diff --git a/argocd/apps/minio/minio.yaml b/argocd/apps/minio/minio.yaml
index 87526d6..b48d13f 100644
--- a/argocd/apps/minio/minio.yaml
+++ b/argocd/apps/minio/minio.yaml
@@ -45,6 +45,14 @@ spec:
         - name: apiIngress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
           value: 'true'
           forceString: true
+        - name: containerSecurityContext.allowPrivilegeEscalation
+          value: 'false'
+        - name: containerSecurityContext.capabilities.drop
+          value: 'ALL'
+        - name: containerSecurityContext.runAsNonRoot
+          value: 'true'
+        - name: containerSecurityContext.seccompProfile.type
+          value: 'RuntimeDefault'
     chart: minio
   destination:
     server: 'https://kubernetes.default.svc'