diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
index 28acfcde..03d56e0e 100644
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@@ -29,9 +29,6 @@ data:
   pinniped.yaml: |
     discovery:
       url: (@= data.values.discovery_url or "null" @)
-    webhook:
-      url: (@= data.values.webhook_url @)
-      caBundle: (@= data.values.webhook_ca_bundle @)
     api:
       servingCertificate:
         durationSeconds: (@= str(data.values.api_serving_certificate_duration_seconds) @)
diff --git a/deploy/webhook.yaml b/deploy/webhook.yaml
new file mode 100644
index 00000000..27a57def
--- /dev/null
+++ b/deploy/webhook.yaml
@@ -0,0 +1,16 @@
+#! Copyright 2020 VMware, Inc.
+#! SPDX-License-Identifier: Apache-2.0
+
+#@ load("@ytt:data", "data")
+
+apiVersion: idp.pinniped.dev/v1alpha1
+kind: WebhookIdentityProvider
+metadata:
+  name: #@ data.values.app_name + "-webhook"
+  namespace: #@ data.values.namespace
+  labels:
+    app: #@ data.values.app_name
+spec:
+  endpoint: #@ data.values.webhook_url
+  tls:
+    certificateAuthorityData: #@ data.values.webhook_ca_bundle