diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/external-secret.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/external-secret.yaml
new file mode 100644
index 000000000..6c036b5f6
--- /dev/null
+++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/external-secret.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name minecraft-public-velocity-proxy-whitelist
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: *name
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        whitelist.txt: "{{ .WHITELIST_TXT }}"
+  dataFrom:
+    - extract:
+        key: infra/techtales/gaming-public/minecraft-java
diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml
index bc8ba7c1b..93a12454b 100644
--- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml
+++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/helm-release.yaml
@@ -146,3 +146,12 @@ spec:
           - path: /config/forwarding.secret
             subPath: forwarding.secret
             readOnly: true
+      whitelist:
+        type: secret
+        name: minecraft-public-velocity-proxy-whitelist
+        advancedMounts:
+          velocity:
+            app:
+              - path: /server/plugins/simplewhitelist/whitelist.txt
+                subPath: whitelist.txt
+                readOnly: true
diff --git a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml
index c0e359680..001791b8f 100644
--- a/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml
+++ b/kubernetes/talos-flux/apps/gaming-public/minecraft-java/velocity-proxy/kustomization.yaml
@@ -3,8 +3,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./persistent-volume-claim.yaml
-  - ./helm-release.yaml
+  - external-secret.yaml
+  - persistent-volume-claim.yaml
+  - helm-release.yaml
 configMapGenerator:
   - name: minecraft-public-velocity-proxy-config
     files: