diff --git a/chart/env/prod.yaml b/chart/env/prod.yaml
index 6a6be9ef91..985316ab7b 100644
--- a/chart/env/prod.yaml
+++ b/chart/env/prod.yaml
@@ -65,53 +65,41 @@ images:
       repository: datasets-server-services-webhook
       tag: sha-fb3399a
 secrets:
-  externalSecret:
+  infisical:
     enabled: true
-    secretName: "datasets-server-prod-secrets"
-    secretStoreName: "datasets-server-prod-secretstore"
-    parameters:
-      MONGO_URL: "hub-prod-datasets-server-mongo-url"
-      HF_TOKEN: "hub-prod-datasets-server-hf-token"
-      PARQUET_CONVERTER_HF_TOKEN: "hub-prod-datasets-server-parquet-converter-hf-token"
-      WEBHOOK_SECRET: "hub-prod-datasets-server-webhook-secret"
-      SPAWNING_TOKEN: "hub-prod-datasets-server-spawning-token"
-      API_HF_JWT_ADDITIONAL_PUBLIC_KEYS: "hub-prod-datasets-server-jwt-additional-public-keys"
-      AWS_ACCESS_KEY_ID: "hub-prod-datasets-server-s3-access-key-id"
-      AWS_SECRET_ACCESS_KEY: "hub-prod-datasets-server-s3-secret-access-key"
-      CLOUDFRONT_KEY_PAIR_ID: "hub-prod-datasets-server-cloudfront-key-id"
-      CLOUDFRONT_PRIVATE_KEY: "hub-prod-datasets-server-cloudfront-key"
+    env: "prod-us-east-1"
   mongoUrl:
     fromSecret: true
-    secretName: "datasets-server-prod-secrets"
+    secretName: ""
   appHfToken:
     fromSecret: true
-    secretName: "datasets-server-prod-secrets"
+    secretName: ""
   appParquetConverterHfToken:
     fromSecret: true
-    secretName: "datasets-server-prod-secrets"
+    secretName: ""
   hfWebhookSecret:
     fromSecret: true
-    secretName: "datasets-server-prod-secrets"
+    secretName: ""
   hfJwtAdditionalPublicKeys:
     fromSecret: true
-    secretName: "datasets-server-prod-secrets"
+    secretName: ""
   spawningToken:
     fromSecret: true
-    secretName: "datasets-server-prod-secrets"
+    secretName: ""
   s3:
     accessKeyId:
       fromSecret: true
-      secretName: "datasets-server-prod-secrets"
+      secretName: ""
     secretAccessKey:
       fromSecret: true
-      secretName: "datasets-server-prod-secrets"
+      secretName: ""
   cloudfront:
     keyPairId:
       fromSecret: true
-      secretName: "datasets-server-prod-secrets"
+      secretName: ""
     privateKey:
       fromSecret: true
-      secretName: "datasets-server-prod-secrets"
+      secretName: ""
 
 persistence:
   duckDBIndex:
diff --git a/chart/env/staging.yaml b/chart/env/staging.yaml
index eed44dd4d3..c7af4f292a 100644
--- a/chart/env/staging.yaml
+++ b/chart/env/staging.yaml
@@ -62,53 +62,41 @@ images:
       tag: sha-fb3399a
 
 secrets:
-  externalSecret:
+  infisical:
     enabled: true
-    secretName: "datasets-server-staging-secrets"
-    secretStoreName: "datasets-server-ephemeral-secretstore"
-    parameters:
-      MONGO_URL: "hub-ephemeral-datasets-server-mongo-url"
-      HF_TOKEN: "hub-ephemeral-datasets-server-hf-token"
-      PARQUET_CONVERTER_HF_TOKEN: "hub-ephemeral-datasets-server-parquet-converter-hf-token"
-      WEBHOOK_SECRET: "hub-ephemeral-datasets-server-webhook-secret"
-      SPAWNING_TOKEN: "hub-ephemeral-datasets-server-spawning-token"
-      API_HF_JWT_ADDITIONAL_PUBLIC_KEYS: "hub-ephemeral-datasets-server-jwt-additional-public-keys"
-      AWS_ACCESS_KEY_ID: "hub-ephemeral-datasets-server-s3-access-key-id"
-      AWS_SECRET_ACCESS_KEY: "hub-ephemeral-datasets-server-s3-secret-access-key"
-      CLOUDFRONT_KEY_PAIR_ID: "hub-ephemeral-datasets-server-cloudfront-key-id"
-      CLOUDFRONT_PRIVATE_KEY: "hub-ephemeral-datasets-server-cloudfront-key"
+    env: "ephemeral-us-east-1"
   mongoUrl:
     fromSecret: true
-    secretName: "datasets-server-staging-secrets"
+    secretName: ""
   appHfToken:
     fromSecret: true
-    secretName: "datasets-server-staging-secrets"
+    secretName: ""
   appParquetConverterHfToken:
     fromSecret: true
-    secretName: "datasets-server-staging-secrets"
+    secretName: ""
   hfWebhookSecret:
     fromSecret: false
-    secretName: "datasets-server-staging-secrets"
+    secretName: ""
   hfJwtAdditionalPublicKeys:
     fromSecret: true
-    secretName: "datasets-server-staging-secrets"
+    secretName: ""
   spawningToken:
     fromSecret: true
-    secretName: "datasets-server-staging-secrets"
+    secretName: ""
   s3:
     accessKeyId:
       fromSecret: true
-      secretName: "datasets-server-staging-secrets"
+      secretName: ""
     secretAccessKey:
       fromSecret: true
-      secretName: "datasets-server-staging-secrets"
+      secretName: ""
   cloudfront:
     keyPairId:
       fromSecret: true
-      secretName: "datasets-server-staging-secrets"
+      secretName: ""
     privateKey:
       fromSecret: true
-      secretName: "datasets-server-staging-secrets"
+      secretName: ""
 
 persistence:
   duckDBIndex:
diff --git a/chart/templates/_common/_helpers.tpl b/chart/templates/_common/_helpers.tpl
index d9e080a13b..edd00d65e9 100644
--- a/chart/templates/_common/_helpers.tpl
+++ b/chart/templates/_common/_helpers.tpl
@@ -200,3 +200,11 @@ note: keep $instanceAnnotations in first position during the merge, to avoid ove
 {{ $key | quote }}: {{ $value | quote }}
 {{- end }}
 {{- end -}}
+
+
+{{/*
+Return the secret name where Infisical secrets are loaded
+*/}}
+{{- define "datasetsServer.infisical.secretName" -}}
+{{ include "name" $ }}-secs
+{{- end -}}
diff --git a/chart/templates/_env/_envCloudfront.tpl b/chart/templates/_env/_envCloudfront.tpl
index 76823782c1..99a86ccfca 100644
--- a/chart/templates/_env/_envCloudfront.tpl
+++ b/chart/templates/_env/_envCloudfront.tpl
@@ -8,7 +8,7 @@
   {{- if .Values.secrets.cloudfront.keyPairId.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.cloudfront.keyPairId.secretName | quote }}
+      name: {{ .Values.secrets.cloudfront.keyPairId.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: CLOUDFRONT_KEY_PAIR_ID
       optional: false
   {{- else }}
@@ -18,7 +18,7 @@
   {{- if .Values.secrets.cloudfront.privateKey.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.cloudfront.privateKey.secretName | quote }}
+      name: {{ .Values.secrets.cloudfront.privateKey.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: CLOUDFRONT_PRIVATE_KEY
       optional: false
   {{- else }}
diff --git a/chart/templates/_env/_envCommon.tpl b/chart/templates/_env/_envCommon.tpl
index 6b90f6651a..cb1f9495f5 100644
--- a/chart/templates/_env/_envCommon.tpl
+++ b/chart/templates/_env/_envCommon.tpl
@@ -14,11 +14,7 @@
   {{- if .Values.secrets.appHfToken.fromSecret }}
   valueFrom:
     secretKeyRef:
-      {{- if eq .Values.secrets.appHfToken.secretName "" }}
-      name: {{ .Release.Name }}-datasets-server-app-token
-      {{- else }}
-      name: {{ .Values.secrets.appHfToken.secretName | quote }}
-      {{- end }}
+      name: {{ .Values.secrets.appHfToken.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: HF_TOKEN
       optional: false
   {{- else }}
@@ -30,7 +26,7 @@
 {{- if .Values.secrets.mongoUrl.fromSecret }}
 valueFrom:
   secretKeyRef:
-    name: {{ .Values.secrets.mongoUrl.secretName | quote }}
+    name: {{ .Values.secrets.mongoUrl.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
     key: MONGO_URL
     optional: false
 {{- else }}
diff --git a/chart/templates/_env/_envDiscussions.tpl b/chart/templates/_env/_envDiscussions.tpl
index 0105f77c5f..5b4037507c 100644
--- a/chart/templates/_env/_envDiscussions.tpl
+++ b/chart/templates/_env/_envDiscussions.tpl
@@ -8,7 +8,7 @@
   {{- if .Values.secrets.appParquetConverterHfToken.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.appParquetConverterHfToken.secretName | quote }}
+      name: {{ .Values.secrets.appParquetConverterHfToken.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: PARQUET_CONVERTER_HF_TOKEN
       optional: false
   {{- else }}
diff --git a/chart/templates/_env/_envHf.tpl b/chart/templates/_env/_envHf.tpl
index 991ecdc110..36ff022a69 100644
--- a/chart/templates/_env/_envHf.tpl
+++ b/chart/templates/_env/_envHf.tpl
@@ -10,7 +10,7 @@
   {{- if .Values.secrets.hfJwtAdditionalPublicKeys.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.hfJwtAdditionalPublicKeys.secretName | quote }}
+      name: {{ .Values.secrets.hfJwtAdditionalPublicKeys.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: API_HF_JWT_ADDITIONAL_PUBLIC_KEYS
       optional: false
   {{- else }}
@@ -24,7 +24,7 @@
   {{- if .Values.secrets.hfWebhookSecret.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.hfWebhookSecret.secretName | quote }}
+      name: {{ .Values.secrets.hfWebhookSecret.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: WEBHOOK_SECRET
       optional: false
   {{- else }}
diff --git a/chart/templates/_env/_envS3.tpl b/chart/templates/_env/_envS3.tpl
index ff9ff36bcd..66dada65bc 100644
--- a/chart/templates/_env/_envS3.tpl
+++ b/chart/templates/_env/_envS3.tpl
@@ -8,7 +8,7 @@
   {{- if .Values.secrets.s3.accessKeyId.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.s3.accessKeyId.secretName | quote }}
+      name: {{ .Values.secrets.s3.accessKeyId.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: AWS_ACCESS_KEY_ID
       optional: false
   {{- else }}
@@ -18,7 +18,7 @@
   {{- if .Values.secrets.s3.secretAccessKey.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.s3.secretAccessKey.secretName | quote }}
+      name: {{ .Values.secrets.s3.secretAccessKey.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: AWS_SECRET_ACCESS_KEY
       optional: false
   {{- else }}
diff --git a/chart/templates/_env/_envWorker.tpl b/chart/templates/_env/_envWorker.tpl
index b7faa1bfc0..77a32bebf7 100644
--- a/chart/templates/_env/_envWorker.tpl
+++ b/chart/templates/_env/_envWorker.tpl
@@ -39,7 +39,7 @@
   {{- if .Values.secrets.appParquetConverterHfToken.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.appParquetConverterHfToken.secretName | quote }}
+      name: {{ .Values.secrets.appParquetConverterHfToken.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: PARQUET_CONVERTER_HF_TOKEN
       optional: false
   {{- else }}
@@ -70,7 +70,7 @@
   {{- if .Values.secrets.spawningToken.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.spawningToken.secretName | quote }}
+      name: {{ .Values.secrets.spawningToken.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: SPAWNING_TOKEN
       optional: false
   {{- else }}
@@ -89,7 +89,7 @@
   {{- if .Values.secrets.appParquetConverterHfToken.fromSecret }}
   valueFrom:
     secretKeyRef:
-      name: {{ .Values.secrets.appParquetConverterHfToken.secretName | quote }}
+      name: {{ .Values.secrets.appParquetConverterHfToken.secretName | default (include "datasetsServer.infisical.secretName" $) | quote }}
       key: PARQUET_CONVERTER_HF_TOKEN
       optional: false
   {{- else }}
diff --git a/chart/templates/secrets.yaml b/chart/templates/secrets.yaml
index 6e371747af..1c063c836c 100644
--- a/chart/templates/secrets.yaml
+++ b/chart/templates/secrets.yaml
@@ -1,20 +1,24 @@
-{{- if .Values.secrets.externalSecret.enabled }}
-apiVersion: "external-secrets.io/v1beta1"
-kind: ExternalSecret
+{{- if .Values.secrets.infisical.enabled }}
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
 metadata:
-  name: {{ include "name" $ }}-external-secret
+  name: {{ include "name" $ }}-infisical-secret
   namespace: {{ $.Release.Namespace }}
 spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: {{ .Values.secrets.externalSecret.secretStoreName }}
-    kind: SecretStore
-  target:
-    name: {{ .Values.secrets.externalSecret.secretName }}
-  data:
-    {{- range $key, $value := .Values.secrets.externalSecret.parameters }}
-    - secretKey: {{ $key | quote }}
-      remoteRef:
-        key: {{ $value | quote }}
-    {{- end }}
-{{- end }}
\ No newline at end of file
+  authentication:
+    universalAuth:
+      credentialsRef:
+        secretName: {{ .Values.secrets.infisical.operatorSecretName | quote }}
+        secretNamespace: {{ .Values.secrets.infisical.operatorSecretNamespace | quote }}
+      secretsScope:
+        envSlug: {{ .Values.secrets.infisical.env | quote }}
+        projectSlug: {{ .Values.secrets.infisical.project | quote }}
+        secretsPath: /
+  hostAPI: {{ .Values.secrets.infisical.url | quote }}
+  managedSecretReference:
+    creationPolicy: Owner
+    secretName: {{ include "datasetsServer.infisical.secretName" $ }}
+    secretNamespace: {{ .Release.Namespace | quote }}
+    secretType: Opaque
+  resyncInterval: {{ .Values.secrets.infisical.resyncInterval }}
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 64b9211146..9ed840d29c 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -93,11 +93,14 @@ log:
 # --- common parameters ---
 
 secrets:
-  externalSecret:
+  infisical:
     enabled: false
-    secretName: ""
-    secretStoreName: ""
-    parameters: {}
+    env: ""
+    project: "datasets-server-n5x-l"
+    url: ""
+    resyncInterval: 60
+    operatorSecretName: "datasets-server-operator-secrets"
+    operatorSecretNamespace: "datasets-server"
   mongoUrl:
     fromSecret: false
     secretName: "mongo-url"
@@ -123,14 +126,14 @@ secrets:
     value: ""
   spawningToken:
     fromSecret: true
-    secretName: "spawning-token"
+    secretName: ""
   s3:
     accessKeyId:
       fromSecret: true
-      secretName: "aws-access-key-id"
+      secretName: ""
     secretAccessKey:
       fromSecret: true
-      secretName: "aws-secret-access-key"
+      secretName: ""
   cloudfront:
     keyPairId:
       fromSecret: false