diff --git a/deploy/helm/sandbox/sandbox/templates/docker-secret.yaml b/deploy/helm/sandbox/sandbox/templates/docker-secret.yaml
index 5a12b79d8..2db7ddd5a 100644
--- a/deploy/helm/sandbox/sandbox/templates/docker-secret.yaml
+++ b/deploy/helm/sandbox/sandbox/templates/docker-secret.yaml
@@ -1,13 +1,21 @@
-apiVersion: kubernetes-client.io/v1
+apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: docker-hub-dev
+  # name of ExternalSecret under CRD section
+  name: dockerhub-dev
 spec:
-  backendType: secretsManager
-  region: {{ .Values.docker.secrets.region }}
-  template:
-    type: kubernetes.io/dockerconfigjson
+  refreshInterval: 1h
+  secretStoreRef:
+    name: main
+    kind: ClusterSecretStore
+  target:
+    # name of actual secret under Config/Secrets, not required will use .metadata.name
+    creationPolicy: Owner
+    template:
+      type: kubernetes.io/dockerconfigjson
   data:
-    - key: {{ .Values.docker.secrets.name }}
-      name: .dockerconfigjson
-      property: dockerconfigjson
+  - secretKey: .dockerconfigjson
+    remoteRef:
+      key: {{ .Values.docker.secrets.name }}
+      version: "AWSCURRENT"
+      property: dockerconfigjson
\ No newline at end of file
diff --git a/deploy/helm/sandbox/sandbox/values.yaml b/deploy/helm/sandbox/sandbox/values.yaml
index 9bb439018..547f3f112 100644
--- a/deploy/helm/sandbox/sandbox/values.yaml
+++ b/deploy/helm/sandbox/sandbox/values.yaml
@@ -2,7 +2,6 @@ project: sandbox
 
 docker:
   secrets:
-    region: eu-west-1
     name: docker.io/radixdlt
 
 replicaCount: 1
@@ -13,7 +12,7 @@ image:
   tag: ""
 
 imagePullSecrets:
-  - name: docker-hub-dev
+  - name: dockerhub-dev
 
 nameOverride: "sandbox"
 fullnameOverride: "sandbox"