diff --git a/_/ClusterRole/sealed-secrets-access.yaml b/_/ClusterRole/sealed-secrets-access.yaml
new file mode 100644
index 0000000..28302f2
--- /dev/null
+++ b/_/ClusterRole/sealed-secrets-access.yaml
@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: sealed-secrets-access
+rules:
+  - apiGroups:
+      - ''
+    resourceNames:
+      - sealed-secrets-controller
+    resources:
+      - services
+    verbs:
+      - get
+  - apiGroups:
+      - bitnami.com
+    resources:
+      - sealedsecrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
diff --git a/_/ClusterRoleBinding/sealed-secrets-access-choose-native-plants.yaml b/_/ClusterRoleBinding/sealed-secrets-access-choose-native-plants.yaml
new file mode 100644
index 0000000..93e1ff6
--- /dev/null
+++ b/_/ClusterRoleBinding/sealed-secrets-access-choose-native-plants.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sealed-secrets-access-choose-native-plants
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sealed-secrets-access
+subjects:
+  - kind: ServiceAccount
+    name: deployment-admin
+    namespace: choose-native-plants
diff --git a/choose-native-plants/Deployment/choose-native-plants.yaml b/choose-native-plants/Deployment/choose-native-plants.yaml
index 8eeabe9..9ceae3f 100644
--- a/choose-native-plants/Deployment/choose-native-plants.yaml
+++ b/choose-native-plants/Deployment/choose-native-plants.yaml
@@ -148,7 +148,7 @@ spec:
             - configMapRef:
                 name: app-config
                 optional: true
-          image: 'ghcr.io/codeforphilly/pa-wildflower-selector/app:1.0.5'
+          image: 'ghcr.io/codeforphilly/pa-wildflower-selector/app:2.0.1'
           imagePullPolicy: Always
           livenessProbe:
             httpGet:
diff --git a/choose-native-plants/Role/deployment-admin.yaml b/choose-native-plants/Role/deployment-admin.yaml
index 480bcba..b910606 100644
--- a/choose-native-plants/Role/deployment-admin.yaml
+++ b/choose-native-plants/Role/deployment-admin.yaml
@@ -81,3 +81,15 @@ rules:
       - update
       - patch
       - delete
+  - apiGroups:
+      - bitnami.com
+    resources:
+      - sealedsecrets
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete