diff --git a/tf_files/gen3/root.tf b/tf_files/gen3/root.tf
index 97d9f84..2d88f3d 100644
--- a/tf_files/gen3/root.tf
+++ b/tf_files/gen3/root.tf
@@ -51,6 +51,7 @@ locals {
       slack_send_dbgap = var.slack_send_dbgap
       slack_webhook = var.slack_webhook
       ssjdispatcher_enabled = var.ssjdispatcher_enabled
+      sower_enabled = var.sower_enabled
       tier_access_level = var.tier_access_level
       tier_access_limit = var.tier_access_limit
       usersync_enabled = var.usersync_enabled
diff --git a/tf_files/gen3/values.tftpl b/tf_files/gen3/values.tftpl
index 1a78822..45cb06e 100644
--- a/tf_files/gen3/values.tftpl
+++ b/tf_files/gen3/values.tftpl
@@ -5,6 +5,8 @@ global:
     hatchery_role: ${hatchery_service_account}
 
   dev: false
+  externalSecrets:
+    deploy: true
   postgres:
     dbCreate: false
     externalSecret: "${vpc_name}_aurora-master-password"
@@ -35,7 +37,7 @@ argo-wrapper:
 audit:
   enabled: ${audit_enabled}
   serviceAccount:
-    annotations: "eks.amazonaws.com/role-arn: ${audit_service_account}"
+    eks.amazonaws.com/role-arn: ${audit_service_account}
   externalSecrets:
     dbcreds: "${vpc_name}_${namespace}-audit-creds"    
 
@@ -56,13 +58,10 @@ dicom-viewer:
   externalSecrets:
     dbcreds: "${vpc_name}_${namespace}-dicom-viewer-creds"
 
-external-secrets:
-  enabled: ${deploy_external_secrets}
-
 fence:
   enabled: ${fence_enabled}
   serviceAccount:
-    annotations: "eks.amazonaws.com/role-arn: ${fence_service_account}"
+    eks.amazonaws.com/role-arn: ${fence_service_account}
    
   externalSecrets:
     fenceJwtKeys: ""
@@ -178,8 +177,8 @@ pidgin:
 portal:
   enabled: ${portal_enabled}
   gitops:
-  json: | 
-    ${gitops_file}
+    json: | 
+      ${gitops_file}
 
 requestor:
   enabled: ${requestor_enabled}
@@ -200,6 +199,9 @@ sheepdog:
 ssjdispatcher:
   enabled: ${ssjdispatcher_enabled}
 
+sower:
+  enabled: ${sowed_enabled}
+
 wts:
   enabled: ${wts_enabled}
   externalSecrets:
diff --git a/tf_files/gen3/variables.tf b/tf_files/gen3/variables.tf
index d362e80..1a372dc 100644
--- a/tf_files/gen3/variables.tf
+++ b/tf_files/gen3/variables.tf
@@ -249,6 +249,12 @@ variable "ssjdispatcher_enabled" {
   default     = true
 }
 
+variable "sower_enabled" {
+  description = "Enable sower"
+  type        = bool
+  default     = true
+}
+
 variable "tier_access_level" {
   description = "Tier access level for guppy"
   default     = "private"