diff --git a/k8s/README.md b/k8s/README.md
index 1856292..4584975 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -396,9 +396,9 @@ helm upgrade --install telegraf-operator influxdata/telegraf-operator --namespac
 helm repo add bitnami https://charts.bitnami.com/bitnami
 helm install postgres bitnami/postgresql --namespace datalab --values datalab/postgres.yml.secret
 #mqtt
-helm repo add TrueCharts https://charts.truecharts.org
+helm repo add t3n https://storage.googleapis.com/t3n-helm-charts
 helm repo update
-helm upgrade --install mosquitto TrueCharts/mosquitto --namespace datalab --values datalab/mosquitto.yml
+helm upgrade --install mosquitto t3n/mosquitto --namespace datalab --values datalab/mosquitto.secret.yml
 ```
 
 work with it
diff --git a/k8s/datalab/mosquitto.secret.yml b/k8s/datalab/mosquitto.secret.yml
new file mode 100644
index 0000000..7113fae
--- /dev/null
+++ b/k8s/datalab/mosquitto.secret.yml
@@ -0,0 +1,47 @@
+service:
+  type: NodePort
+
+
+
+#generate password as follows
+# shell on mosquitto container # the following did NOT work, probably because other hash algorithms docker run -it eclipse-mosquitto sh
+# touch sender.txt
+# mosquitto_passwd -b sender.txt sender ahQueteiRietufeko8do
+# cat sender.txt
+authentication:
+  passwordEntries: |-
+    sender:$6$1x7VGBZa820HRpDm$mRA17daXK8Rb1OJWeHXeat7UoTTBSl3xrX4fn4X2HHdYQFKBQHUWy2WBk/psIM5BlQPvnAP2KD5Lc7mLMVV5vQ==
+  # To use authentication with mosquitto, you can set a list of password entries to be used.
+  # reference https://mosquitto.org/man/mosquitto_passwd-1.html to generate these entries.
+  # For example:
+  # passwordEntries: |-
+  #   user1:$6$BKzw0RKerxV4Esbj$Uz5slWGB1TiOtYIEokEl0eR1YSEQAdKpcdRYMsLYbwjktlVzdLyGk41YCPGyMLnBePtdwPhkcm8kjGI0R9s57w==
+  #   user2:$6$b5vYuHrSLj48Ii32$NjlbnatIaUQSsNvxxTpawpav6NPyZ8QhGrdEVGtyU1rgEGjNzVGKlstRg29FV6MFTPs/ugPA8D5I5+qRcIMXSg==
+  passwordFilePath: "/etc/mosquitto/passwordfile"
+
+authorization:
+  acls: ""
+  # To use authorizations with mosquitto, you can set a list of per user or pattern-based rules.
+  # reference https://mosquitto.org/man/mosquitto-conf-5.html for further information.
+  # For example:
+  # acls: |-
+      # zigbee2mqtt ACLs
+      # user zigbee2mqtt
+      # topic readwrite zigbee2mqtt/#
+      # topic readwrite homeassistant/#
+      # Tasmota-compatible ACLs
+      # pattern read cmnd/%u/#
+      # pattern write stat/%u/#
+      # pattern write tele/%u/#
+  aclfilePath: "/etc/mosquitto/aclfile"
+
+existingConfigMap: ""
+config: |
+  persistence true
+  persistence_location /mosquitto/data/
+  log_dest stdout
+  log_type all
+  log_timestamp_format %Y-%m-%dT%H:%M:%S
+  listener 1883
+  listener 9090
+  protocol websockets
diff --git a/k8s/datalab/mosquitto.yml b/k8s/datalab/mosquitto.yml
deleted file mode 100644
index 14b886c..0000000
--- a/k8s/datalab/mosquitto.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-
-configmap:
-  config:
-    enabled: true
-    data:
-      mosquitto.conf: |
-        listener {{ .Values.service.main.ports.main.targetPort }}
-        {{- if .Values.websockets.enabled }}
-        listener {{ .Values.service.websockets.ports.websockets.targetPort }}
-        protocol websockets
-        {{- end }}
-        {{- if .Values.auth.enabled }}
-        allow_anonymous false
-        {{- else }}
-        allow_anonymous true
-        {{- end }}
-        {{- if .Values.persistence.data.enabled }}
-        persistence true
-        persistence_location {{ .Values.persistence.data.mountPath }}
-        autosave_interval 1800
-        {{- end }}
-        {{- if .Values.persistence.configinc.enabled }}
-        include_dir {{ .Values.persistence.configinc.mountPath }}
-        {{- end }}
\ No newline at end of file