diff --git a/vcluster/chart/templates/argo-cluster-connection.yaml b/vcluster/chart/templates/argo-cluster-connection.yaml
index ef1adfbe..3f939cba 100644
--- a/vcluster/chart/templates/argo-cluster-connection.yaml
+++ b/vcluster/chart/templates/argo-cluster-connection.yaml
@@ -9,11 +9,6 @@ metadata:
   namespace: argocd
 type: Opaque
 stringData:
-  config: '{"bearerToken": {{ .Files.Get "_token" }}, "tlsClientConfig": { "insecure" : true }}'
+  config: '{"bearerToken": "token", "tlsClientConfig": { "insecure" : true }}'
   name: {{ $fullname }}
   server: https://{{ $fullname }}.{{ .Release.Namespace }}
-
-
-
-
-
diff --git a/vcluster/create-vcluster.sh b/vcluster/create-vcluster.sh
index 3ac70198..c5e8bf49 100755
--- a/vcluster/create-vcluster.sh
+++ b/vcluster/create-vcluster.sh
@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-#
 
 if [ ! $# -ge 1 ]; then
     echo "usage: $0 cluster [helm args]"
@@ -17,16 +16,45 @@ name=$1
 ns=$name-vcluster
 shift
 
-kubectl oidc-login get-token \
-       --oidc-issuer-url=https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/v2.0 \
-       --oidc-client-id=9b6daef0-02fa-4574-8949-f7c1b5fccd15 \
-       --oidc-client-secret=o~N8Q~0IvCN05RTohzpYI4yEJ815eKfnzkd9LbUt | jq .status.token > chart/_token
+yq ".clusters[]|select(.name|contains(\"$name-vcluster\")).name" ~/.kube/config | grep -q "$name"
 
-$k get ns $ns >/dev/null 2>&1 || $k create ns $ns
-helm template -n $ns $@ $name ./chart | $k apply -f -
+if [ $? = 0 ]; then
+    $k get ns $ns >/dev/null 2>&1 || $k create ns $ns
+    helm template -n $ns $@ $name ./chart | $k apply -f -
+
+    $k wait -n $ns --for=condition=ready pod -l app=vcluster
+    kubectl --context $name-vcluster -n dapr-system wait pod --for=condition=ready -l app=dapr-operator
+    sleep 15
+    kubectl kustomize ../resources/atlantis/manifests/staging | kubectl --context $name-vcluster apply -f-
+else
+    cat << EOF
+***
+*** $name-vcluster must be defined in ~/.kube/config
+***
+clusters:
+- cluster:
+    insecure-skip-tls-verify: true
+    server: https://$name-vcluster.beta.oceanbox.io
+  name: $name-vcluster
+contexts:
+- context:
+    cluster: $name-vcluster
+    namespace: atlantis
+    user: oidc
+  name: $name-vcluster
+users:
+- name: oidc
+  user:
+    exec:
+      apiVersion: client.authentication.k8s.io/v1beta1
+      args:
+      - oidc-login
+      - get-token
+      - --oidc-issuer-url=https://login.microsoftonline.com/3f737008-e9a0-4485-9d27-40329d288089/v2.0
+      - --oidc-client-id=9b6daef0-02fa-4574-8949-f7c1b5fccd15
+      - --oidc-client-secret=[redacted]
+      command: kubectl
+EOF
+fi
 
-$k wait -n $ns --for=condition=ready pod -l app=vcluster
-kubectl --context $name-vcluster -n dapr-system wait pod --for=condition=ready -l app=dapr-operator
-sleep 10
-kubectl kustomize ../resources/atlantis/manifests/staging | kubectl --context $name-vcluster apply -f-
 
diff --git a/vcluster/update-argo-cluster-connection-token.sh b/vcluster/scripts/update-argo-cluster-connection-token.sh
similarity index 100%
rename from vcluster/update-argo-cluster-connection-token.sh
rename to vcluster/scripts/update-argo-cluster-connection-token.sh
diff --git a/vcluster/update-kubeconfig.sh b/vcluster/scripts/update-kubeconfig.sh
similarity index 100%
rename from vcluster/update-kubeconfig.sh
rename to vcluster/scripts/update-kubeconfig.sh