diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 50b6acb..72411cc 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -47,7 +47,15 @@ jobs:
             --namespace ingress-nginx \
             --create-namespace \
             --wait
-            
+      - name: Create Airflow git-sync SSH secret
+        if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }}
+        run: |
+          kubectl create namespace airflow --dry-run=client -o yaml | kubectl apply -f -
+          kubectl create secret generic airflow-gitsync-ssh \
+            --from-literal=gitSshKey="$(echo ${{ secrets.AIRFLOW_GITSYNC_SSH_KEY }} | base64 -d)" \
+            --from-literal=known_hosts="$(echo ${{ secrets.AIRFLOW_GITSYNC_KNOWN_HOSTS }} | base64 -d)" \
+            --namespace airflow \
+            --dry-run=client -o yaml | kubectl apply -f -
       - name: Deploy Airflow
         if: ${{ inputs.service == 'all' || inputs.service == 'airflow' }}
         run: |
diff --git a/helm/airflow/values.yaml b/helm/airflow/values.yaml
index 2f09603..8d04606 100644
--- a/helm/airflow/values.yaml
+++ b/helm/airflow/values.yaml
@@ -1,5 +1,17 @@
 executor: KubernetesExecutor
 
+dags:
+  gitSync:
+    enabled: true
+    repo: git@github.com:idirbfs/dags.git
+    branch: main
+    rev: HEAD
+    depth: 1
+    maxFailures: 3
+    subPath: ""
+    sshKeySecret: airflow-gitsync-ssh
+    period: 60s
+
 ingress:
   apiServer:
     enabled: true
diff --git a/helm/monitoring/oauth2-proxy-alertmanager.yaml b/helm/monitoring/oauth2-proxy-alertmanager.yaml
index dfe148a..5c25fb9 100644
--- a/helm/monitoring/oauth2-proxy-alertmanager.yaml
+++ b/helm/monitoring/oauth2-proxy-alertmanager.yaml
@@ -1,5 +1,10 @@
 config:
   existingSecret: oauth2-proxy-alertmanager
+  cookie_secure: false
+  reverse_proxy: true
+  set_xauthrequest: true
+  cookie_samesite: "lax"
+  redirect_url: http://alertmanager.13.140.150.2.nip.io/oauth2/callback
 
 extraArgs:
   provider: oidc
diff --git a/helm/monitoring/oauth2-proxy-prometheus.yaml b/helm/monitoring/oauth2-proxy-prometheus.yaml
index 4528542..d5f798f 100644
--- a/helm/monitoring/oauth2-proxy-prometheus.yaml
+++ b/helm/monitoring/oauth2-proxy-prometheus.yaml
@@ -1,5 +1,10 @@
 config:
   existingSecret: oauth2-proxy-prometheus
+  cookie_secure: false
+  reverse_proxy: true
+  set_xauthrequest: true
+  cookie_samesite: "lax"
+  redirect_url: http://prometheus.13.140.150.2.nip.io/oauth2/callback
 
 extraArgs:
   provider: oidc