diff --git a/k8s/infra/auth/authelia/clients/argocd.yaml b/k8s/infra/auth/authelia/clients/argocd.yaml
new file mode 100644
index 00000000..91c57a13
--- /dev/null
+++ b/k8s/infra/auth/authelia/clients/argocd.yaml
@@ -0,0 +1,12 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: client-argocd
+  namespace: authelia
+spec:
+  encryptedData:
+    clientSecret: AgAn6O88yj/d04TfgnrynK9QZElubTyTtq5Dt/slVDgt2tQhqvJdZ+Ea96b9EhEc6vo+w5JwKzrLtHPPHB8ZW7ni9THerpOT0jZV1N8+CiQ2sx6qbK04PKdBOa4yIpdmnzXnHWETvm1zyJGbvZkOnCsrN+3uL4qZaQPcv7zV4w7onmlfNCZY6KWDbDiWiBNYggft19u2CYisZWhgBcGydDS3mch18sW9gZFUVWVlZYgRcxHCBcrttmq+o3yEFESi+bB7ZLLuBxgV9uq5Hdp5OUpmBr73CwNKdTaFWz4WMxH6jSwSmmG19miRhDce39iQauSR2I7PZ00JOwfFIvuI+Pnhhn0DwVOVZDkN8dtyrRjVY1qVqWfCsvBbCKfrjFAW7VyNUuarI3RqjnQjCU9K8vtvdN9UA/6vsvGdpkQNxrCgI/RPIVF/3HR4Onffu/QaSUUPgdhcN8Wz3yV+3chMR6B6VeBIybDiH7YPSKHLZt6z3CXY0o5Gox/KCoCDgBhLuZShGe5wWZ9bOJJFBlBS8ut/wXHwfkWsgGP6HmBXBf4u7hZxnmHWa3PkPAKmvSg+6jf3DaT8/syGYZJ/Za/ieTTFE/suPb5HMQFLOqqISrV6T9PUSD943QlDWUJizM+Vs8aiOOuUFmkDvhwbJ0m26Qsz34LbhUB1GGKINzDnGdIQ3CvHbpoxAcCSMRqn1Z/LD2I/fyX25wsvsMi2uvwQmVVXL+JDtDvN6L4PlyNjngCjfWLYruc7LfH2seMe7f6xT+2yD81kock4wiaUjWO3xK6wqT1pUsi0V5PRVy+m0cfPinNqr9+UhkHIvwHPwIORN5jtkkO9sY6cWixdrvjjE/ZBvpiKliO0el+yvdM4wKb/W7Za/Q==
+  template:
+    metadata:
+      name: client-argocd
+      namespace: authelia
diff --git a/k8s/infra/auth/authelia/clients/netbird.yaml b/k8s/infra/auth/authelia/clients/netbird.yaml
new file mode 100644
index 00000000..72ef2b53
--- /dev/null
+++ b/k8s/infra/auth/authelia/clients/netbird.yaml
@@ -0,0 +1,12 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: client-netbird
+  namespace: authelia
+spec:
+  encryptedData:
+    clientSecret: AgBA7WyqQn2uv01XhcLQk4eyPhco1qUTRsgsFpgQPzU5CD+zZhgzBhB9YXAVl4YnQqgeQfcstrLBYrPHNZfQZxa2JTdVFOvsJMBBYtAW/DvB5QOORRvd9/GsMfv0uP9G6h+whv3HlEDGIjStwIU+1gnhOP6LFuuPYMugEXRmNouQcCRlg6mllo96ZhY5h253nctaGSHQ6aWJq6AglaV/4NyHHFjI4oicTOW8+YyiIUs7ZGfSkC1393+LibHkk/lVjQwx6mjk/nbRXpc2DIYiT5cLILe474svxkaPMjLLoVjZh87RDH1JoLjj2Qu0IC98C6FW6oL+yfwPwaMXynRoVoenrF9W0/ivHfv0LTuOyUELFdH61hY86sGUubR/v8dYBWu74q3eDMuhgrLGV8cSTFD8xTkgRBFyfpR/Rt8vo2EOsBQrcHtLrDDd07TE8g7550WaDRg8R7I5mcDKmNSh7a5aOpTb7ZscrTd8WeaztPzID59Lp6UAEXwKN17j+HZDHYU1ZrEdPV1sKAYRdecXwDfDAujaP9uwwoI6J9AkyRZmOlrYXNPreV/eK207hsbWDUnUIm+1YY9DIPZzLpXmoYxCccF4rzJbqzqMGnFFJv7ZKiUDqDy5nRehEyYWV4YN+trRBk5vv9uAKV12X1lNkbkgGJR/ZIDA8wn6qiO9m00Bx6HV/6QJR/8PKmTrR3S1pemuCIvwfpKoAqR9X01+XaVvMUWJZQONVBzbQzZa5J0MsdX6RzOhSTL0cg2R7enrNZQMtlIf18dduPLk9cc37VwpQbVLhkuGZ2ytRTRrhAwZ9tgxBA3e4lDDxWcUrnO2qVcesX5tZq8CawD5HNR0L/N05/hFzxWRD4I/TiZMkwjU9cuAdQ==
+  template:
+    metadata:
+      name: client-netbird
+      namespace: authelia
diff --git a/k8s/infra/auth/authelia/kustomization.yaml b/k8s/infra/auth/authelia/kustomization.yaml
index 45bd88ab..75f17d5f 100644
--- a/k8s/infra/auth/authelia/kustomization.yaml
