diff --git a/crowdsec/values.yaml b/crowdsec/values.yaml
index be83896..4e5179c 100644
--- a/crowdsec/values.yaml
+++ b/crowdsec/values.yaml
@@ -29,6 +29,16 @@ crowdsec: &crowdsec_config
         value: "homelab"
       - name: ENROLL_TAGS
         value: "k3s rpi test"
+      - name: DB_USER
+        valueFrom:
+          secretKeyRef:
+            name: crowdsec-db-credentials
+            key: username
+      - name: DB_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: crowdsec-db-credentials
+            key: password
   appsec:
     enabled: true
     acquisitions:
@@ -48,6 +58,25 @@ crowdsec: &crowdsec_config
       requests:
         cpu: "100m"
         memory: "200Mi"
+  config:
+    config.yaml.local: |
+      db_config:
+        type:     postgresql
+        user:     ${DB_USER}
+        password: ${DB_PASSWORD}
+        db_name:  crowdsec
+        host:     pgbouncer.tools
+        port:     5432
+      api:
+        server:
+          auto_registration: # Activate if not using TLS for authentication
+            enabled: true
+            token: "${REGISTRATION_TOKEN}"  # /!\ do not change
+            allowed_ranges: # /!\ adapt to the pod IP ranges used by your cluster
+              - "127.0.0.1/32"
+              - "192.168.0.0/16"
+              - "10.42.0.0/16"
+              - "172.16.0.0/12"
 
 tool:
   # kind: 'SubChart' or 'HelmChart', if subchart then uncomment Chart.yaml dependency, else comment and use tool library with helm chart template
diff --git a/hashicorp-vault/iac/terraform.tfvars b/hashicorp-vault/iac/terraform.tfvars
index 1b0a15c..b04d2e7 100644
--- a/hashicorp-vault/iac/terraform.tfvars
+++ b/hashicorp-vault/iac/terraform.tfvars
@@ -6,4 +6,5 @@ applications = [
     ops_policies               = ["factory__cf_r2_arcodange_tf"]
     service_account_names = ["cloudflared"]
   },
+  { name = "crowdsec" },
 ]
\ No newline at end of file