diff --git a/molgenis-jenkins/templates/config.tpl b/molgenis-jenkins/templates/config.tpl
index 5016425..265de5c 100644
--- a/molgenis-jenkins/templates/config.tpl
+++ b/molgenis-jenkins/templates/config.tpl
@@ -140,7 +140,32 @@ data:
                   <resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
                 </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
               </containers>
-              <envVars/>
+              <envVars>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>PGP_PASSPHRASE</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>pgpPassphrase</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                  <key>PGP_SECRETKEY</key>
+                  <value>keyfile:/root/.m2/key.asc</value>
+                </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>SONAR_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>sonarToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>CODECOV_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>codecovToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <key>GITHUB_TOKEN</key>
+                  <secretName>molgenis-pipeline-env-secret</secretName>
+                  <secretKey>githubToken</secretKey>
+                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+              </envVars>
               <annotations/>
 {{- if .Values.Pod.ImagePullSecret }}
               <imagePullSecrets>
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
new file mode 100644
index 0000000..dd5763e
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.PipelineSecrets.Env }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
+  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
+  githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
+  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
new file mode 100644
index 0000000..d8ecbb6
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.PipelineSecrets.File }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
+  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+{{- end }}
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index e6cabfa..e18ab73 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -70,7 +70,7 @@ jenkins:
     CustomConfigMap: true
   rbac:
     install: true
-  # A second agent to configure a second pod template
+  # A second pod template for maven builds
   Pod:
     Enabled: true
     Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
@@ -78,10 +78,10 @@ jenkins:
   # ImagePullSecret: jenkins
     Label: "molgenis-maven"
     Privileged: false
-    Cpu: "200m"
-    Memory: "256Mi"
+    Cpu: ""
+    Memory: ""
     # You may want to change this to true while testing a new image
-    AlwaysPullImage: true
+    AlwaysPullImage: false
     Command: "/bin/sh -c"
     Args: "cat"
     TTY: true
@@ -90,12 +90,56 @@ jenkins:
     # Configure the attributes as they appear in the corresponding Java class for that type
     # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
     volumes:
-      - type: "HostPath"
-        mountPath: "/var/run/docker.sock"
+      - type: HostPath
         hostPath: "/var/run/docker.sock"
-    # - type: Secret
-    #   secretName: mysecret
-    #   mountPath: /var/myapp/mysecret
+        mountPath: "/var/run/docker.sock"
+      - type: Secret
+        secretName: molgenis-pipeline-file-secret
+        mountPath: "keyfile:/root/.m2"
     NodeSelector: {}
     # Key Value selectors. Ex:
     # jenkins-agent: v1
+PipelineSecrets:
+  Env:
+    # Passphrase for the pgp private key file
+    pgpPassphrase: xxxx
+    # Token for codecov.io service
+    codecovToken: xxxx
+    # Token for github bot account
+    githubToken: xxxx
+    # Token for sonarcloud.io
+    sonarToken: xxxx
+  File:
+    # PGP Private key in ascii format used to sign artifacts
+    PGPPrivateKeyAsc: |-
+      -----BEGIN PGP PRIVATE KEY BLOCK-----
+      xxxxx
+      -----END PGP PRIVATE KEY BLOCK-----
+    # maven.settings file
+    MavenSettingsXML: |-
+      <settings>
+        <!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
+        <localRepository>${user.home}/.mvnrepository</localRepository>
+        <!-- lets disable the download progress indicator that fills up logs -->
+        <interactiveMode>false</interactiveMode>
+        <mirrors>
+          <mirror>
+            <id>nexus</id>
+            <mirrorOf>external:*</mirrorOf>
+            <url>https://registry.molgenis.org/repository/maven-central/</url>
+          </mirror>
+        </mirrors>
+        <servers>
+          <server>
+            <id>local-nexus</id>
+            <url>https://registry.molgenis.org/repository/maven-central/</url>
+            <username>admin</username>
+            <password>xxxxx</password>
+          </server>
+          <server>
+            <id>oss-sonatype-staging</id>
+            <username>molgenis</username>
+            <password>xxxxx</password>
+          </server>
+        </servers>
+      </settings>
\ No newline at end of file