diff --git a/stacks/novelapp/main.tf b/stacks/novelapp/main.tf
index cf8dd945..a2c0423b 100644
--- a/stacks/novelapp/main.tf
+++ b/stacks/novelapp/main.tf
@@ -3,6 +3,11 @@ variable "tls_secret_name" {
   sensitive = true
 }
 
+data "vault_kv_secret_v2" "secrets" {
+  mount = "secret"
+  name  = "novelapp"
+}
+
 resource "kubernetes_namespace" "novelapp" {
   metadata {
     name = "novelapp"
@@ -19,6 +24,16 @@ module "tls_secret" {
   tls_secret_name = var.tls_secret_name
 }
 
+resource "kubernetes_secret" "novelapp_auth" {
+  metadata {
+    name      = "novelapp-auth"
+    namespace = kubernetes_namespace.novelapp.metadata[0].name
+  }
+  data = {
+    "auth-secret" = data.vault_kv_secret_v2.secrets.data["auth_secret"]
+  }
+}
+
 resource "kubernetes_persistent_volume_claim" "novelapp-data" {
   metadata {
     name      = "novelapp-data"
@@ -92,6 +107,19 @@ resource "kubernetes_deployment" "novelapp" {
             name  = "PORT"
             value = "3000"
           }
+          env {
+            name = "AUTH_SECRET"
+            value_from {
+              secret_key_ref {
+                name = kubernetes_secret.novelapp_auth.metadata[0].name
+                key  = "auth-secret"
+              }
+            }
+          }
+          env {
+            name  = "ALLOWED_ORIGIN"
+            value = "https://novelapp.viktorbarzin.me"
+          }
           volume_mount {
             name       = "data"
             mount_path = "/app/data"