diff --git a/Makefile b/Makefile
index 26906cd3ebfd..0d3bcdab583c 100644
--- a/Makefile
+++ b/Makefile
@@ -96,7 +96,7 @@ roles: cluster-operator-roles cluster-roles
 prow: prow-ci-ns prow-ci-stg-ns
 .PHONY: prow
 
-prow-ci-ns: ci-ns prow-jobs prow-scaling prow-secrets
+prow-ci-ns: ci-ns prow-jobs prow-scaling
 .PHONY: prow-ci-ns
 
 prow-ci-stg-ns: ci-stg-ns
@@ -119,10 +119,6 @@ prow-scaling:
 	oc apply -n kube-system -f cluster/ci/config/cluster-autoscaler.yaml
 .PHONY: prow-scaling
 
-prow-secrets:
-	ci-operator/populate-secrets-from-bitwarden.sh
-.PHONY: prow-secrets
-
 prow-jobs: prow-artifacts
 	$(MAKE) apply WHAT=projects/prometheus/test/build.yaml
 	$(MAKE) apply WHAT=ci-operator/templates/os.yaml
@@ -261,31 +257,10 @@ azure-secrets:
 	oc create secret generic cluster-secrets-azure-env --from-literal=azure_client_id=${AZURE_ROOT_CLIENT_ID} --from-literal=azure_client_secret=${AZURE_ROOT_CLIENT_SECRET} --from-literal=azure_tenant_id=${AZURE_ROOT_TENANT_ID} --from-literal=azure_subscription_id=${AZURE_ROOT_SUBSCRIPTION_ID} -o yaml --dry-run | oc apply -n azure-private -f -
 .PHONY: azure-secrets
 
-azure4-secrets:
-	oc create secret generic cluster-secrets-azure4 \
-	--from-file=cluster/test-deploy/azure4/osServicePrincipal.json \
-	--from-file=cluster/test-deploy/azure4/pull-secret \
-	--from-file=cluster/test-deploy/azure4/ssh-privatekey \
-	--from-file=cluster/test-deploy/azure4/ssh-publickey \
-	-o yaml --dry-run | oc apply -n ocp -f -
-.PHONY: azure4-secrets
-
 metering:
 	$(MAKE) -C projects/metering
 .PHONY: metering
 
-metal-secrets:
-	oc create secret generic cluster-secrets-metal \
-	--from-file=cluster/test-deploy/metal/.awscred \
-	--from-file=cluster/test-deploy/metal/.packetcred \
-	--from-file=cluster/test-deploy/metal/matchbox-client.crt \
-	--from-file=cluster/test-deploy/metal/matchbox-client.key \
-	--from-file=cluster/test-deploy/metal/ssh-privatekey \
-	--from-file=cluster/test-deploy/metal/ssh-publickey \
-	--from-file=cluster/test-deploy/metal/pull-secret \
-	-o yaml --dry-run | oc apply -n ocp -f -
-.PHONY: metal-secrets
-
 libpod:
 	$(MAKE) apply WHAT=projects/libpod/libpod.yaml
 .PHONY: libpod
diff --git a/core-services/ci-secret-bootstrap/_config.yaml b/core-services/ci-secret-bootstrap/_config.yaml
index f909c057c6b3..dbb16c403bb1 100644
--- a/core-services/ci-secret-bootstrap/_config.yaml
+++ b/core-services/ci-secret-bootstrap/_config.yaml
@@ -628,7 +628,25 @@
     - cluster: default
       namespace: ci
       name: cluster-secrets-metal
-# cluster-secrets-azure is not synced. Need to ask DPP team for this.
+#azure4
+- from:
+    pull-secret:
+      bw_item: quay.io
+      attachment: pull-secret
+    osServicePrincipal.json:
+      bw_item: os4-installer.openshift-ci.azure
+      attachment: osServicePrincipal.json
+    ssh-privatekey:
+      bw_item: jenkins-ci-iam
+      attachment: ssh-privatekey
+    ssh-publickey:
+      bw_item: jenkins-ci-iam
+      attachment: ssh-publickey
+  to:
+    - cluster: default
+      namespace: ci
+      name: cluster-secrets-azure4
+# cluster-secrets-azure is not synced. Email sent to Jim about this.
 # azure:
 # codecov.io tokens we store for teams
 - from:
@@ -734,6 +752,3 @@
     - cluster: default
       namespace: ci-release
       name: git-credentials
-#oc --context default get secret -n ci cluster-secrets-azure -o yaml
-#https://github.com/openshift/release/blob/master/ci-operator/SECRETS.md#cluster-secrets-azure4
-#Need to ask Abhinav why this one is not under BW script