diff --git a/applications/atlantis.yaml b/applications/atlantis.yaml
index 205dfb02..72915525 100644
--- a/applications/atlantis.yaml
+++ b/applications/atlantis.yaml
@@ -4,23 +4,28 @@ metadata:
   name: atlantis
   namespace: argocd
 spec:
+  goTemplate: true
   generators:
   - list:
       elements:
       - cluster: https://kubernetes.default.svc
         env: prod
         hostname: atlantis.srv.oceanbox.io
+        autoSync: false
+        prune: true
       - cluster: https://staging-vcluster.staging-vcluster:443
         env: staging
         hostname: atlantis.beta.oceanbox.io
+        autoSync: true
+        prune: true
   template:
     metadata:
-      name: '{{ env }}-atlantis'
+      name: '{{ .env }}-atlantis'
     spec:
       project: atlantis
       destination:
         namespace: atlantis
-        server: '{{ cluster }}'
+        server: '{{ .cluster }}'
       sources:
       - repoURL: https://gitlab.com/oceanbox/manifests.git
         targetRevision: dev
@@ -29,9 +34,16 @@ spec:
           name: kustomize-helm-with-rewrite
           parameters:
           - name: env
-            string: '{{ env }}'
+            string: '{{ .env }}'
           - name: hostname
-            string: '{{ hostname }}'
+            string: '{{ .hostname }}'
       - repoURL: https://gitlab.com/oceanbox/manifests.git
         targetRevision: dev
         path: charts/atlantis/manifests
+  templatePatch: |
+    {{- if .autoSync }}
+    spec:
+      syncPolicy:
+        automated:
+          prune: {{ .prune }}
+    {{- end }}
diff --git a/charts/atlantis/base/deployment_patch.yaml b/charts/atlantis/base/deployment_patch.yaml
index 53a116df..c8368399 100644
--- a/charts/atlantis/base/deployment_patch.yaml
+++ b/charts/atlantis/base/deployment_patch.yaml
@@ -4,3 +4,6 @@
 - op: replace
   path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
   value: /healthz
+- op: add
+  path: /spec/template/spec/containers/0/envFrom
+  value: []
diff --git a/charts/atlantis/base/kustomization.yaml b/charts/atlantis/base/kustomization.yaml
index e205ccce..43173a86 100644
--- a/charts/atlantis/base/kustomization.yaml
+++ b/charts/atlantis/base/kustomization.yaml
@@ -5,12 +5,10 @@ patches:
       version: v1
       group: apps
       kind: Deployment
-      name: atlantis
     path: deployment_patch.yaml
   - target:
       version: v1
       kind: Service
-      name: atlantis
     path: service_patch.yaml
 resources:
-  - _manifest.yaml
\ No newline at end of file
+  - _manifest.yaml
diff --git a/charts/atlantis/chart/values.yaml b/charts/atlantis/chart/values.yaml
index c2c89f9e..05eff359 100644
--- a/charts/atlantis/chart/values.yaml
+++ b/charts/atlantis/chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: registry.gitlab.com/oceanbox/atlantis
-  tag: latest
+  tag: v2.76.0
   pullPolicy: IfNotPresent
 
