diff --git a/connection/environment.go b/connection/environment.go
index b66b9931..476a91ce 100644
--- a/connection/environment.go
+++ b/connection/environment.go
@@ -9,17 +9,16 @@ import (
 
 	"github.com/flanksource/commons/logger"
 	"github.com/flanksource/duty/context"
-	"github.com/flanksource/duty/types"
 
 	textTemplate "text/template"
 )
 
 // +kubebuilder:object:generate=true
 type ExecConnections struct {
-	Kubernetes *types.EnvVar    `yaml:"kubernetes,omitempty" json:"kubernetes,omitempty"`
-	AWS        *AWSConnection   `yaml:"aws,omitempty" json:"aws,omitempty"`
-	GCP        *GCPConnection   `yaml:"gcp,omitempty" json:"gcp,omitempty"`
-	Azure      *AzureConnection `yaml:"azure,omitempty" json:"azure,omitempty"`
+	Kubernetes *KubernetesConnection `yaml:"kubernetes,omitempty" json:"kubernetes,omitempty"`
+	AWS        *AWSConnection        `yaml:"aws,omitempty" json:"aws,omitempty"`
+	GCP        *GCPConnection        `yaml:"gcp,omitempty" json:"gcp,omitempty"`
+	Azure      *AzureConnection      `yaml:"azure,omitempty" json:"azure,omitempty"`
 }
 
 func saveConfig(configTemplate *textTemplate.Template, view any) (string, error) {
@@ -59,7 +58,7 @@ aws_secret_access_key = {{.SecretKey.ValueStatic}}
 
 	gcloudConfigTemplate = textTemplate.Must(textTemplate.New("").Parse(`{{.Credentials}}`))
 
-	kubernetesConfigTemplate = textTemplate.Must(textTemplate.New("").Parse(`{{.ValueStatic}}`))
+	kubernetesConfigTemplate = textTemplate.Must(textTemplate.New("").Parse(`{{.KubeConfig.ValueStatic}}`))
 }
 
 // SetupCConnections creates the necessary credential files and injects env vars
@@ -72,7 +71,7 @@ func SetupConnection(ctx context.Context, connections ExecConnections, cmd *osEx
 	if connections.Kubernetes != nil {
 		configPath, err := saveConfig(kubernetesConfigTemplate, connections.Kubernetes)
 		if err != nil {
-			return nil, fmt.Errorf("failed to store AWS credentials: %w", err)
+			return nil, fmt.Errorf("failed to store kubernetes credentials: %w", err)
 		}
 
 		cleaner = func() error {
diff --git a/connection/kubernetes.go b/connection/kubernetes.go
new file mode 100644
index 00000000..1069be73
--- /dev/null
+++ b/connection/kubernetes.go
@@ -0,0 +1,38 @@
+package connection
+
+import (
+	"fmt"
+
+	"github.com/flanksource/duty/models"
+	"github.com/flanksource/duty/types"
+)
+
+// +kubebuilder:object:generate=true
+type KubernetesConnection struct {
+	ConnectionName string        `json:"connection,omitempty"`
+	KubeConfig     *types.EnvVar `json:"kubeconfig,omitempty"`
+}
+
+func (t KubernetesConnection) ToModel() models.Connection {
+	return models.Connection{
+		Type:        models.ConnectionTypeKubernetes,
+		Certificate: t.KubeConfig.ValueStatic,
+	}
+}
+
+// Populate populates KubernetesConnection with credentials.
+// If a connection name is specified, it'll be used to populate the certificate.
+func (t *KubernetesConnection) Populate(ctx ConnectionContext) error {
+	if t.ConnectionName != "" {
+		connection, err := ctx.HydrateConnectionByURL(t.ConnectionName)
+		if err != nil {
+			return err
+		} else if connection == nil {
+			return fmt.Errorf("connection[%s] not found", t.ConnectionName)
+		}
+
+		t.KubeConfig.ValueStatic = connection.Certificate
+	}
+
+	return nil
+}
diff --git a/connection/zz_generated.deepcopy.go b/connection/zz_generated.deepcopy.go
index 9ba9b553..2cbe13ce 100644
--- a/connection/zz_generated.deepcopy.go
+++ b/connection/zz_generated.deepcopy.go
@@ -56,7 +56,7 @@ func (in *ExecConnections) DeepCopyInto(out *ExecConnections) {
 	*out = *in
 	if in.Kubernetes != nil {
 		in, out := &in.Kubernetes, &out.Kubernetes
-		*out = new(types.EnvVar)
+		*out = new(KubernetesConnection)
 		(*in).DeepCopyInto(*out)
 	}
 	if in.AWS != nil {
@@ -176,6 +176,26 @@ func (in *HTTPConnection) DeepCopy() *HTTPConnection {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubernetesConnection) DeepCopyInto(out *KubernetesConnection) {
+	*out = *in
+	if in.KubeConfig != nil {
+		in, out := &in.KubeConfig, &out.KubeConfig
+		*out = new(types.EnvVar)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesConnection.
+func (in *KubernetesConnection) DeepCopy() *KubernetesConnection {
+	if in == nil {
+		return nil
+	}
+	out := new(KubernetesConnection)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *S3Connection) DeepCopyInto(out *S3Connection) {
 	*out = *in