diff --git a/apps/prod-openfga.yaml b/apps/prod-openfga.yaml
new file mode 100644
index 00000000..77a2c594
--- /dev/null
+++ b/apps/prod-openfga.yaml
@@ -0,0 +1,39 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prod-openfga
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: openfga
+    server: https://kubernetes.default.svc
+  project: aux
+  # ignoreDifferences:
+  # - group: apps
+  #   kind: StatefulSet
+  #   jsonPointers:
+  #   - /spec/persistentVolumeClaimRetentionPolicy
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: true
+  sources:
+  - repoURL: https://openfga.github.io/helm-charts
+    targetRevision: 0.2.19
+    chart: openfga
+    helm:
+      valueFiles:
+      - $values/values/openfga/values-prod.yaml
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    ref: values
diff --git a/apps/openfga.yaml b/apps/staging-openfga.yaml
similarity index 93%
rename from apps/openfga.yaml
rename to apps/staging-openfga.yaml
index 179c9674..76dcd99e 100644
--- a/apps/openfga.yaml
+++ b/apps/staging-openfga.yaml
@@ -33,8 +33,7 @@ spec:
     chart: openfga
     helm:
       valueFiles:
-      - $values/values/openfga/values.yaml
       - $values/values/openfga/values-staging.yaml
   - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
+    targetRevision: nixidy
     ref: values
diff --git a/values/atlantis/values-staging.yaml b/values/atlantis/values-staging.yaml
index 5ae4f446..f2583bf8 100644
--- a/values/atlantis/values-staging.yaml
+++ b/values/atlantis/values-staging.yaml
@@ -65,7 +65,7 @@ ingress:
         - path: /job
           pathType: ImplementationSpecific
         - path: /events
-          pathType: Implementationspecific
+          pathType: ImplementationSpecific
         - path: /metrics
           pathType: ImplementationSpecific
     - host: atlas.oceanbox.io
diff --git a/values/openfga/postgres-secret.yaml b/values/openfga/postgres-secret.yaml
index 6596684d..0a0ad2f7 100644
--- a/values/openfga/postgres-secret.yaml
+++ b/values/openfga/postgres-secret.yaml
@@ -1,20 +1,19 @@
 apiVersion: v1
 stringData:
-  postgres-password: tidings-guise-sternness-yummy
-  uri:  postgres://postgres:tidings-guise-sternness-yummy@staging-openfga-postgresql.idp.svc.cluster.local:5432/postgres?sslmode=disable
+  postgres-password: blT6zzv37KyFvzb1Ct3bhfAwPxhTG2fBO1EiIASQWI4wnEOB8AOWvmVa2sogGexr
+  uri:  postgres://postgres:blT6zzv37KyFvzb1Ct3bhfAwPxhTG2fBO1EiIASQWI4wnEOB8AOWvmVa2sogGexr@prod-openfga-rw.openfga.svc.cluster.local:5432/postgres?sslmode=disable
 kind: Secret
 metadata:
-  name: staging-openfga-postgresql
-  namespace: idp
+  name: prod-openfga-postgresql
+  namespace: openfga
 type: Opaque
 ---
 apiVersion: v1
 stringData:
-  postgres-password: unaltered-astute-raven-sitter
-  uri:  postgres://postgres:unaltered-astute-raven-sitter@prod-openfga-postgresql.idp.svc.cluster.local:5432/postgres?sslmode=disable
+  postgres-password: iAnMHs3eEuQM0D4jeAP1dwEoLWUBSwNXwhBuPDOgmfoeZ58iV0zogQ77U3GNUbwa
+  uri:  postgres://postgres:iAnMHs3eEuQM0D4jeAP1dwEoLWUBSwNXwhBuPDOgmfoeZ58iV0zogQ77U3GNUbwa@staging-openfga-rw.openfga.svc.cluster.local:5432/postgres?sslmode=disable
 kind: Secret
 metadata:
-  name: prod-openfga-postgresql
-  namespace: idp
+  name: staging-openfga-postgresql
+  namespace: openfga
 type: Opaque
-
diff --git a/values/openfga/values-prod.yaml b/values/openfga/values-prod.yaml
index 12aa9583..4f2c4d9c 100644
--- a/values/openfga/values-prod.yaml
+++ b/values/openfga/values-prod.yaml
@@ -3,19 +3,31 @@ replicaCount: 2
 datastore:
   engine: postgres
   uriSecret: prod-openfga-postgresql
+  migrationType: initContainer
 