 init:
diff --git a/charts/atlantis/manifests/subscriptions.yaml b/charts/atlantis/manifests/subscriptions.yaml
index e08afd0a..2daf0fe2 100644
--- a/charts/atlantis/manifests/subscriptions.yaml
+++ b/charts/atlantis/manifests/subscriptions.yaml
@@ -7,9 +7,7 @@ spec:
   route: /hipster-events
   pubsubname: pubsub
 scopes:
-- staging-atlantis
-- production-atlantis
-- x-review-atlantis
+- atlantis
 ---
 apiVersion: dapr.io/v1alpha1
 kind: Subscription
@@ -20,6 +18,4 @@ spec:
   route: /inbox-events
   pubsubname: pubsub
 scopes:
-- staging-atlantis
-- production-atlantis
-- x-review-atlantis
+- atlantis
diff --git a/charts/atlantis/prod/appsettings.json b/charts/atlantis/prod/appsettings.json
index 4c2c1cbb..6f7c7f70 100644
--- a/charts/atlantis/prod/appsettings.json
+++ b/charts/atlantis/prod/appsettings.json
@@ -7,7 +7,7 @@
         "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
         "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
         "clientId": "atlantis",
-        "clientSecret": "KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm",
+        "clientSecret": "",
         "scopes": [
             "openid",
             "email",
@@ -18,7 +18,7 @@
     "sso": {
         "cookieDomain": ".oceanbox.io",
         "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
-        "redis": "redis-master,user=default,password=ymL4dlOBvU",
+        "redis": "prod-redis-master,user=default,password=secret",
         "appDomain": "atlantis",
         "dataProtectionKeys": "DataProtection-Keys"
     },
@@ -31,5 +31,5 @@
         "https://atlantis.srv.oceanbox.io"
     ],
     "logService" : "https://seq.oceanbox.io",
-    "logApiKey": "bFdYPKLDvnau3fQa1vRV"
-}
\ No newline at end of file
+    "logApiKey": ""
+}
diff --git a/charts/atlantis/prod/default.env b/charts/atlantis/prod/default.env
new file mode 100644
index 00000000..10e8b85f
--- /dev/null
+++ b/charts/atlantis/prod/default.env
@@ -0,0 +1,2 @@
+OICD_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
+SEQ_APIKEY=WmZplDeFoxIHpJQ5BiDk
diff --git a/charts/atlantis/prod/deployment_patch.yaml b/charts/atlantis/prod/deployment_patch.yaml
index b4e37870..54c35a69 100644
--- a/charts/atlantis/prod/deployment_patch.yaml
+++ b/charts/atlantis/prod/deployment_patch.yaml
@@ -23,4 +23,22 @@
       secretKeyRef:
         name: prod-atlantis-barentswatch
         key: client-id
-        optional: true
\ No newline at end of file
+        optional: true
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_USER
+    value: default
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: prod-redis
+        key: redis-password
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: prod-atlantis-env
diff --git a/charts/atlantis/staging/appsettings.json b/charts/atlantis/staging/appsettings.json
index 84671a7e..5dfb5b8b 100644
--- a/charts/atlantis/staging/appsettings.json
+++ b/charts/atlantis/staging/appsettings.json
@@ -7,7 +7,7 @@
         "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
         "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
         "clientId": "atlantis_dev",
-        "clientSecret": "3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR",
+        "clientSecret": "",
         "scopes": [
             "openid",
             "email",
@@ -18,7 +18,7 @@
     "sso": {
         "cookieDomain": ".oceanbox.io",
         "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
-        "redis": "redis-master,user=default,password=JICkoUKD0Y",
+        "redis": "prod-redis-master,user=default,password=secret",
         "appDomain": "atlantis",
         "dataProtectionKeys": "DataProtection-Keys"
     },
@@ -29,5 +29,5 @@
         "https://atlantis.beta.oceanbox.io"
     ],
     "logService" : "https://seq.oceanbox.io",
-    "logApiKey": "WmZplDeFoxIHpJQ5BiDk"
-}
\ No newline at end of file
+    "logApiKey": ""
+}
diff --git a/charts/atlantis/staging/default.env b/charts/atlantis/staging/default.env
new file mode 100644
index 00000000..0e5952a0
--- /dev/null
+++ b/charts/atlantis/staging/default.env
@@ -0,0 +1,2 @@
+OICD_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
+SEQ_APIKEY=WmZplDeFoxIHpJQ5BiDk
diff --git a/charts/atlantis/staging/deployment_patch.yaml b/charts/atlantis/staging/deployment_patch.yaml
index 7f47a002..e8294553 100644
--- a/charts/atlantis/staging/deployment_patch.yaml
+++ b/charts/atlantis/staging/deployment_patch.yaml
@@ -28,4 +28,22 @@
       secretKeyRef:
         name: staging-atlantis-barentswatch
         key: client-id
-        optional: true
\ No newline at end of file
+        optional: true
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_USER
+    value: default
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: staging-redis
+        key: redis-password
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: staging-atlantis-env
diff --git a/charts/atlantis/staging/kustomization.yaml b/charts/atlantis/staging/kustomization.yaml
index d8020684..b6b08616 100644
--- a/charts/atlantis/staging/kustomization.yaml
+++ b/charts/atlantis/staging/kustomization.yaml
@@ -1,16 +1,17 @@
-namePrefix: staging-
 generatorOptions:
   disableNameSuffixHash: true
 secretGenerator:
-  - name: atlantis-appsettings
-    files:
-      - appsettings.json
+- name: staging-atlantis-appsettings
+  files:
+    - appsettings.json
+- name: staging-atlantis-env
+  envs:
+  - default.env
 patches:
   - target:
       group: apps
       version: v1
       kind: Deployment
-      name: atlantis
     path: deployment_patch.yaml
 resources:
-  - ../base
\ No newline at end of file
+  - ../base
diff --git a/charts/atlantis/values-prod.yaml b/charts/atlantis/values-prod.yaml
index 22801a09..68fdc9cc 100644
--- a/charts/atlantis/values-prod.yaml
+++ b/charts/atlantis/values-prod.yaml
@@ -1,10 +1,7 @@
-fullnameOverride: atlantis
-
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
   hosts:
     - host: atlantis.srv.oceanbox.io
       paths:
diff --git a/charts/atlantis/values-staging.yaml b/charts/atlantis/values-staging.yaml
index 37b01222..c8c78326 100644
--- a/charts/atlantis/values-staging.yaml
+++ b/charts/atlantis/values-staging.yaml
@@ -1,14 +1,13 @@
 fullnameOverride: atlantis
 
 image:
-  tag: latest
+  tag: e8fc5f7d-debug
 
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    # nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-    # nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
+    # atlantis.oceanbox.io/expose: internal
   hosts:
     - host: atlantis.beta.oceanbox.io
       paths: