diff --git a/_apps/argocd.yaml b/_apps/argocd.yaml
index 96d3c55..6722a23 100644
--- a/_apps/argocd.yaml
+++ b/_apps/argocd.yaml
@@ -4,7 +4,7 @@ metadata:
   name: argocd
   namespace: argocd
   finalizers:
-  - resources-finalizer.argocd.argoproj.io
+    - resources-finalizer.argocd.argoproj.io
 spec:
   destination:
     namespace: argocd
@@ -14,8 +14,8 @@ spec:
     path: argocd
     repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
     targetRevision: HEAD
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: argocd
+  syncPolicy:
+    automated:
+      selfHeal: false
+    syncOptions:
+      - CreateNamespace=true
diff --git a/argocd/argocd-cm.yaml b/argocd/argocd-cm.yaml
new file mode 100644
index 0000000..7898253
--- /dev/null
+++ b/argocd/argocd-cm.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+data:
+  # For KSOPs versions < v2.5.0, use the old kustomize flag style
+  # kustomize.buildOptions: "--enable_alpha_plugins"
+  kustomize.buildOptions: "--enable-alpha-plugins"
diff --git a/argocd/ksops-install.yaml b/argocd/ksops-install.yaml
new file mode 100644
index 0000000..848585f
--- /dev/null
+++ b/argocd/ksops-install.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      # 1. Define an emptyDir volume which will hold the custom binaries
+      volumes:
+        - name: custom-tools
+          emptyDir: {}
+        - name: sops-age
+          secret:
+            secretName: sops-age
+      # 2. Use an init container to download/copy custom binaries into the emptyDir
+      initContainers:
+        - name: install-ksops
+          image: viaductoss/ksops:v3.0.2
+          command: ["/bin/sh", "-c"]
+          args:
+            - echo "Installing KSOPS...";
+              mv ksops /custom-tools/;
+              mv $GOPATH/bin/kustomize /custom-tools/;
+              echo "Done.";
+          volumeMounts:
+            - mountPath: /custom-tools
+              name: custom-tools
+      # 3. Volume mount the custom binary to the bin directory (overriding the existing version)
+      containers:
+        - name: argocd-repo-server
+          volumeMounts:
+            - mountPath: /usr/local/bin/kustomize
+              name: custom-tools
+              subPath: kustomize
+              # Verify this matches a XDG_CONFIG_HOME=/.config env variable
+            - mountPath: /.config/kustomize/plugin/viaduct.ai/v1/ksops/ksops
+              name: custom-tools
+              subPath: ksops
+            - mountPath: /.config/sops/age/keys.txt
+              name: sops-age
+              subPath: keys.txt
+          # 4. Set the XDG_CONFIG_HOME env variable to allow kustomize to detect the plugin
+          env:
+            - name: XDG_CONFIG_HOME
+              value: /.config
+            - name: SOPS_AGE_KEY_FILE
+              value: /.config/sops/age/keys.txt
diff --git a/argocd/kustomization.yaml b/argocd/kustomization.yaml
new file mode 100644
index 0000000..7e8938d
--- /dev/null
+++ b/argocd/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - argocd.yaml
+patchesStrategicMerge:
+  - ksops-install.yaml
+  - argocd-cm.yaml