diff --git a/k8s-peterg/external-secrets-operator/kustomization.yaml b/k8s-peterg/external-secrets-operator/kustomization.yaml
new file mode 100644
index 0000000..9dc89ef
--- /dev/null
+++ b/k8s-peterg/external-secrets-operator/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - secretstore.yaml
+
+helmCharts:
+  - name: external-secrets
+    repo: https://charts.external-secrets.io
+    namespace: external-secrets
+    releaseName: external-secrets
+    version: 1.0.0
diff --git a/k8s-peterg/external-secrets-operator/namespace.yaml b/k8s-peterg/external-secrets-operator/namespace.yaml
new file mode 100644
index 0000000..591aac5
--- /dev/null
+++ b/k8s-peterg/external-secrets-operator/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets
diff --git a/k8s-peterg/external-secrets-operator/secretstore.yaml b/k8s-peterg/external-secrets-operator/secretstore.yaml
new file mode 100644
index 0000000..ef27680
--- /dev/null
+++ b/k8s-peterg/external-secrets-operator/secretstore.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ClusterSecretStore
+metadata:
+  name: 1password-wheatley
+spec:
+  provider:
+    onepasswordSDK:
+      vault: wheatley
+      auth:
+        serviceAccountSecretRef:
+          namespace: external-secrets
+          name: 1password-token-wheatley
+          key: token
diff --git a/k8s-peterg/kustomization.yaml b/k8s-peterg/kustomization.yaml
index 6c0f495..141e45c 100644
--- a/k8s-peterg/kustomization.yaml
+++ b/k8s-peterg/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 resources:
   - cilium-gatewayapi
   - argocd
+  - external-secrets-operator