diff --git a/policies/kv/service/woodpecker/woodpecker-agent-secret/read.yaml b/policies/kv/service/woodpecker/woodpecker-agent-secret/read.yaml
new file mode 100644
index 0000000..a3babe1
--- /dev/null
+++ b/policies/kv/service/woodpecker/woodpecker-agent-secret/read.yaml
@@ -0,0 +1,10 @@
+# Allow reading woodpecker agent secret for auto joining more agents
+---
+rules:
+  - path: "kv/data/service/woodpecker/woodpecker-agent-secret"
+    capabilities:
+      - read
+
+auth:
+  k8s/au/syd1:
+    - woodpecker