diff --git a/.vscode/settings.json b/.vscode/settings.json
index ad5dda7d27982..2a2f080a58864 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -40,6 +40,7 @@
         "cert-manager": "guard",
         "default": "home",
         "digester-system": "hook",
+        "external-secrets": "secure",
         "flux-system": "pipe",
         "kube-system": "kubernetes",
         "monitoring": "event",
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/app/helmrelease.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/app/helmrelease.yaml
similarity index 100%
rename from kubernetes/storage/apps/kube-system/external-secrets/app/helmrelease.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/app/helmrelease.yaml
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/app/kustomization.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/app/kustomization.yaml
similarity index 100%
rename from kubernetes/storage/apps/kube-system/external-secrets/app/kustomization.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/app/kustomization.yaml
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/app/onepassword-connect.secret.sops.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/app/onepassword-connect.secret.sops.yaml
similarity index 100%
rename from kubernetes/storage/apps/kube-system/external-secrets/app/onepassword-connect.secret.sops.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/app/onepassword-connect.secret.sops.yaml
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/ks.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/ks.yaml
similarity index 81%
rename from kubernetes/storage/apps/kube-system/external-secrets/ks.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/ks.yaml
index 389dce0054989..1f2aefa60df52 100644
--- a/kubernetes/storage/apps/kube-system/external-secrets/ks.yaml
+++ b/kubernetes/storage/apps/external-secrets/external-secrets/ks.yaml
@@ -6,11 +6,11 @@ metadata:
   name: &app external-secrets
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: external-secrets
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
-  path: ./kubernetes/storage/apps/kube-system/external-secrets/app
+  path: ./kubernetes/storage/apps/external-secrets/external-secrets/app
   prune: true
   sourceRef:
     kind: GitRepository
@@ -27,13 +27,13 @@ metadata:
   name: &app external-secrets-stores
   namespace: flux-system
 spec:
-  targetNamespace: kube-system
+  targetNamespace: external-secrets
   commonMetadata:
     labels:
       app.kubernetes.io/name: *app
   dependsOn:
     - name: external-secrets
-  path: ./kubernetes/storage/apps/kube-system/external-secrets/stores
+  path: ./kubernetes/storage/apps/external-secrets/external-secrets/stores
   prune: true
   sourceRef:
     kind: GitRepository
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/stores/kustomization.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/stores/kustomization.yaml
similarity index 100%
rename from kubernetes/storage/apps/kube-system/external-secrets/stores/kustomization.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/stores/kustomization.yaml
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/clustersecretstore.yaml
similarity index 79%
rename from kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/clustersecretstore.yaml
index 42eda98e7a57b..69de81b0407a4 100644
--- a/kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/clustersecretstore.yaml
+++ b/kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/clustersecretstore.yaml
@@ -8,7 +8,7 @@ spec:
   provider:
     onepassword:
       connectHost: http://onepassword-connect.turbo.ac
-      # connectHost: http://onepassword-connect.kube-system.svc.cluster.local
+      # connectHost: http://onepassword-connect.external-secrets.svc.cluster.local
       vaults:
         Kubernetes: 1
       auth:
@@ -16,4 +16,4 @@ spec:
           connectTokenSecretRef:
             name: onepassword-connect-secret
             key: token
-            namespace: kube-system
+            namespace: external-secrets
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/helmrelease.yaml
similarity index 100%
rename from kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/helmrelease.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/helmrelease.yaml
diff --git a/kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/kustomization.yaml b/kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/kustomization.yaml
similarity index 100%
rename from kubernetes/storage/apps/kube-system/external-secrets/stores/onepassword/kustomization.yaml
rename to kubernetes/storage/apps/external-secrets/external-secrets/stores/onepassword/kustomization.yaml
diff --git a/kubernetes/storage/apps/external-secrets/kustomization.yaml b/kubernetes/storage/apps/external-secrets/kustomization.yaml
new file mode 100644
index 0000000000000..8b5a7e3460183
--- /dev/null
+++ b/kubernetes/storage/apps/external-secrets/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Pre Flux-Kustomizations
+  - ./namespace.yaml
+  # Flux-Kustomizations
+  - ./external-secrets/ks.yaml
diff --git a/kubernetes/storage/apps/external-secrets/namespace.yaml b/kubernetes/storage/apps/external-secrets/namespace.yaml
new file mode 100644
index 0000000000000..26718c2a68cf1
--- /dev/null
+++ b/kubernetes/storage/apps/external-secrets/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: external-secrets
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/storage/apps/kube-system/kustomization.yaml b/kubernetes/storage/apps/kube-system/kustomization.yaml
index 880a4a164e4ef..99fafacc9bba4 100644
--- a/kubernetes/storage/apps/kube-system/kustomization.yaml
+++ b/kubernetes/storage/apps/kube-system/kustomization.yaml
@@ -6,5 +6,4 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
-  - ./external-secrets/ks.yaml
   - ./metrics-server/ks.yaml