diff --git a/.changelog/121.txt b/.changelog/121.txt
new file mode 100644
index 0000000..3e065a1
--- /dev/null
+++ b/.changelog/121.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+`kimup-controller` - Fix rbac authorization to read secrets.
+```
\ No newline at end of file
diff --git a/internal/controller/kimup_controller.go b/internal/controller/kimup_controller.go
index 8effedd..079b730 100644
--- a/internal/controller/kimup_controller.go
+++ b/internal/controller/kimup_controller.go
@@ -35,6 +35,7 @@ type KimupReconciler struct {
 //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/manifests/operator/role.yaml b/manifests/operator/role.yaml
index 798f7c5..5b2c640 100644
--- a/manifests/operator/role.yaml
+++ b/manifests/operator/role.yaml
@@ -24,6 +24,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
 - apiGroups:
   - admissionregistration.k8s.io
   resources: