diff --git a/.drone.yml b/.drone.yml
index edeaffd..434a8ed 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -3,9 +3,6 @@ type: kubernetes
 name: deploy-backend
 
 steps:
-  # ---------------------------------------------------------------
-  # ETAPA 1 - BUILD + PUSH USANDO PLUGIN DOCKER (SEM KANIKO)
-  # ---------------------------------------------------------------
   - name: build-and-push-backend
     image: plugins/docker:latest
     settings:
@@ -23,9 +20,31 @@ steps:
       password:
         from_secret: HARBOR_PASSWORD
 
-  # ---------------------------------------------------------------
-  # ETAPA 2 - DEPLOY BACKEND NO K3S
-  # ---------------------------------------------------------------
+  - name: export-infisical-to-k8s
+    image: infisical/infisical:latest
+    environment:
+      INFISICAL_TOKEN:
+        from_secret: INFISICAL_TOKEN
+      KUBERNETES_SERVER:
+        from_secret: K3S_SERVER
+      KUBERNETES_CA:
+        from_secret: K3S_CA_CERT
+      KUBERNETES_CLIENT_CERT:
+        from_secret: K3S_CLIENT_CERT
+      KUBERNETES_CLIENT_KEY:
+        from_secret: K3S_CLIENT_KEY
+    commands:
+      - infisical export --env=production --format=dotenv > .env.k8s
+      - echo "$KUBERNETES_CA" | base64 -d > /tmp/ca.crt
+      - echo "$KUBERNETES_CLIENT_CERT" | base64 -d > /tmp/client.crt
+      - echo "$KUBERNETES_CLIENT_KEY" | base64 -d > /tmp/client.key
+      - kubectl config set-cluster k3s --server="${KUBERNETES_SERVER}" --certificate-authority=/tmp/ca.crt
+      - kubectl config set-credentials drone --client-certificate=/tmp/client.crt --client-key=/tmp/client.key
+      - kubectl config set-context drone-context --cluster=k3s --namespace=gohorsejobs --user=drone
+      - kubectl config use-context drone-context
+      - kubectl -n gohorsejobs delete secret backend-secrets --ignore-not-found
+      - kubectl -n gohorsejobs create secret generic backend-secrets --from-env-file=.env.k8s
+
   - name: deploy-backend
     image: bitnami/kubectl:latest
     environment:
diff --git a/k8s/backend-deployment.yaml b/k8s/backend-deployment.yaml
index 50e4a58..d601eee 100644
--- a/k8s/backend-deployment.yaml
+++ b/k8s/backend-deployment.yaml
@@ -8,12 +8,10 @@ spec:
   selector:
     matchLabels:
       app: gohorse-backend
-
   template:
     metadata:
       labels:
         app: gohorse-backend
-
     spec:
       containers:
         - name: backend
@@ -24,5 +22,8 @@ spec:
           env:
             - name: NODE_ENV
               value: "production"
+          envFrom:
+            - secretRef:
+                name: backend-secrets # O nome do Secret criado no seu pipeline com as variáveis do Infisical
       imagePullSecrets:
         - name: harbor-registry
\ No newline at end of file