diff --git a/charts/bytestash/templates/oidc/oidc-client.yaml b/charts/bytestash/templates/oidc/oidc-client.yaml
index 06a1b6d4..4fbc2e7e 100644
--- a/charts/bytestash/templates/oidc/oidc-client.yaml
+++ b/charts/bytestash/templates/oidc/oidc-client.yaml
@@ -5,10 +5,10 @@ metadata:
 spec:
   deletionPolicy: Delete
   providerConfigRef:
-    name: owncloak
+    name: {{ .Values.oidc.config.ref }}
   forProvider:
     realmIdRef:
-      name: {{ .Values.oidc.realm }}
+      name: {{ .Values.oidc.realm.ref }}
     name: bytestash
     description: "bytestash client for authentication"
     accessType: CONFIDENTIAL
diff --git a/charts/bytestash/templates/oidc/oidc-scopes.yaml b/charts/bytestash/templates/oidc/oidc-scopes.yaml
index 17d2da04..a7bd4d55 100644
--- a/charts/bytestash/templates/oidc/oidc-scopes.yaml
+++ b/charts/bytestash/templates/oidc/oidc-scopes.yaml
@@ -6,7 +6,7 @@ spec:
   deletionPolicy: Delete
   forProvider:
     realmIdRef:
-      name: {{ .Values.oidc.realm }}
+      name: {{ .Values.oidc.realm.ref }}
     clientIdRef:
       name: bytestash
     defaultScopes:
@@ -21,4 +21,4 @@ spec:
     # non-standard extras
     - roles-in-all-tokens # Add keycloak variant of roles to all tokens
   providerConfigRef:
-    name: owncloak
+    name: {{ .Values.oidc.config.ref }}
diff --git a/charts/bytestash/templates/oidc/oidc-urls.yaml b/charts/bytestash/templates/oidc/oidc-urls.yaml
index 62985c62..29ff0f37 100644
--- a/charts/bytestash/templates/oidc/oidc-urls.yaml
+++ b/charts/bytestash/templates/oidc/oidc-urls.yaml
@@ -1,4 +1,4 @@
-{{ $issuerUrl := printf "https://auth.%s/realms/%s" .Values.environment.baseDomain .Values.oidc.realm }}
+{{ $issuerUrl := printf "https://auth.%s/realms/%s" .Values.environment.baseDomain .Values.oidc.realm.name }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/charts/bytestash/values.yaml b/charts/bytestash/values.yaml
index d05443cd..58d70b7c 100644
--- a/charts/bytestash/values.yaml
+++ b/charts/bytestash/values.yaml
@@ -104,7 +104,11 @@ bytestash-bkp:
     previous: # int e.g: 2
 
 oidc:
-  realm: owncloak-deepcypher
+  realm:
+    name: deepcypher
+    ref: owncloak-deepcypher
+  config:
+    ref: owncloak
 
 environment:
   name: unknown # not to be used for hard checks but to display to user