diff --git a/argocd/apps/minio/.minio.yaml.swp b/argocd/apps/minio/.minio.yaml.swp
deleted file mode 100644
index dbe958d..0000000
Binary files a/argocd/apps/minio/.minio.yaml.swp and /dev/null differ
diff --git a/config/minio/minio-policies-configmap.yaml b/config/minio/minio-policies-configmap.yaml
new file mode 100644
index 0000000..8bb15df
--- /dev/null
+++ b/config/minio/minio-policies-configmap.yaml
@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: minio-policies
+  namespace: minio
+data:
+  # Policy: Vollzugriff auf tatort
+  policy-tatort.json: |
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetBucketLocation",
+            "s3:ListBucket",
+            "s3:ListBucketMultipartUploads"
+          ],
+          "Resource": ["arn:aws:s3:::tatort"]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetObject",
+            "s3:PutObject",
+            "s3:DeleteObject",
+            "s3:ListMultipartUploadParts",
+            "s3:AbortMultipartUpload"
+          ],
+          "Resource": ["arn:aws:s3:::tatort/*"]
+        }
+      ]
+    }
+
+  # Policy: Vollzugriff auf tatort-dev
+  policy-tatort-dev.json: |
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetBucketLocation",
+            "s3:ListBucket",
+            "s3:ListBucketMultipartUploads"
+          ],
+          "Resource": ["arn:aws:s3:::tatort-dev"]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetObject",
+            "s3:PutObject",
+            "s3:DeleteObject",
+            "s3:ListMultipartUploadParts",
+            "s3:AbortMultipartUpload"
+          ],
+          "Resource": ["arn:aws:s3:::tatort-dev/*"]
+        }
+      ]
+    }
diff --git a/config/minio/minio-setup-job.yaml b/config/minio/minio-setup-job.yaml
new file mode 100644
index 0000000..66ae7f1
--- /dev/null
+++ b/config/minio/minio-setup-job.yaml
@@ -0,0 +1,77 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-setup-users
+  namespace: minio
+spec:
+  ttlSecondsAfterFinished: 600
+  backoffLimit: 5
+  template:
+    spec:
+      restartPolicy: OnFailure
+      volumes:
+        - name: policies
+          configMap:
+            name: minio-policies
+      containers:
+        - name: mc
+          image: minio/mc:latest
+          volumeMounts:
+            - name: policies
+              mountPath: /policies
+          env:
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: minio
+                  key: root-password
+            - name: TATORT_ACCESS
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-access-key
+            - name: TATORT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-secret-key
+            - name: TATORT_DEV_ACCESS
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-dev-access-key
+            - name: TATORT_DEV_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: minio-users
+                  key: tatort-dev-secret-key
+          command:
+            - /bin/sh
+            - -c
+            - |
+              set -e
+
+              echo "Warte auf MinIO..."
+              sleep 10
+
+              echo "Verbinde mit MinIO..."
+              mc alias set myminio http://minio:9000 admin $MINIO_ROOT_PASSWORD
+
+              echo "Erstelle Buckets (falls nicht vorhanden)..."
+              mc mb --ignore-existing myminio/tatort
+              mc mb --ignore-existing myminio/tatort-dev
+
+              echo "Erstelle Policies..."
+              mc admin policy create myminio policy-tatort /policies/policy-tatort.json || true
+              mc admin policy create myminio policy-tatort-dev /policies/policy-tatort-dev.json || true
+
+              echo "Erstelle Benutzer..."
+              mc admin user add myminio $TATORT_ACCESS $TATORT_SECRET || true
+              mc admin user add myminio $TATORT_DEV_ACCESS $TATORT_DEV_SECRET || true
+
+              echo "Weise Policies zu..."
+              mc admin policy attach myminio policy-tatort --user $TATORT_ACCESS
+              mc admin policy attach myminio policy-tatort-dev --user $TATORT_DEV_ACCESS
+
+              echo "Setup abgeschlossen!"
+              mc admin user list myminio
diff --git a/config/minio/minio-users-secret.yaml b/config/minio/minio-users-secret.yaml
new file mode 100644
index 0000000..d278709
--- /dev/null
+++ b/config/minio/minio-users-secret.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-users
+  namespace: minio
+type: Opaque
+stringData:
+  # tatort: Zugriff nur auf tatort
+  tatort-access-key: "GxKhfnfkNvlDU7qzsz0D"
+  tatort-secret-key: "cqSM5rIRr4MPtqzu2sNKgmB9k2OghPbyxwAWogeM"
+  # tatort-dev: Zugriff nur auf tatort-dev
+  tatort-dev-access-key: "AbCdEfGhIjKlMnOpQrSt"
+  tatort-dev-secret-key: "UvWxYz1234567890AbCdEfGhIjKlMnOpQrStUvWx"