+++ b/k8s/infra/auth/authelia/kustomization.yaml
@@ -8,9 +8,10 @@ resources:
   - lldap-credentials.yaml
   - cert-rsa-jwk.yaml
   - cert-ecdsa-jwk.yaml
-  - oidc-argocd.yaml
   - http-route.yaml
   - cnpg-db.yaml
+  - clients/argocd.yaml
+  - clients/netbird.yaml
 
 helmCharts:
   - name: authelia
diff --git a/k8s/infra/auth/authelia/oidc-argocd.yaml b/k8s/infra/auth/authelia/oidc-argocd.yaml
deleted file mode 100644
index 9d1d79f9..00000000
--- a/k8s/infra/auth/authelia/oidc-argocd.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  name: oidc-argocd
-  namespace: authelia
-spec:
-  encryptedData:
-    clientSecret: AgAyU25VXv6Y6HgrSAkRMrTakB5/GmNNJj8ii16UPriiua3aiJYSTeWVPSMdvCFVVp3qN9Dr8W6Z1t7tnhbgVSWzibgE4WmbGI8ZUisrzs+pCdazBW2Bz6v90jQhdvptMZlD/gp60DhJ6jGNJAgG6VftZe1oedJCgiA7agKaTilT9mM5TAaL7YFUiot3mgaJGba3PAh5b39Jw2PQoHksLf1r0xBRm0g4QhwL0f1XQMqr4zhqQ0UvrV5YK0CEpU+mg986/CcxK4Llw/FIgY47bbsfknB49Jhlj3QgSvUK9zmPG88qcdJ6oMCt0CmYbNtSnswhtwE9hlL75bDfbLTvXDXOGPPHpKx4Xfn02IWWkvdfV737Ha0b+iqGebQWGaBeIwVm+KeRHyTmLsOmHwa/aXaYbRyRdEnpqa1J9x7NRCmbgkUFa33PoSM/50hvoemf3GTZXz/X5BIYtQ/pcmNKhqVHX+TYHfkdoJBUr1opluBhdEsgPyLX8y4RVDLTDnB95J8mvLfJKQn+F2k8sUIUCErOfcVlmXidMXPRvRrd6o14wauKGQngHcRK5IJSu37LbbTVpN4xHRhaLdPB5M2ybsHMoW3K3bzIqm16yfR9w9wUIay8mt6AqakRPK+D9Bk2o0VMFGk3nstBZISJ0OuNIXh6hNL0Lua86klM4nlyg8PCUct2LALSyBCbkfyU9xJOL1uTtKtF+W2dsYcINVOagcOZMwx+RMM3N5v6BhZ2AL0bF4P9Vh0LNYHjr2jymOQ4ZHEwve8D8oB1YIcEOkSmNDjuUrmotfJutNSGfXa3MFhsAVcbrHrcqI81tr/J1ziLNk5cRVur2MCAPMIZvYDp7KEODxPvKZi9Q2cuZtOIqJ/tzsctLw==
-  template:
-    metadata:
-      name: oidc-argocd
-      namespace: authelia
diff --git a/k8s/infra/auth/authelia/values.yaml b/k8s/infra/auth/authelia/values.yaml
index d08675b6..dcd79fe7 100644
--- a/k8s/infra/auth/authelia/values.yaml
+++ b/k8s/infra/auth/authelia/values.yaml
@@ -17,7 +17,7 @@ configMap:
       secret: { secret_name: crypto }
 
   access_control:
-    default_policy: two_factor
+    default_policy: deny
     rules:
       - domain_regex: ^.*\.stonegarden.dev$
         policy: two_factor
@@ -76,8 +76,7 @@ configMap:
         endpoints: [ userinfo, authorization, token, revocation, introspection ]
       clients:
         - client_id: argocd
-          client_secret:
-            path: /secrets/oidc-argocd/clientSecret
+          client_secret: { path: /secrets/client-argocd/client_secret.txt }
           client_name: Argo CD
           public: false
           authorization_policy: two_factor
@@ -102,15 +101,17 @@ configMap:
           scopes: [ openid, groups, email, profile, offline_access ]
           userinfo_signed_response_alg: none
         - client_id: netbird
+          client_secret: { path: /secrets/client-netbird/client_secret.txt }
           client_name: NetBird
-          public: true
+          public: false
           authorization_policy: two_factor
           audience: [ netbird ]
-          redirect_uris: 
+          redirect_uris:
             - http://localhost:53000
             - https://netbird.stonegarden.dev/callback
             - https://netbird.stonegarden.dev/silent-callback
-          scopes: [ openid, profile, email, offline_access, netbird-api ]
+          scopes: [ openid, profile, email ]
+          token_endpoint_auth_method: client_secret_post
 
 secret:
   additionalSecrets:
@@ -144,7 +145,11 @@ secret:
           path: tls.key
         - key: tls.crt
           path: tls.crt
-    oidc-argocd:
+    client-argocd:
+      items:
+        - key: clientSecret
+          path: client_secret.txt
+    client-netbird:
       items:
         - key: clientSecret
-          path: clientSecret
+          path: client_secret.txt
diff --git a/k8s/infra/vpn/netbird/authelia-oidc-credentials.yaml b/k8s/infra/vpn/netbird/authelia-oidc-credentials.yaml
new file mode 100644
index 00000000..ca3f88ed
--- /dev/null
+++ b/k8s/infra/vpn/netbird/authelia-oidc-credentials.yaml
@@ -0,0 +1,14 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: authelia-oidc-credentials
+  namespace: netbird
+spec:
+  encryptedData:
+    AUTH_CLIENT_ID: AgDWAMflM8a5j5O5E58U8Y9ebVJ1sTGlSFAyQBwbA5bgmTW5IpGZij+lYGl3b0vFgc9OIJZBpbqjBtw+4q+sqMDY+4PO/0M9S89mpHhDpX1wc12/AKHbMPNT8ZDzZ3oFIRInfBxKSjVdgMeF1yQTRV5LLe1+iRN6AzTmpFIH4HGGR0Ihcs71DvDLgvAWxpfxP5LHAzl8GU16D0Zcg3ghhI0jTx/o/qQBqVMmLHQg3FMvIgYk5YI2+E4yv/JErO6wDY3Ai4yW4gWWTO+VyGa1ZZE07+XiSMW0qg6NF+ytrTdGi28QP7r7DIeXsIkkfNY2w2kcgFg3rltX8xkpN2i//6ExA0a5Pvj5bkQ6NV/kFqEmv7jtJqj4izLQ3EAGmpimErJTluhea5xWTYbGreOi5PMMIosU63iFsohigx18lSG6/RoC9uMz5vqdZ84LHvX+dehXksbkBio5+UWOfd1xyFWgVYXh0fXddUXTcUX8XDQOj1CedxfaE9P1fsz5L2hmmd/0xwDX1F1Lek6x+yS6R7t+hqzincgIRqbj1vnxWNfKuTDU78sQjhLpCOZiOEB3geAPdWPnHl6MH5s8F2WkvChkv/MT5VMgX6auFNkHTBoDnWYoZzsdzU2bGJiqFLCzk/jChKZc5hpJoZ/osG3cIxroHzZT/scBjKQ3QNuqdFqyxYWnDk+43mF93snmiJSo1gOIaj0wc27B
+    AUTH_CLIENT_SECRET: AgCBw1xW3YKZHlEDEs1Cjby0/wDpZmiP9BgWVOY22Zd+FEB/CGF7lkwmGAK/sA0Cin6KFmpkqidyP7xOTl03O6J3GDVH0lQKkjgC7ReG0j5qyTT6ju69CnNn8KMf4s+PiIfXb9ES0aP1/nwH1rxtHDYhw62U1UQw5ZVfw8JmSdJFKQVXbC9894pQYDMZ0ypEm4QjO/snIeRuauzsnCX1HlpLUCvk/2fDmnhHr+0w9kebFgzTjphc7CAzweiFEcfqGc79hP5jwLeGxVu+2zCeOxewUQeR6Lf/RJp+zzkY31BLxk1r2lFknmTQqu1xETnlfjVHdd4Jxco5KyvCTA4EtiwPRdQzS+5RqtE5xr6w5ScIHnLvhZ8PxCXDSRO0jeavUYXev+1m14ri1frNcZ5SMo9zkWxmLB2NByrQ9k+FjN47HZyzJfyhVM05tJ7ojB+yv1C7y/5a2fmxONKlwwiQ24Ii7MtKhVBODv6QH2Bv+RpQ0iQWYws9082tu9JDIUi5wpVHNULkPcZIMd6fZb71Hj3+yCQENsB5/vPiju1dLsmbdLvL5RoYyibtcU6JysSOY6VbM5xrX4LMh4bd6CCF0qkmIquzCaZkgDvMQCWR9zDCewSKsws5P0qVC0x/jgXSGh0nJfqoMcAtA0MAGhsaXTagK76awL7yb6+XSa0AqUDsUXL7bgjKtV4+HUCMRbQHUIiv2Hfew93s71GxwJtn3vhJ9HHwL4TBO4QwctvH1p3PHHfIRYs9DIHT8LiiWhbG2zenBxU3kbI2TMpbGGDNLPOZ9UGEpnE5CQ0=
+  template:
+    metadata:
+      name: authelia-oidc-credentials
+      namespace: netbird
+    type: Opaque
diff --git a/k8s/infra/vpn/netbird/management/coturn-credentials.yaml b/k8s/infra/vpn/netbird/coturn-credentials.yaml
similarity index 100%
rename from k8s/infra/vpn/netbird/management/coturn-credentials.yaml
rename to k8s/infra/vpn/netbird/coturn-credentials.yaml
diff --git a/k8s/infra/vpn/netbird/dashboard/deployment.yaml b/k8s/infra/vpn/netbird/dashboard/deployment.yaml
index b425d0ae..eea46d51 100644
--- a/k8s/infra/vpn/netbird/dashboard/deployment.yaml
+++ b/k8s/infra/vpn/netbird/dashboard/deployment.yaml
@@ -27,6 +27,8 @@ spec:
           envFrom:
             - configMapRef:
                 name: dashboard-config
+            - secretRef:
+                name: authelia-oidc-credentials
           ports:
             - name: http
               containerPort: 80
diff --git a/k8s/infra/vpn/netbird/dashboard/kustomization.yaml b/k8s/infra/vpn/netbird/dashboard/kustomization.yaml
index 82aee50e..9890c37f 100644
--- a/k8s/infra/vpn/netbird/dashboard/kustomization.yaml
+++ b/k8s/infra/vpn/netbird/dashboard/kustomization.yaml
@@ -8,10 +8,9 @@ configMapGenerator:
       # variables: https://github.com/netbirdio/dashboard/blob/main/config.json
       - AUTH_AUDIENCE="netbird"
       - AUTH_AUTHORITY="https://authelia.stonegarden.dev"
-      - AUTH_CLIENT_ID="netbird"
       - AUTH_REDIRECT_URI="/callback"
       - AUTH_SILENT_REDIRECT_URI="/silent-callback"
-      - AUTH_SUPPORTED_SCOPES="openid profile email offline_access netbird-api"
+      - AUTH_SUPPORTED_SCOPES="openid profile email"
       - USE_AUTH0="false"
       - NETBIRD_MGMT_API_ENDPOINT="https://netbird.stonegarden.dev"
       - NETBIRD_MGMT_GRPC_API_ENDPOINT="https://netbird.stonegarden.dev"
@@ -20,5 +19,3 @@ configMapGenerator:
 resources:
   - deployment.yaml
   - svc.yaml
-  - x-oidc-client.yaml
-  - oidc-scopes.yaml
diff --git a/k8s/infra/vpn/netbird/dashboard/oidc-scopes.yaml b/k8s/infra/vpn/netbird/dashboard/oidc-scopes.yaml
deleted file mode 100644
index 7ef13856..00000000
--- a/k8s/infra/vpn/netbird/dashboard/oidc-scopes.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
-kind: ClientScope
-metadata:
-  name: netbird-api
-spec:
-  forProvider:
-    name: netbird-api
-    consentScreenText: Netbird Management API
-    includeInTokenScope: true
-    realmIdRef:
-      name: homelab
\ No newline at end of file
diff --git a/k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml b/k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml
deleted file mode 100644
index 24d0de5d..00000000
--- a/k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: oidc.homelab.olav.ninja/v1alpha1
-kind: XOidcClient
-metadata:
-  name: netbird
-spec:
-  realm: homelab
-  clientId: netbird
-  displayName: Netbird
-  description: Netbird OIDC client
-  type: PUBLIC
-  defaultScopes:
-    - acr
-    - basic
-    - email
-    - profile
-    - roles
-    - web-origins
-    - netbird-api
-  grantTypes:
-    - code
-    - device_code
-    - password
-  baseUrl: "https://netbird.stonegarden.dev"
-  postLogoutRedirectUris:
-    - "https://netbird.stonegarden.dev/*"
-  redirectUris:
-    - "http://localhost:53000"
-    - "https://netbird.stonegarden.dev/*"
-  webOrigins:
-    - "+"
diff --git a/k8s/infra/vpn/netbird/kustomization.yaml b/k8s/infra/vpn/netbird/kustomization.yaml
index 092268b2..c0d49392 100644
--- a/k8s/infra/vpn/netbird/kustomization.yaml
+++ b/k8s/infra/vpn/netbird/kustomization.yaml
@@ -4,6 +4,9 @@ kind: Kustomization
 resources:
   - ns.yaml
   - http-route.yaml
+  - relay-secret.yaml
+  - coturn-credentials.yaml
+  - authelia-oidc-credentials.yaml
   - agent
   - dashboard
   - management
diff --git a/k8s/infra/vpn/netbird/management/config/management.json.tmpl b/k8s/infra/vpn/netbird/management/config/management.json.tmpl
index d22a86d2..7cb146ed 100644
--- a/k8s/infra/vpn/netbird/management/config/management.json.tmpl
+++ b/k8s/infra/vpn/netbird/management/config/management.json.tmpl
@@ -21,7 +21,7 @@
     "TimeBasedCredentials": false
   },
   "Relay": {
-    "Addresses": ["${RELAY_URI}"],
+    "Addresses": [ "${RELAY_URI}" ],
     "CredentialsTTL": "24h",
     "Secret": "${NB_AUTH_SECRET}"
   },
@@ -34,44 +34,22 @@
   "Datadir": "",
   "HttpConfig": {
     "Address": "0.0.0.0:80",
-    "AuthAudience": "${AUTH_AUDIENCE}",
+    "AuthAudience": "${AUTH_AUDIENCE:-${AUTH_CLIENT_ID}}",
     "AuthUserIDClaim": "${AUTH_USER_ID_CLAIM:-sub}",
     "CertFile": "${MGMT_API_CERT_FILE}",
     "CertKey": "${MGMT_API_CERT_KEY_FILE}",
     "OIDCConfigEndpoint": "${AUTH_OIDC_CONFIGURATION_ENDPOINT:-${AUTH_AUTHORITY}/.well-known/openid-configuration}"
   },
-  "IdpManagerConfig": {
-    "ManagerType": "${IDP_MANAGER_TYPE:-none}",
-    "ClientConfig": {
-      "Issuer": "${AUTH_AUTHORITY}",
-      "TokenEndpoint": "${AUTH_TOKEN_ENDPOINT}",
-      "ClientID": "${IDP_MGMT_CLIENT_ID}",
-      "ClientSecret": "${IDP_MGMT_CLIENT_SECRET}",
-      "GrantType": "client_credentials"
-    },
-    "ExtraConfig": ${IDP_MGMT_EXTRA_CONFIG:-null}
-  },
-  "DeviceAuthorizationFlow": {
-    "Provider": "${AUTH_DEVICE_AUTH_PROVIDER}",
-    "ProviderConfig": {
-      "Audience": "${AUTH_DEVICE_AUTH_AUDIENCE:-${AUTH_AUDIENCE}}",
-      "AuthorizationEndpoint": "",
-      "Domain": "${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}",
-      "ClientID": "${AUTH_DEVICE_AUTH_CLIENT_ID:-${AUTH_CLIENT_ID}}",
-      "DeviceAuthEndpoint": "${AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT:-${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}/protocol/openid-connect/auth}",
-      "TokenEndpoint": "${AUTH_DEVICE_AUTH_TOKEN_ENDPOINT:-${AUTH_DEVICE_AUTH_AUTHORITY:-${AUTH_AUTHORITY}}/protocol/openid-connect/token}",
-      "Scope": "${AUTH_DEVICE_AUTH_SCOPE}",
-      "UseIDToken": ${AUTH_DEVICE_AUTH_USE_ID_TOKEN:-true}
-    }
-  },
+  "IdpManagerConfig": { },
+  "DeviceAuthorizationFlow": { },
   "PKCEAuthorizationFlow": {
     "ProviderConfig": {
-      "Audience": "${AUTH_AUDIENCE}",
+      "Audience": "${AUTH_AUDIENCE:-${AUTH_CLIENT_ID}}",
       "ClientID": "${AUTH_CLIENT_ID}",
       "ClientSecret": "${AUTH_CLIENT_SECRET}",
       "Domain": "",
       "AuthorizationEndpoint": "${AUTH_PKCE_AUTHORIZATION_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/authorization}",
-      "TokenEndpoint": "${AUTH_TOKEN_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/token}",
+      "TokenEndpoint": "${AUTH_PKCE_TOKEN_ENDPOINT:-${AUTH_AUTHORITY}/api/oidc/token}",
       "Scope": "${AUTH_SUPPORTED_SCOPES}",
       "RedirectURLs": ${AUTH_PKCE_REDIRECT_URLS:-[ "http://localhost:53000" ]},
       "UseIDToken": ${AUTH_PKCE_USE_ID_TOKEN:-true}
diff --git a/k8s/infra/vpn/netbird/management/deployment.yaml b/k8s/infra/vpn/netbird/management/deployment.yaml
index b9b0669f..a93d705c 100644
--- a/k8s/infra/vpn/netbird/management/deployment.yaml
+++ b/k8s/infra/vpn/netbird/management/deployment.yaml
@@ -45,6 +45,8 @@ spec:
                 name: management-auth-config
             - configMapRef:
                 name: management-connection-config
+            - secretRef:
+                name: authelia-oidc-credentials
             - secretRef:
                 name: relay-secret
             - secretRef:
diff --git a/k8s/infra/vpn/netbird/management/kustomization.yaml b/k8s/infra/vpn/netbird/management/kustomization.yaml
index 08cc5a2d..ce13780b 100644
--- a/k8s/infra/vpn/netbird/management/kustomization.yaml
+++ b/k8s/infra/vpn/netbird/management/kustomization.yaml
@@ -11,10 +11,8 @@ configMapGenerator:
     namespace: netbird
     literals:
       - AUTH_AUTHORITY="https://authelia.stonegarden.dev"
-      - AUTH_CLIENT_ID="netbird"
-      - AUTH_AUDIENCE="netbird"
       - AUTH_USER_ID_CLAIM="preferred_username"
-      - AUTH_SUPPORTED_SCOPES="openid profile email offline_access netbird-api"
+      - AUTH_SUPPORTED_SCOPES="openid profile email"
   - name: management-connection-config
     namespace: netbird
     literals:
@@ -33,4 +31,3 @@ resources:
   - deployment.yaml
   - svc.yaml
   - pvc.yaml
-  - coturn-credentials.yaml
diff --git a/k8s/infra/vpn/netbird/relay/relay-secret.yaml b/k8s/infra/vpn/netbird/relay-secret.yaml
similarity index 100%
rename from k8s/infra/vpn/netbird/relay/relay-secret.yaml
rename to k8s/infra/vpn/netbird/relay-secret.yaml
diff --git a/k8s/infra/vpn/netbird/relay/kustomization.yaml b/k8s/infra/vpn/netbird/relay/kustomization.yaml
index 9f9967f6..8ec208fd 100644
--- a/k8s/infra/vpn/netbird/relay/kustomization.yaml
+++ b/k8s/infra/vpn/netbird/relay/kustomization.yaml
@@ -11,5 +11,4 @@ configMapGenerator:
 
 resources:
   - deployment.yaml
-  - relay-secret.yaml
   - svc.yaml