diff --git a/data/deployments/admin/common.yaml b/data/deployments/admin/common.yaml
index 862a4098..7baf8098 100644
--- a/data/deployments/admin/common.yaml
+++ b/data/deployments/admin/common.yaml
@@ -1,60 +1,64 @@
 swh::deploy::environment: admin
 dns::search_domains:
   - internal.admin.swh.network
 
 swh::postgresql::version: '14'
 swh::postgresql::listen_addresses:
   - 0.0.0.0
 swh::postgresql::network_accesses:
   - 192.168.100.0/24 # Monitoring
 
 swh::postgresql::shared_buffers: 4GB
 swh::postgresql::port: 5432
 swh::postgresql::cluster_name: "%{lookup('swh::postgresql::version')}/main"
 swh::postgresql::datadir_base: "/srv/postgresql"
 swh::postgresql::datadir: "%{lookup('swh::postgresql::datadir_base')}/%{lookup('swh::postgresql::cluster_name')}"
 
 hedgedoc::db::database: hedgedoc
 hedgedoc::db::username: hedgedoc
 # swh::deploy::hedgedoc::db::password: in private-data
 
 # namespace key `key_name`, lookup will happen on swh::deploy::{key_name}::...
 swh::deploy::reverse_proxy::services:
   - hedgedoc
   - grafana
   - sentry
   - argocd
 
 swh::deploy::hedgedoc::reverse_proxy::backend_http_host: bardo.internal.admin.swh.network
 swh::deploy::hedgedoc::reverse_proxy::backend_http_port: "3000"
 swh::deploy::hedgedoc::reverse_proxy::websocket_support: true
 swh::deploy::hedgedoc::base_url: hedgedoc.softwareheritage.org
 swh::deploy::hedgedoc::vhost::letsencrypt_cert: hedgedoc
 swh::deploy::hedgedoc::icinga_check_string: 'HedgeDoc'
 
 swh::deploy::grafana::vhost::letsencrypt_cert: "%{lookup('grafana::vhost::name')}"
 swh::deploy::grafana::reverse_proxy::backend_http_host: grafana0.internal.admin.swh.network
 swh::deploy::grafana::reverse_proxy::backend_http_port: "3000"
 swh::deploy::grafana::reverse_proxy::websocket_support: true
 swh::deploy::grafana::base_url: "%{lookup('grafana::vhost::name')}"
 
 swh::deploy::sentry::vhost::letsencrypt_cert: "%{lookup('sentry::vhost::name')}"
 swh::deploy::sentry::reverse_proxy::backend_http_host: riverside.internal.admin.swh.network
 swh::deploy::sentry::reverse_proxy::backend_http_port: "9000"
 swh::deploy::sentry::base_url: "%{lookup('sentry::vhost::name')}"
 swh::deploy::sentry::icinga_check_uri: '/auth/login/swh/'
 
 swh::deploy::argocd::vhost::letsencrypt_cert: argocd
 swh::deploy::argocd::reverse_proxy::backend_http_host: argo-worker01.internal.admin.swh.network
 swh::deploy::argocd::reverse_proxy::backend_http_port: "80"
+swh::deploy::argocd::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
+swh::deploy::argocd::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
+swh::deploy::argocd::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}"
+swh::deploy::argocd::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
 
 hitch::frontend: "[*]:443"
 hitch::proxy_support: true
 varnish::http_port: 80
 
 grafana::db::host: db1.internal.admin.swh.network
 grafana::db::port: "%{lookup('swh::postgresql::port')}"
 
 syncoid::public_keys::backup01-azure:
   type: ssh-ed25519
   key: "AAAAC3NzaC1lZDI1NTE5AAAAIC/IVxmzorYGJH5ThlzjrdHl9KBTsJKEqCAZhhJG6oGO"