diff --git a/custom_helm_charts/gluetun/README.md b/custom_helm_charts/gluetun/README.md
index 67727bf..529d5f9 100644
--- a/custom_helm_charts/gluetun/README.md
+++ b/custom_helm_charts/gluetun/README.md
@@ -6,10 +6,10 @@ Service endpoints:
 
 AirVPN WireGuard values:
 - Update `helm-values/gluetun_values.yaml`:
-  - `secret.privateKey` -> AirVPN WireGuard private key
-  - `secret.addresses` -> WireGuard tunnel address(es) (IPv4 /32 and optional IPv6)
+  - `env.WIREGUARD_ADDRESSES` -> WireGuard tunnel address(es) (IPv4 /32 and optional IPv6)
   - `env.SERVER_HOSTNAMES` -> stable AirVPN server hostname
-- Alternatively set `secret.create: false` and provide a Secret named `gluetun-wireguard` with keys `WIREGUARD_PRIVATE_KEY` and `WIREGUARD_ADDRESSES`.
+- Create a Secret named `gluetun-wireguard` with key `WIREGUARD_PRIVATE_KEY` from your AirVPN WireGuard config (do not commit the key).
+  - `helm-values/gluetun_values.yaml` sets `secret.create: false` so the chart does not create a placeholder secret.
 
 Validation:
 - ArgoCD health: `argocd app get gluetun` and `argocd app get nzbget`
diff --git a/custom_helm_charts/gluetun/templates/secret.yaml b/custom_helm_charts/gluetun/templates/secret.yaml
index a4902e7..8755aeb 100644
--- a/custom_helm_charts/gluetun/templates/secret.yaml
+++ b/custom_helm_charts/gluetun/templates/secret.yaml
@@ -11,5 +11,4 @@ metadata:
 type: Opaque
 stringData:
   WIREGUARD_PRIVATE_KEY: {{ .Values.secret.privateKey | quote }}
-  WIREGUARD_ADDRESSES: {{ .Values.secret.addresses | quote }}
 {{- end }}
diff --git a/custom_helm_charts/gluetun/values.yaml b/custom_helm_charts/gluetun/values.yaml
index 54bddf0..fce833f 100644
--- a/custom_helm_charts/gluetun/values.yaml
+++ b/custom_helm_charts/gluetun/values.yaml
@@ -16,10 +16,7 @@ env:
         name: gluetun-wireguard
         key: WIREGUARD_PRIVATE_KEY
   - name: WIREGUARD_ADDRESSES
-    valueFrom:
-      secretKeyRef:
-        name: gluetun-wireguard
-        key: WIREGUARD_ADDRESSES
+    value: "REPLACE_ME"
   - name: SERVER_HOSTNAMES
     value: "REPLACE_ME"
   - name: HTTPPROXY
@@ -35,7 +32,6 @@ secret:
   create: true
   name: gluetun-wireguard
   privateKey: "REPLACE_ME"
-  addresses: "REPLACE_ME"
 
 service:
   type: ClusterIP
diff --git a/helm-values/gluetun_values.yaml b/helm-values/gluetun_values.yaml
index ec34144..9d5f003 100644
--- a/helm-values/gluetun_values.yaml
+++ b/helm-values/gluetun_values.yaml
@@ -16,12 +16,9 @@ env:
         name: gluetun-wireguard
         key: WIREGUARD_PRIVATE_KEY
   - name: WIREGUARD_ADDRESSES
-    valueFrom:
-      secretKeyRef:
-        name: gluetun-wireguard
-        key: WIREGUARD_ADDRESSES
+    value: "10.160.17.207/32,fd7d:76ee:e68f:a993:61d7:a5fe:f834:90e1/128"
   - name: SERVER_HOSTNAMES
-    value: "REPLACE_ME"
+    value: "nl3.vpn.airdns.org"
   - name: HTTPPROXY
     value: "on"
   - name: HTTPPROXY_LOG
@@ -32,10 +29,9 @@ env:
     value: "Europe/Amsterdam"
 
 secret:
-  create: true
+  create: false
   name: gluetun-wireguard
   privateKey: "REPLACE_ME"
-  addresses: "REPLACE_ME"
 
 service:
   type: ClusterIP