diff --git a/wildduck/haraka.yaml b/wildduck/haraka.yaml
index b8caecf..1c3e12e 100644
--- a/wildduck/haraka.yaml
+++ b/wildduck/haraka.yaml
@@ -182,7 +182,7 @@ spec:
             - name: MONGO_URI
               valueFrom:
                 secretKeyRef:
-                  name: wildduck-mongodb
+                  name: mongodb-user-password
                   key: MONGO_URI
           livenessProbe:
             tcpSocket:
diff --git a/wildduck/mongo.yaml b/wildduck/mongo.yaml
new file mode 100644
index 0000000..4e1e1b8
--- /dev/null
+++ b/wildduck/mongo.yaml
@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongodb
+spec:
+  selector:
+    matchLabels:
+      app: mongodb
+  replicas: 1
+  minReadySeconds: 10
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+        - name: mongodb
+          image: mongo:8
+          ports:
+            - containerPort: 27017
+              name: mongo
+          env:
+          - name: MONGO_INITDB_ROOT_USERNAME
+            value: "root"
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: mongodb-root-password
+                key: MONGO_INITDB_ROOT_PASSWORD
+          - name: MONGO_DBNAME
+            value: application              
+          - name: MONGO_USER
+            value: application
+          - name: MONGO_PASS
+            valueFrom:
+              secretKeyRef:
+                name: mongodb-user-password
+                key: MONGO_PASS          
+          - name: MONGO_AUTHSOURCE
+            value: "admin"        
+          volumeMounts:
+            - name: data
+              mountPath: /data/db
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        storageClassName: mongo
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: mongodb-root-password
+spec:
+  size: 32
+  mapping:
+    - key: MONGO_INITDB_ROOT_PASSWORD
+      value: "%(plaintext)s"
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: mongodb-user-password
+spec:
+  size: 32
+  mapping:
+    - key: MONGO_PASS
+      value: "%(plaintext)s"      
+    - key: MONGO_URI
+      value: "mongodb://application:%(plaintext)s@mongodb/application&authSource=admin"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+spec:
+  ports:
+    - port: 27017
+      name: mongo
+      targetPort: 27017
+  selector:
+    app: mongodb
+  type: ClusterIP
diff --git a/wildduck/wildduck.yaml b/wildduck/wildduck.yaml
index a6ad191..ddf58d7 100644
--- a/wildduck/wildduck.yaml
+++ b/wildduck/wildduck.yaml
@@ -87,7 +87,7 @@ spec:
             - name: APPCONF_dbs_mongo
               valueFrom:
                 secretKeyRef:
-                  name: wildduck-mongodb
+                  name: mongodb-user-password
                   key: MONGO_URI
             - name: APPCONF_dbs_redis
               valueFrom:
diff --git a/wildduck/zonemta.yaml b/wildduck/zonemta.yaml
index ca20caf..4cca4d9 100644
--- a/wildduck/zonemta.yaml
+++ b/wildduck/zonemta.yaml
@@ -129,7 +129,7 @@ spec:
             - name: APPCONF_dbs_mongo
               valueFrom:
                 secretKeyRef:
-                  name: wildduck-mongodb
+                  name: mongodb-user-password
                   key: MONGO_URI
             - name: APPCONF_dbs_redis
               valueFrom: