diff --git a/infra/garibaldi-central.levant.nomad b/infra/garibaldi-central.levant.nomad
index 4110c3faa025c9b3cb01d21b313bf014ca047cdb..6d05ff41f1ff6b7175d6dae2316e354127d68a7a 100644
--- a/infra/garibaldi-central.levant.nomad
+++ b/infra/garibaldi-central.levant.nomad
@@ -19,8 +19,6 @@ job "daily-backup-grafana-to-s3" {
       }
       env {
         MINIO_HOSTNAME = "https://s3.lofar.net:443"
-        MINIO_ACCESS_KEY = "minioadmin"
-        MINIO_SECRET_KEY = "minioadmin"
         MINIO_BUCKET = "grafana-backup"
         GRAFANA_URL = "https://monitoring.lofar.net:443"
       }
@@ -32,12 +30,23 @@ job "daily-backup-grafana-to-s3" {
 
       template {
         env = true
-        destination = "secrets/file.env"
+        destination = "secrets/grafana.env"
         data = <<EOH
         GRAFANA_TOKEN = "{{with secret "kv-v2/data/grafana/garibaldi"}}{{.Data.data.token}}{{end}}"
         EOH
       }
 
+      template {
+        env = true
+        destination = "secrets/minio.env"
+        data = <<EOH
+        {{with secret "kv-v2/data/minio/central-management"}}
+        MINIO_ROOT_USER     = "{{.Data.data.username}}"
+        MINIO_ROOT_PASSWORD = "{{.Data.data.password}}"
+        {{end}}
+        EOH
+      }
+
       resources {
         cpu = 2500
         memory = 512
diff --git a/infra/logs-central.levant.nomad b/infra/logs-central.levant.nomad
index bed9a9cd266097c68d1de0a6ca718f1dafd810ae..aa5af8563c164c1311a3853e1c34154a65795815 100644
--- a/infra/logs-central.levant.nomad
+++ b/infra/logs-central.levant.nomad
@@ -35,7 +35,7 @@ job "logs" {
 
         mount {
           type   = "bind"
-          source = "local/loki/"
+          source = "secrets/loki/"
           target = "/etc/loki/"
         }
       }
@@ -55,8 +55,10 @@ job "logs" {
           storage:
             s3:
               endpoint: s3.lofar.net
-              access_key_id: minioadmin
-              secret_access_key: minioadmin
+              {{with secret "kv-v2/data/minio/central-management"}}
+              access_key_id: "{{.Data.data.username}}"
+              secret_access_key: "{{.Data.data.password}}"
+              {{end}}
               bucketnames: central-logs
               s3forcepathstyle: true
               region: NL
@@ -98,12 +100,17 @@ job "logs" {
           log_level: warn
         EOH
 
-        destination = "local/loki/config.yaml"
+        destination = "secrets/loki/config.yaml"
       }
       resources {
         cpu    = 2048
         memory = 8096
       }
+
+      vault {
+        change_mode = "noop"
+        policies = ["default"]
+      }
     }
 
   }
diff --git a/infra/metrics-central.levant.nomad b/infra/metrics-central.levant.nomad
index 0a7230eda71d9ba3b62a824d529b7d8bc38ffd65..2b2b3ac05bfec0f3cae428b6759d3fc48ecc3365 100644
--- a/infra/metrics-central.levant.nomad
+++ b/infra/metrics-central.levant.nomad
@@ -170,11 +170,16 @@ job "metrics" {
 
         mount {
           type   = "bind"
-          source = "local/mimir/"
+          source = "secrets/mimir/"
           target = "/etc/mimir/"
         }
       }
 
+      vault {
+        change_mode = "noop"
+        policies = ["default"]
+      }
+
       template {
         data = <<EOH
         # Do not use this configuration in production.
@@ -190,8 +195,10 @@ job "metrics" {
             backend: s3
             s3:
               endpoint: s3.lofar.net
-              access_key_id: minioadmin
-              secret_access_key: minioadmin
+              {{with secret "kv-v2/data/minio/central-management"}}
+              access_key_id: "{{.Data.data.username}}"
+              secret_access_key: "{{.Data.data.password}}"
+              {{end}}
               bucket_name: central-metrics
 
         # Blocks storage requires a prefix when using a common object storage bucket.
@@ -250,7 +257,7 @@ job "metrics" {
           log_level: warn
         EOH
 
-        destination = "local/mimir/config.yaml"
+        destination = "secrets/mimir/config.yaml"
       }
       resources {
         cpu    = 2048
diff --git a/infra/tracing-central.levant.nomad b/infra/tracing-central.levant.nomad
index 2c8fcab74f1efb19e9f685818040295bfe6cbba4..de3aea7311d2f0b6f349c32b2f88d5632b8bb729 100644
--- a/infra/tracing-central.levant.nomad
+++ b/infra/tracing-central.levant.nomad
@@ -34,7 +34,7 @@ job "tracing" {
 
         mount {
           type   = "bind"
-          source = "local/tempo/"
+          source = "secrets/tempo/"
           target = "/etc/tempo/"
         }
       }
@@ -63,8 +63,10 @@ storage:
     s3:
       bucket: central-tracing
       endpoint: s3.lofar.net
-      access_key: minioadmin
-      secret_key: minioadmin
+      {{with secret "kv-v2/data/minio/central-management"}}
+      access_key: "{{.Data.data.username}}"
+      secret_key: "{{.Data.data.password}}"
+      {{end}}
       forcepathstyle: true
     wal:
       path: /tmp/tempo/wal             # where to store the the wal locally
@@ -76,12 +78,17 @@ overrides:
     metrics_generator:
         EOH
 
-        destination = "local/tempo/config.yaml"
+        destination = "secrets/tempo/config.yaml"
       }
       resources {
         cpu    = 2048
         memory = 8096
       }
+
+      vault {
+        change_mode = "noop"
+        policies = ["default"]
+      }
     }
 
   }
diff --git a/infra/volume.hcl b/infra/volume.hcl
index 6a3c9d02b2df13fd28af58b5cac08203e26c88d7..e3440c5b26f44c27b00d56bc7b57374186951388 100644
--- a/infra/volume.hcl
+++ b/infra/volume.hcl
@@ -14,6 +14,6 @@ secrets {
   metaurl="redis://operations-valkey.service.consul:26379/0"
   bucket="https://s3.lofar.net/csi-volumes/operations"
   storage="minio"
-  access-key="minioadmin"
-  secret-key="minioadmin"
+  access-key="csi"
+  secret-key="<insert password of csi minio user>"
 }