diff --git a/clusters/okd4/.sops.pub.asc b/clusters/okd4/.sops.pub.asc
new file mode 100644
index 0000000000000000000000000000000000000000..2b591f0b42cd9d366674ff15fa4a806a34c50716
--- /dev/null
+++ b/clusters/okd4/.sops.pub.asc
@@ -0,0 +1,63 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGEWu8EBEAC5AMZ9+nU0JgLgW1HqaLLIo30FKWU5o+e/Q73wqPnPhLVNhSAv
+VcgudK4w3W1WmSjO8HHk/tdUrACt5S0YlqViIopSEh805O9U45Gb/wNuqMpp/WcX
+0JiVh3AsildLJI54gdfqNUvWOg/HfUzxA5OBn1TvhCwMoif9gtDWCh3GZ2oIit1/
+GQk0HvDNhD3P+59tsGwKK1zky/3G1tqZmBMYLhOwbEGmmCYCvwbZmR+V/gjjGyV4
+hX9M+5ue5/DHUTEcX2h2wpj8e3eCyhNjKs54YWNaoHwf6vySq+sB2S4LKvNTswEi
+qJhDuHsgSduI4xXOIosHE3HCVJ4P9Y8ScIpcN/QnbtGD1FFBVKBuAj/CnFGFOO7Y
+OQYDIBvKXPCjyIeuly6sJe6SAhAF2s6pjWQe4loartmgbcPE2DcCswil8JBd8SbS
+CjCWO4lrjTB0gMuJMIo1YDJuVezfn7Pq0WhpKe2ehAfy0OdM8A6NIOAr9jPQN8l8
+ABvHY6jh7arj8kV0MhVpVY+s1vAf0z5taEijO/0QMTXUnF9WGW4WPPUtCHyYidRM
+HEDVLgFG0AeeZ2D6/OE6TBlANY/48aluXG2wc8PSJ0byFbs4a7xvnyeo3ObyWj7X
+5MtR38v4xC7GJPAPajP/LMA1PCr3z5qA8MGl1887UHDno5K15MUPTHfrJwARAQAB
+tCdva2Q0LnNoaXZlcmluZy1pc2xlcy5jb20gKGZsdXggc2VjcmV0cymJAk4EEwEI
+ADgWIQSdAqmtc+9/PV9lesKzkvbrMl6MUAUCYRa7wQIbLwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRCzkvbrMl6MUMOzD/oCN+prRIOsHdr1SQNH8IaqFymyLFmH
+j674BErThijIFjizaIAp2QOlKRqr1tbp0sHF7Q9XJ+BZQvWdKSOxKNFzz9MX59m5
+grR0D2ez5UdvqHcCr4GOHMVb4CfEhumWv/yt9zbHyvEeABYWpEYaLKFS07/JejNZ
+QMJ4C6Ks5xOPyT341c9j4PHLQY+oft4OgwV1/Cm1WAm/6TAXqqakolVMKG0ij08o
+RCJPQxHB54PhB6c1lkwculJ8k6R9SOEPnMbrr+6087sgKxQRougk/3U5mNUeNOMz
+FIaaq33sSkVJ8ENLa1+RnLNqtuzVhxuPqhrcFDp1/yylQOQV43RFN/h5y1PVw6RH
+4MJWLCZfVzwquhve00lS+2S5O+b/MeOE/4yhe8veJ7MIGgM/k/SBOuo8QSLy/5ci
+A0omJpd47+pjMXrqWa/hwLOkVpz0MtYOQbbhrJNfb00y/WYVkD1coKqO81mTf02D
+okTaVP6sF+plT1ReYrd7lMEwuZltFKBdysC9VTCPr5AWS0i14mBFJ8y8tg7la4j1
+ql3qW6V75ZyFGRc7KLIQsNJiGw8isL3sAEpYdx0l4snXJwrQJi9F9ffq+73D/5U8
+Hsazq9Px3ezqfVIXcGIbOVn6/rUJ9b8HQRFihffQaE+C6ial8ucJ4/SiAmBUoGV4
++IBw0W+D3DVvV7kCDQRhFrvBARAA3m0tZlWSQ8EIU8a9qNcxDmT62WKEbWxY4wKf
+D1DVdAQMgArRscepboe537MP/d5dfi4Me4GE3MfigV/Z1t2hvGDf2pKkxf7KSHif
+zID+PK6wZV513myOf/LhQDtoshKGk99tBxrl7uJhNDpDOOlpjbbbt58arSKY0eXU
+2TI0O+NXlMby8a+Jyf2IyV2EnhcS/qzp8oLSshclpDKyIj7Oc/12IC41t0xbDcyh
+6iWGneg0ox0ISMAmcDg1ZlqMCQ/4sz8Wtvg46tEsP+8iBtaWQRwLzPYgEYw/ZBEM
+fxy3ANZXH8mpZ2rM4wJlpfHWfFKVPugdBioFQf2IN45ORgiwZ0/5M/1p4Io/cZ2W
+224o/zR4EoHspLr6c00bYWuGK09aoOUlc/UueN7KZyqOxUhGzpxAK1wxxv+Aizqu
+XoPrJv21iRtgtLYAQhaU7ptv9W/WV2H8N4RQUCCa5q8KcFyewlHyVjO/48EaubCJ
+SoAUS8Z5lqE208N5J1smC61KcjpR58yCsJqf7e2o9uOzl8cp0gSuEPstwOu7QUGg
+mpem5yrQxze7GkoCCGQxaymdrngwmeXSHXV6l8NQcQAmhmh4G7KJAR1dKP9t/JKh
+Pt7Gs0eIQBTvPb0jkBh6bADt0S4nHw2A6XhlhDlyVXXe4WlmTl8mwvqouW2BGmiI
+GCwFwc8AEQEAAYkEbAQYAQgAIBYhBJ0Cqa1z7389X2V6wrOS9usyXoxQBQJhFrvB
+AhsuAkAJELOS9usyXoxQwXQgBBkBCAAdFiEE0jYTQVAB73qOQPgJW7/+yWLj+fUF
+AmEWu8EACgkQW7/+yWLj+fVhWg/+KBHitGj+XrcW52fE7JWIMswQ7rlUM0HiEcEJ
+1kAtL9Rp45MiAM6rE6WPJANatptL2LP/8sfg2efRVdF80RfUHCN/ISbmc2ntvKd+
+rGnukq6jqIf6JnHjTC9lYkeu1uYEzjRdxyu0KwXddydzpWM/ofMjjp7yzF6CmXR5
+Ex7JLzYBiGmhmXXJ4hVhysvndsTzyT0xT2X2Rf739yZIg/Z+hvtNK5fS+3iXiTYT
+fS323XryHhApWV5r2u75/9FyL+IEngWm2pom7vBMax/fXbeS/woBfdcr7fagWGp+
+NgjYhiw4kIgVyMtvwDaBIWcMsRvlI2z7mZSSS8yb6Ty4aiIl8FO6v+EQYq2RK2Xt
+yaqKE80pJh11qzp6tI4jN4hnN7YSyTQuVfLMxeMSdRkSpyLASs0ZWoeTNorn9dKQ
+HPltQ0DP+OV/NgSfLWBPV2dKzM8squXR3Jdj+Lq6eEPUdu8sxxK2NcYFWuE0BujK
+aiIfxxw2IkfmrrWOVkGptjApSaROGr+wn0gkAnx1dvuLPMFphVPN5anzEilLNpeS
+NAKsyhTBDCyBSfjXrYBojg5jBWnda55Kr8DG7hbmRNxynfJ5FydEdrWAP2fxLb1Z
+7vWeUgePZhvv8HMPGwCIHK0M0qoKnbc90Iq0c5l7owXtncrbVrWR7l0yKyLRQAXn
+ly8v6uxxXw//b5x+yBgyOBUSZ9RkjIex1NA4cZ6BNkpzT5bnzGCINIqzqzig0OJK
+Fobs6uKRdv3ILicTrj0Hu6ANinzL/dlUS1BnArZ88zIdRpVaJozQkRtuL9S9PG2g
+fyQ7zuNbj25ZV4OLeo80Ddrq2Q4rb/yoPPLpgA5Hwu3bp2INqy0soiSm37oo1x6A
+7I9+sE09B6veHxyKyxQsf1H6Z/FzW5x6I9P+sPVOQVNcvzcZOt+32HV3/6N7gn//
+ZF7TWdqKt8LgbFDho9xR4y+Kon5xmmYg5J7Th8MEg2glj3wyMuxOcXOqRG/Dy3mf
+k0w6FZFmCyuiEWNc59gHcD7vJ3J8Wu6W0HqS4cn4j1JePYaZKg8w7+x5Kxe+AspO
+juHQwgqN+98IjcXk7HVpbjIubaRkRgVuB3+9hyP3WTDZdReVs0cqhkBsuvvxHOt8
+ysCSwTN0lh4IPg3KYCkuBQykYN/r/sFrVabyT/CCDWldicJRyTrBm6I1E9e/cFmn
+X2F/3CsAGfPev0IynHKZUtKyXj+5YnvBmPQjuEQv81bfO5qoq0Z+RRU1itzkviXi
+vMc4TINaJUeacMh4Ktxz0p3RfYJVMsooL8iYuSHDtvKUQWAakzr4rOfoM55gdMUq
+kHvjGR4UyX/W1XWC4A0NkeKxjDacSYGS/zkjNNa2sgooh8EU1TFG5zo=
+=anp/
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/clusters/okd4/.sops.yaml b/clusters/okd4/.sops.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e7bfab74810cfe0e144767bcbeaa3d3958a0611f
--- /dev/null
+++ b/clusters/okd4/.sops.yaml
@@ -0,0 +1,6 @@
+creation_rules:
+  - path_regex: .*.yaml
+    encrypted_regex: ^(data|stringData)$
+    pgp: >-
+      9D02A9AD73EF7F3D5F657AC2B392F6EB325E8C50,
+      286791FB6648539775DB31B8FCB98C2A3EC6F601
diff --git a/clusters/okd4/flux-system/gotk-sync.yaml b/clusters/okd4/flux-system/gotk-sync.yaml
index 0bffc1487e8b3e3012ea336793f6a2ddc5a7d7aa..bf212589c9205ca5b3a12c5b6d1b76187134047b 100644
--- a/clusters/okd4/flux-system/gotk-sync.yaml
+++ b/clusters/okd4/flux-system/gotk-sync.yaml
@@ -15,6 +15,10 @@ spec:
     mode: head
     secretRef:
       name: pgp-public-keys
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-pgp
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
 kind: Kustomization