diff --git a/helm/templates/backend/postgres.deployment.yaml b/helm/templates/backend/postgres.deployment.yaml
index a567461fb9..02306a6aa9 100644
--- a/helm/templates/backend/postgres.deployment.yaml
+++ b/helm/templates/backend/postgres.deployment.yaml
@@ -20,6 +20,7 @@ spec:
       labels:
         id: {{ .Release.Name }}-deployment-backend-postgres
     spec:
+      automountServiceAccountToken: false
       {{ if not .Values.development }}
       volumes:
         - name: {{ .Release.Name }}-data
diff --git a/helm/templates/docs/docs.deployment.yaml b/helm/templates/docs/docs.deployment.yaml
index d775c47102..50e1407452 100644
--- a/helm/templates/docs/docs.deployment.yaml
+++ b/helm/templates/docs/docs.deployment.yaml
@@ -17,6 +17,7 @@ spec:
       labels:
         id: {{ .Release.Name }}-deployment-docs
     spec:
+      automountServiceAccountToken: false
       {{- include "capellacollab.pod.spec" . | indent 6 -}}
       containers:
         - name: {{ .Release.Name }}-docs
diff --git a/helm/templates/frontend/frontend.deployment.yaml b/helm/templates/frontend/frontend.deployment.yaml
index db1636692e..d1730f28f2 100644
--- a/helm/templates/frontend/frontend.deployment.yaml
+++ b/helm/templates/frontend/frontend.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config-promtail: {{ include (print $.Template.BasePath "/promtail" "/promtail.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         {{ if .Values.loki.enabled }}
         - name: logs
diff --git a/helm/templates/grafana/nginx.deployment.yaml b/helm/templates/grafana/nginx.deployment.yaml
index b4e8d77c82..0571333358 100644
--- a/helm/templates/grafana/nginx.deployment.yaml
+++ b/helm/templates/grafana/nginx.deployment.yaml
@@ -22,6 +22,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/grafana/nginx.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-grafana-nginx
           configMap:
diff --git a/helm/templates/guacamole/guacamole.deployment.yaml b/helm/templates/guacamole/guacamole.deployment.yaml
index 0be4cac055..b2c86ec891 100644
--- a/helm/templates/guacamole/guacamole.deployment.yaml
+++ b/helm/templates/guacamole/guacamole.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config-promtail: {{ include (print $.Template.BasePath "/promtail" "/promtail.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         {{ if .Values.loki.enabled }}
         - name: unused
diff --git a/helm/templates/guacamole/guacd.deployment.yaml b/helm/templates/guacamole/guacd.deployment.yaml
index f54b529a38..f58dd97590 100644
--- a/helm/templates/guacamole/guacd.deployment.yaml
+++ b/helm/templates/guacamole/guacd.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config-promtail: {{ include (print $.Template.BasePath "/promtail" "/promtail.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         {{ if .Values.loki.enabled }}
         - name: logs
diff --git a/helm/templates/guacamole/postgres.deployment.yaml b/helm/templates/guacamole/postgres.deployment.yaml
index ec75a990c6..4327f614e7 100644
--- a/helm/templates/guacamole/postgres.deployment.yaml
+++ b/helm/templates/guacamole/postgres.deployment.yaml
@@ -24,6 +24,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/guacamole" "/postgres.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-data
           persistentVolumeClaim:
diff --git a/helm/templates/mock/oauth.deployment.yaml b/helm/templates/mock/oauth.deployment.yaml
index bc647f9ec1..4fd68a1137 100644
--- a/helm/templates/mock/oauth.deployment.yaml
+++ b/helm/templates/mock/oauth.deployment.yaml
@@ -22,6 +22,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/mock/oauth.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-oauth-mock
           configMap:
diff --git a/helm/templates/prometheus/nginx.deployment.yaml b/helm/templates/prometheus/nginx.deployment.yaml
index d16111388c..c7976fb1a2 100644
--- a/helm/templates/prometheus/nginx.deployment.yaml
+++ b/helm/templates/prometheus/nginx.deployment.yaml
@@ -21,6 +21,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/prometheus/nginx.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       volumes:
         - name: {{ .Release.Name }}-prometheus-nginx
           configMap:
diff --git a/helm/templates/prometheus/prometheus.deployment.yaml b/helm/templates/prometheus/prometheus.deployment.yaml
index a71a7cf324..fb1b4a481e 100644
--- a/helm/templates/prometheus/prometheus.deployment.yaml
+++ b/helm/templates/prometheus/prometheus.deployment.yaml
@@ -22,6 +22,7 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/prometheus/prometheus.configmap.yaml") . | sha256sum }}
     spec:
+      automountServiceAccountToken: false
       serviceAccountName: {{ .Release.Name }}-prometheus
       {{- include "capellacollab.pod.spec" . | indent 6 -}}
       containers: