diff --git a/rire/factory.c-one-infra.de/stacks/core/argocd-sso.yaml b/rire/factory.c-one-infra.de/stacks/core/argocd-sso.yaml
deleted file mode 100644
index 673986e..0000000
--- a/rire/factory.c-one-infra.de/stacks/core/argocd-sso.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: argocd-sso
-  namespace: argocd
-  labels:
-    env: dev
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
-    targetRevision: HEAD
-    path: "rire/factory.c-one-infra.de/stacks/core/argocd-sso"
-  destination:
-    server: "https://kubernetes.default.svc"
-    namespace: argocd
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      selfHeal: true
-    retry:
-      limit: -1
-      backoff:
-        duration: 15s
-        factor: 1
-        maxDuration: 15s
diff --git a/rire/factory.c-one-infra.de/stacks/core/argocd-sso/argocd-secret.yaml b/rire/factory.c-one-infra.de/stacks/core/argocd/manifests/argocd-secret.yaml
similarity index 100%
rename from rire/factory.c-one-infra.de/stacks/core/argocd-sso/argocd-secret.yaml
rename to rire/factory.c-one-infra.de/stacks/core/argocd/manifests/argocd-secret.yaml
diff --git a/rire/factory.c-one-infra.de/stacks/core/forgejo/manifests/secret-admin-password.yaml b/rire/factory.c-one-infra.de/stacks/core/forgejo/manifests/secret-admin-password.yaml
new file mode 100644
index 0000000..f20efc3
--- /dev/null
+++ b/rire/factory.c-one-infra.de/stacks/core/forgejo/manifests/secret-admin-password.yaml
@@ -0,0 +1,36 @@
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: Password
+metadata:
+  name: forgejo-admin-password-generator
+  namespace: gitea 
+spec:
+  length: 36
+  digits: 5
+  symbols: 5
+  symbolCharacters: "/-+"
+  noUpper: false
+  allowRepeat: true
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: forgejo-admin-password-generator
+  namespace: gitea 
+spec:
+  refreshInterval: "0"
+  target:
+    name: gitea-credential
+    template:
+      engineVersion: v2
+      data:
+        username: giteaAdmin
+        password: "{{.INITIAL_ADMIN_PASSWORD}}"
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: Password
+          name: forgejo-admin-password-generator
+      rewrite:
+        - transform:
+            template: "INITIAL_ADMIN_PASSWORD"
diff --git a/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus-sso.yaml b/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus-sso.yaml
deleted file mode 100644
index 0b20b5e..0000000
--- a/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus-sso.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kube-prometheus-sso
-  namespace: argocd
-  labels:
-    env: dev
-  finalizers:
-    - resources-finalizer.argocd.argoproj.io
-spec:
-  project: default
-  source:
-    repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
-    targetRevision: HEAD
-    path: "rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus-sso"
-  destination:
-    server: "https://kubernetes.default.svc"
-    namespace: monitoring
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-    automated:
-      selfHeal: true
-    retry:
-      limit: -1
-      backoff:
-        duration: 15s
-        factor: 1
-        maxDuration: 15s
diff --git a/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus.yaml b/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus.yaml
index e18e383..7accd12 100644
--- a/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus.yaml
+++ b/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus.yaml
@@ -34,3 +34,6 @@ spec:
     - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
       targetRevision: HEAD
       ref: values
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      path: "rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus/manifests"
diff --git a/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml b/rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus/manifests/secret-grafana.yaml
similarity index 100%
rename from rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml
rename to rire/factory.c-one-infra.de/stacks/monitoring/kube-prometheus/manifests/secret-grafana.yaml