longhorn-encryption",
-    "namespace": "longhorn-system",
     "itemPath": "vaults/Lab/items/longhorn-encryption"
+  },
+  {
+    "name": "authentik-secret-key",
+    "itemPath": "vaults/Lab/items/authentik-secret-key"
+  },
+  {
+    "name": "curseforge",
+    "itemPath": "vaults/Lab/items/curseforge"
   }
 ]