diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4b46ab9..8b67268 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
new file mode 100644
index 0000000..0ac0931
--- /dev/null
+++ b/.github/workflows/secret-scan.yml
@@ -0,0 +1,24 @@
+name: GitLeaks Security Scan
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  gitleaks:
+    name: Secret Detection
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run GitLeaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
diff --git a/charts/langstream/Chart.yaml b/charts/langstream/Chart.yaml
index fb0ac9b..6c76d7f 100644
--- a/charts/langstream/Chart.yaml
+++ b/charts/langstream/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: langstream
 description: Helm chart for LangStream
 type: application
-version: 0.6.3
+version: 1.1.0
 appVersion: 0.6.2
diff --git a/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml b/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml
index 0231b80..ebe12af 100644
--- a/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml
+++ b/charts/langstream/templates/control-plane/control-plane-serviceaccount.yaml
@@ -70,6 +70,12 @@ rules:
       - applications/status
     verbs:
       - "*"
+  - apiGroups:
+      - "apps"
+    resources:
+      - statefulsets
+    verbs:
+      - "*"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
diff --git a/charts/langstream/templates/deployer/deployer-serviceaccount.yaml b/charts/langstream/templates/deployer/deployer-serviceaccount.yaml
index b1c383d..ce46b43 100644
--- a/charts/langstream/templates/deployer/deployer-serviceaccount.yaml
+++ b/charts/langstream/templates/deployer/deployer-serviceaccount.yaml
@@ -82,6 +82,13 @@ rules:
       - services
       - pods
       - configmaps
+      - namespaces
+    verbs:
+      - "*"
+  - apiGroups:
+      - "metrics.k8s.io"
+    resources:
+      - pods
     verbs:
       - "*"
 ---