diff --git a/chart/values.schema.json b/chart/values.schema.json
index 22f01d2c9..c207020d6 100755
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -66,6 +66,20 @@
       "additionalProperties": false,
       "type": "object"
     },
+    "ClusterStoresSyncConfig": {
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Enabled defines if this option should be enabled."
+        },
+        "selector": {
+          "$ref": "#/$defs/LabelSelector",
+          "description": "Selector defines what cluster stores should be synced"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object"
+    },
     "ControlPlane": {
       "properties": {
         "distro": {
@@ -1586,6 +1600,43 @@
       "additionalProperties": false,
       "type": "object"
     },
+    "ExternalSecrets": {
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Enabled defines whether the external secret integration is enabled or not"
+        },
+        "webhook": {
+          "$ref": "#/$defs/EnableSwitch",
+          "description": "Webhook defines whether the host webhooks are reused or not"
+        },
+        "sync": {
+          "$ref": "#/$defs/ExternalSecretsSync",
+          "description": "Sync defines the syncing behavior for the integration"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "description": "ExternalSecrets reuses a host external secret operator and makes certain CRDs from it available inside the vCluster"
+    },
+    "ExternalSecretsSync": {
+      "properties": {
+        "externalSecrets": {
+          "$ref": "#/$defs/EnableSwitch",
+          "description": "ExternalSecrets defines whether to sync external secrets or not"
+        },
+        "stores": {
+          "$ref": "#/$defs/EnableSwitch",
+          "description": "Stores defines whether to sync stores or not"
+        },
+        "clusterStores": {
+          "$ref": "#/$defs/ClusterStoresSyncConfig",
+          "description": "ClusterStores defines whether to sync cluster stores or not"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object"
+    },
     "Hook": {
       "properties": {
         "apiVersion": {
@@ -1737,6 +1788,10 @@
         "kubeVirt": {
           "$ref": "#/$defs/KubeVirt",
           "description": "KubeVirt reuses a host kubevirt and makes certain CRDs from it available inside the vCluster"
+        },
+        "externalSecrets": {
+          "$ref": "#/$defs/ExternalSecrets",
+          "description": "ExternalSecrets reuses a host external secret operator and makes certain CRDs from it available inside the vCluster"
         }
       },
       "additionalProperties": false,
@@ -1797,6 +1852,19 @@
       "type": "object",
       "description": "KubeVirtSync are the crds that are supported by this integration"
     },
+    "LabelSelector": {
+      "properties": {
+        "labels": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": "object",
+          "description": "Labels defines what labels should be looked for"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object"
+    },
     "LabelsAndAnnotations": {
       "properties": {
         "annotations": {
diff --git a/chart/values.yaml b/chart/values.yaml
index 536044458..7a51391c3 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -650,6 +650,29 @@ integrations:
     # Pods defines if metrics-server pods api should get proxied from host to virtual cluster.
     pods: true
   
+  # ExternalSecrets reuses a host external secret operator and makes certain CRDs from it available inside the vCluster
+  externalSecrets:
+    # Enabled defines whether the external secret integration is enabled or not
+    enabled: false
+    # Webhook defines whether the host webhooks are reused or not
+    webhook:
+      enabled: false
+    # Sync defines the syncing behavior for the integration
+    sync:
+      # ExternalSecrets defines whether to sync external secrets or not
+      externalSecrets:
+        enabled: true
+      # Stores defines whether to sync stores or not
+      stores:
+        enabled: false
+      # ClusterStores defines whether to sync cluster stores or not
+      clusterStores:
+        # Enabled defines if this option should be enabled.
+        enabled: false
+        # Selector defines what cluster stores should be synced
+        selector:
+          labels: {}
+  
   # KubeVirt reuses a host kubevirt and makes certain CRDs from it available inside the vCluster
   kubeVirt:
     # Enabled signals if the integration should be enabled
diff --git a/config/config.go b/config/config.go
index b5de05066..c92e8d132 100644
--- a/config/config.go
+++ b/config/config.go
@@ -83,6 +83,39 @@ type Integrations struct {
 
 	// KubeVirt reuses a host kubevirt and makes certain CRDs from it available inside the vCluster
 	KubeVirt KubeVirt `json:"kubeVirt,omitempty"`
+
+	// ExternalSecrets reuses a host external secret operator and makes certain CRDs from it available inside the vCluster
+	ExternalSecrets ExternalSecrets `json:"externalSecrets,omitempty"`
+}
+
+// ExternalSecrets reuses a host external secret operator and makes certain CRDs from it available inside the vCluster
+type ExternalSecrets struct {
+	// Enabled defines whether the external secret integration is enabled or not
+	Enabled bool `json:"enabled,omitempty"`
+	// Webhook defines whether the host webhooks are reused or not
+	Webhook EnableSwitch `json:"webhook,omitempty"`
+	// Sync defines the syncing behavior for the integration
+	Sync ExternalSecretsSync `json:"sync,omitempty"`
+}
+
+type ExternalSecretsSync struct {
+	// ExternalSecrets defines whether to sync external secrets or not
+	ExternalSecrets EnableSwitch `json:"externalSecrets,omitempty"`
+	// Stores defines whether to sync stores or not
+	Stores EnableSwitch `json:"stores,omitempty"`
+	// ClusterStores defines whether to sync cluster stores or not
+	ClusterStores ClusterStoresSyncConfig `json:"clusterStores,omitempty"`
+}
+
+type ClusterStoresSyncConfig struct {
+	EnableSwitch
+	// Selector defines what cluster stores should be synced
+	Selector LabelSelector `json:"selector,omitempty"`
+}
+
+type LabelSelector struct {
+	// Labels defines what labels should be looked for
+	Labels map[string]string `json:"labels,omitempty"`
 }
 
 // KubeVirt reuses a host kubevirt and makes certain CRDs from it available inside the vCluster
diff --git a/config/values.yaml b/config/values.yaml
index 1d6161cb3..a46fa917f 100644
--- a/config/values.yaml
+++ b/config/values.yaml
@@ -386,6 +386,19 @@ integrations:
     enabled: false
     nodes: true
     pods: true
+  externalSecrets:
+    enabled: false
+    webhook:
+      enabled: false
+    sync:
+      externalSecrets:
+        enabled: true
+      stores:
+        enabled: false
+      clusterStores:
+        enabled: false
+        selector:
+          labels: {}
   kubeVirt:
     enabled: false
     webhook: