diff --git a/deploy/overlays/development/services/gateway/external-secret.yaml b/deploy/overlays/development/services/gateway/external-secret.yaml
new file mode 100644
index 0000000..eb065c9
--- /dev/null
+++ b/deploy/overlays/development/services/gateway/external-secret.yaml
@@ -0,0 +1,25 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cloud-db-credentials
+  namespace: cloud-services
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: cloud-db-credentials
+  data:
+    - secretKey: DB_PASSWORD
+      remoteRef:
+        key: secret/cloud-services/db
+        property: password
+    - secretKey: MONGO_USER
+      remoteRef:
+        key: secret/cloud-services/db
+        property: mongo_user
+    - secretKey: MONGO_PASSWORD
+      remoteRef:
+        key: secret/cloud-services/db
+        property: mongo_password
diff --git a/deploy/overlays/development/services/gateway/kustomization.yaml b/deploy/overlays/development/services/gateway/kustomization.yaml
index 4e2e2fd..a1266fe 100644
--- a/deploy/overlays/development/services/gateway/kustomization.yaml
+++ b/deploy/overlays/development/services/gateway/kustomization.yaml
@@ -8,3 +8,4 @@ resources:
   - ../../../../base
   - deployment.yaml
   - ingress.yaml
+  - external-secret.yaml