diff --git a/kubernetes/common/apps/cert-manager/helm-release.yaml b/kubernetes/common/apps/cert-manager/app/files/helm-release.yaml
similarity index 100%
rename from kubernetes/common/apps/cert-manager/helm-release.yaml
rename to kubernetes/common/apps/cert-manager/app/files/helm-release.yaml
diff --git a/kubernetes/common/apps/cert-manager/helm-repository.yaml b/kubernetes/common/apps/cert-manager/app/files/helm-repository.yaml
similarity index 100%
rename from kubernetes/common/apps/cert-manager/helm-repository.yaml
rename to kubernetes/common/apps/cert-manager/app/files/helm-repository.yaml
diff --git a/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml b/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml
new file mode 100644
index 0000000..14a2c31
--- /dev/null
+++ b/kubernetes/common/apps/cert-manager/app/files/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./helm-repository.yaml
+- ./helm-release.yaml
\ No newline at end of file
diff --git a/kubernetes/common/apps/cert-manager/app/ks.yaml b/kubernetes/common/apps/cert-manager/app/ks.yaml
new file mode 100644
index 0000000..471dbc2
--- /dev/null
+++ b/kubernetes/common/apps/cert-manager/app/ks.yaml
@@ -0,0 +1,25 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/common/apps/cert-manager/app/files
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
\ No newline at end of file
diff --git a/kubernetes/common/apps/cert-manager/cloudflare-cred.sops.yaml b/kubernetes/common/apps/cert-manager/certs/files/cloudflare-cred.sops.yaml
similarity index 100%
rename from kubernetes/common/apps/cert-manager/cloudflare-cred.sops.yaml
rename to kubernetes/common/apps/cert-manager/certs/files/cloudflare-cred.sops.yaml
diff --git a/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml b/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml
new file mode 100644
index 0000000..d721975
--- /dev/null
+++ b/kubernetes/common/apps/cert-manager/certs/files/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./cloudflare-cred.sops.yaml
+- ./letsencrypt-prod.yaml
+- ./letsencrypt-stage.yaml
+- ./wildcard-cert.yaml
\ No newline at end of file
diff --git a/kubernetes/common/apps/cert-manager/letsencrypt-prod.yaml b/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-prod.yaml
similarity index 100%
rename from kubernetes/common/apps/cert-manager/letsencrypt-prod.yaml
rename to kubernetes/common/apps/cert-manager/certs/files/letsencrypt-prod.yaml
diff --git a/kubernetes/common/apps/cert-manager/letsencrypt-stage.yaml b/kubernetes/common/apps/cert-manager/certs/files/letsencrypt-stage.yaml
similarity index 100%
rename from kubernetes/common/apps/cert-manager/letsencrypt-stage.yaml
rename to kubernetes/common/apps/cert-manager/certs/files/letsencrypt-stage.yaml
diff --git a/kubernetes/common/apps/cert-manager/wildcard-cert.yaml b/kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml
similarity index 100%
rename from kubernetes/common/apps/cert-manager/wildcard-cert.yaml
rename to kubernetes/common/apps/cert-manager/certs/files/wildcard-cert.yaml
diff --git a/kubernetes/common/apps/cert-manager/certs/ks.yaml b/kubernetes/common/apps/cert-manager/certs/ks.yaml
new file mode 100644
index 0000000..a24d477
--- /dev/null
+++ b/kubernetes/common/apps/cert-manager/certs/ks.yaml
@@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: cert-manager-certificates
+  namespace: flux-system
+spec:
+  timeout: 5m
+  interval: 10m
+  path: ./kubernetes/common/apps/cert-manager/certs/files
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-cluster
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  dependsOn:
+    - name: cert-manager
+      namespace: flux-system
+  postBuild:
+    substitute: {}
+    substituteFrom:
+      - kind: ConfigMap
+        name: cluster-settings
+      - kind: Secret
+        name: cluster-secrets
\ No newline at end of file
diff --git a/kubernetes/common/apps/cert-manager/kustomization.yaml b/kubernetes/common/apps/cert-manager/kustomization.yaml
index 7589521..d70fba6 100644
--- a/kubernetes/common/apps/cert-manager/kustomization.yaml
+++ b/kubernetes/common/apps/cert-manager/kustomization.yaml
@@ -2,9 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ./namespace.yaml
-- ./cloudflare-cred.sops.yaml
-- ./helm-repository.yaml
-- ./helm-release.yaml
-- ./letsencrypt-prod.yaml
-- ./letsencrypt-stage.yaml
-- ./wildcard-cert.yaml
\ No newline at end of file
+- ./app/ks.yaml
+- ./certs/ks.yaml
\ No newline at end of file