 postgresql:
-  enabled: true
-  auth:
-    existingSecret: prod-openfga-postgresql
-    secretKeys:
-       userPasswordKey: postgres-password
+  enabled: false
+
+playground:
+  enabled: false
+
+telemetry:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+    enableRPCHistograms: true
+  trace:
+    enabled: true
+    otlp:
+      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+    sampleRatio: 0.1
 
 ingress:
   enabled: true
   className: nginx
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
+    cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   hosts:
@@ -24,8 +36,22 @@ ingress:
         - path: /
           pathType: ImplementationSpecific
   tls:
-   - secretName: staging-openfga-tls
+   - secretName: prod-openfga-tls
      hosts:
        - openfga.srv.oceanbox.io
 
-
+extraObjects:
+  - apiVersion: postgresql.cnpg.io/v1
+    kind: Cluster
+    metadata:
+      name: prod-openfga
+      namespace: openfga
+    spec:
+      instances: 1
+      # imageName: ghcr.io/cloudnative-pg/postgres:15-3.3
+      storage:
+        resizeInUseVolumes: true
+        size: 10Gi
+      backup:
+        retentionPolicy: 60d
+        target: prefer-standby
diff --git a/values/openfga/values-staging.yaml b/values/openfga/values-staging.yaml
index d506c3a3..cfaf4b47 100644
--- a/values/openfga/values-staging.yaml
+++ b/values/openfga/values-staging.yaml
@@ -3,19 +3,31 @@ replicaCount: 1
 datastore:
   engine: postgres
   uriSecret: staging-openfga-postgresql
+  migrationType: initContainer
 
 postgresql:
-  enabled: true
-  auth:
-    existingSecret: staging-openfga-postgresql
-    secretKeys:
-       userPasswordKey: postgres-password
+  enabled: false
+
+playground:
+  enabled: false
+
+telemetry:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+    enableRPCHistograms: true
+  trace:
+    enabled: true
+    otlp:
+      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+    sampleRatio: 0.1
 
 ingress:
   enabled: true
   className: nginx
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
+    cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   hosts:
@@ -27,3 +39,40 @@ ingress:
    - secretName: staging-openfga-tls
      hosts:
        - openfga.dev.oceanbox.io
+
+extraObjects:
+  - apiVersion: postgresql.cnpg.io/v1
+    kind: Cluster
+    metadata:
+      name: staging-openfga
+      namespace: openfga
+    spec:
+      instances: 1
+      # imageName: ghcr.io/cloudnative-pg/postgres:15-3.3
+      storage:
+        resizeInUseVolumes: true
+        size: 10Gi
+      backup:
+        retentionPolicy: 60d
+        target: prefer-standby
+      bootstrap:
+        pg_basebackup:
+          database: ""
+          owner: ""
+          source: openfga
+      enableSuperuserAccess: true
+      externalClusters:
+      - name: openfga
+        connectionParameters:
+          host: prod-openfga-rw.openfga
+          sslmode: verify-full
+          user: streaming_replica
+        sslCert:
+          key: tls.crt
+          name: prod-openfga-replication
+        sslKey:
+          key: tls.key
+          name: prod-openfga-replication
+        sslRootCert:
+          key: ca.crt
+          name: prod-openfga-ca
diff --git a/values/openfga/values.yaml b/values/openfga/values.yaml
deleted file mode 100644
index 8255d381..00000000
--- a/values/openfga/values.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-# fullnameOverride: openfga
-
-playground:
-  enabled: false
-  port: 3000
-
-
-