diff --git a/templates/secrets-database.yaml b/templates/secrets-database.yaml
new file mode 100644
index 0000000..8195464
--- /dev/null
+++ b/templates/secrets-database.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-database" (include "common.names.fullname" .) }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+  {{- if .Values.commonLabels }}
+  {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  {{ include "fcoscore.database.secretPasswordKey" . }}: {{ .Values.externalDatabase.password | b64enc | quote }}
+  {{ include "fcoscore.database.secretPostgresPasswordKey" . }}: {{ .Values.externalDatabase.postgresPassword | b64enc | quote }}
+{{- end }}
diff --git a/templates/secrets-fcoscore.yaml b/templates/secrets-fcoscore.yaml
new file mode 100644
index 0000000..85864a9
--- /dev/null
+++ b/templates/secrets-fcoscore.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  seeds_pw: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-discourse" (include "common.names.fullname" .)) "key" "seeds_pw" "providedValues" (list "auth.password") "context" $) }}
+  meili_master_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "meili_master_key" "providedValues" (list "fcoscore.meili_master_key") "context" $) }}
+  encryption_salt: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "encryption_salt" "providedValues" (list "fcoscore.encryption_salt") "context" $) }}
+  secret_key_base: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "secret_key_base" "providedValues" (list "fcoscore.secret_key_base") "context" $) }}
+  signing_salt: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "signing_salt" "providedValues" (list "fcoscore.signing_salt") "context" $) }}
+  github_token: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "github_token" "providedValues" (list "fcoscore.github_token") "context" $) }}
+  web_push_private_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s" (include "common.names.fullname" .)) "key" "web_push_private_key" "providedValues" (list "fcoscore.web_push_private_key") "context" $) }}
+  {{- if and .Values.smtp.enabled .Values.smtp.password (not .Values.smtp.existingSecret) }}
+  smtp_password: {{ .Values.smtp.password | b64enc | quote }}
+  smtp_api_key: {{ .Values.smtp.api_key | b64enc | quote }}
+  {{- end }}