diff --git a/.gitignore b/.gitignore
index 0ad67c6..621f648 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 sqlite-data
+private/*
diff --git a/justfile b/justfile
index db33339..7134493 100644
--- a/justfile
+++ b/justfile
@@ -1,3 +1,5 @@
+set dotenv-load
+
 default:
     @just --choose
 
@@ -14,6 +16,13 @@ kind-delete:
 sealed-secrets-install:
     kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.19.4/controller.yaml
 
+sealed-secretes-backup:
+    kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > private/sealed-secrets-key.yaml
+
+seal-openweathermap-api-key:
+    kubectl create secret generic mysecret --from-literal=openweathermap-api-key=${OPENWEATHERMAP_API_KEY} --dry-run=client -o yaml > private/openweathermap-api-key.yaml
+    kubeseal --format=yaml < private/openweathermap-api-key.yaml > temperature-cronjob/templates/openweathermap-api-key.yaml
+
 argo-install:
     kubectl create namespace argocd
     kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
diff --git a/private/.gitkeep b/private/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/temperature-cronjob/templates/cronjob.yaml b/temperature-cronjob/templates/cronjob.yaml
index 586217f..a6f9bb7 100644
--- a/temperature-cronjob/templates/cronjob.yaml
+++ b/temperature-cronjob/templates/cronjob.yaml
@@ -38,10 +38,13 @@ spec:
               env:
                 - name: CITY
                   value: "{{ .Values.city }}"
-                - name: API_KEY
-                  value: "{{ .Values.apiKey }}"
                 - name: MOUNT_PATH
                   value: "{{ .Values.mountPath }}"
+                - name: API_KEY
+                  valueFrom:
+                    secretKeyRef:
+                      name: openweathermap-api-key
+                      key: openweathermap-api-key
               volumeMounts:
                 - name: sqlite-data
                   mountPath: "{{ .Values.mountPath }}"
diff --git a/temperature-cronjob/templates/openweathermap-api-key.yaml b/temperature-cronjob/templates/openweathermap-api-key.yaml
new file mode 100644
index 0000000..2793cb9
--- /dev/null
+++ b/temperature-cronjob/templates/openweathermap-api-key.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: mysecret
+  namespace: default
+spec:
+  encryptedData:
+    openweathermap-api-key: AgCFICyiqMaxx5vf4D06GuuB/xoC8SJJ43KD5+ipsF7stwzDN7BWQexnPAgPvCMiRq+w+oRRbR/IBIYPk4Ng3kdTwYjkCf1rUFogaHdACs9dS1mhaW9ipwd2rO7ImJVVJUZgkAmEv/F6JBz+cR4w6RUsU8OcDBLqPMehe8JG/YrXPu2hJt38lzl8Hry/j7ydgm5nq7fxuHGbY66FKyVrtW/zzKQhZHYojDvS0Qez/OsWFz7I8o/287qoQjcxPr8giniIo3EPxfT5XjAB5HymJUD9DgUSgjvqAKDLRGrSuomoXi42OWywzi3heq2LgsJFm6BeMU9tilTXDN6AjiN+47OTY4FX8twUiRci+wPRTWp5eSy1utoQf/VW6PRisFVt0z2D7ZBEFLMYrJuAqQhSrEDxvLQqVF5h4h6tXHAlSsinLp0jXYdcM0v6MGzMUSaQOxWjNrBeTdM6TIh7YWdpoC1msHxh+N939ru0Q0Nt/d2sy8oRqVsXh6JxIP/QTpyR5d5qNk10nOj2LojA4sfnJZTALEFFYp1gfYNmbU3O4QW0Qye0PnZ6nnhJ+ox6dCN8yuL+Ci8hMxPMzvVYeZ5Am8wZ7feeFeWpClMdW2sm3koGj4+M60BMs9SOfDuBAK22t2sD6ShP3xRI7MEbsOzMkJNizVqira55YQWUn6aLBMOW90ghD5J7QW77ih3r4oq60OGUX3yc9hlJnvgBblYL1KRVtPgawUelK3Q3EoKAok6YjA==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: mysecret
+      namespace: default