diff --git a/example/kube/authelia/configs/configuration.yml b/example/kube/authelia/configs/configuration.yml
index 1f80abc28..97fae4378 100644
--- a/example/kube/authelia/configs/configuration.yml
+++ b/example/kube/authelia/configs/configuration.yml
@@ -4,7 +4,6 @@
 
 port: 80
 logs_level: debug
-jwt_secret: an_unsecure_secret
 
 default_redirection_url: https://home.example.com:8080
 
@@ -20,7 +19,6 @@ authentication_backend:
     group_name_attribute: cn
     mail_attribute: mail
     user: cn=admin,dc=example,dc=com
-    password: password
 
 access_control:
   default_policy: deny
@@ -74,7 +72,6 @@ access_control:
       policy: two_factor
 
 session:
-  secret: unsecure_password
   expiration: 3600 # 1 hour
   inactivity: 300 # 5 minutes
   domain: example.com
@@ -93,7 +90,6 @@ storage:
     port: 3306
     database: authelia
     username: admin
-    password: password
 
 notifier:
   smtp:
diff --git a/example/kube/authelia/deployment.yml b/example/kube/authelia/deployment.yml
index 163068307..199c23d17 100644
--- a/example/kube/authelia/deployment.yml
+++ b/example/kube/authelia/deployment.yml
@@ -24,6 +24,17 @@ spec:
           volumeMounts:
             - name: config-volume
               mountPath: /etc/authelia
+          env:
+            # We set secrets directly here for ease of deployment but all secrets
+            # should be stored in the Kube Vault in production.
+            - name: AUTHELIA_JWT_SECRET
+              value: an_unsecure_secret
+            - name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD
+              value: password
+            - name: AUTHELIA_SESSION_SECRET
+              value: unsecure_password
+            - name: AUTHELIA_STORAGE_MYSQL_PASSWORD
+              value: password
       volumes:
         - name: config-volume
           configMap: