diff --git a/Dockerfile b/Dockerfile
index ff29d12f..e8e5cdda 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,8 +5,8 @@ FROM docker.io/alpine:${ALPINE_VERSION}
 ARG ALPINE_VERSION
 ARG KUBE_VERSION=1.31
 
-ARG SOPS_VERSION="3.9.4"
-ARG VALS_VERSION="0.39.4"
+ARG SOPS_VERSION="3.10.1"
+ARG VALS_VERSION="0.40.1"
 ARG HELM_SECRETS_VERSION="4.6.3"
 
 RUN cd /etc/apk/keys && \
diff --git a/charts/kubezero-argo/README.md b/charts/kubezero-argo/README.md
index 1ffd6062..b6fb12c7 100644
--- a/charts/kubezero-argo/README.md
+++ b/charts/kubezero-argo/README.md
@@ -54,21 +54,25 @@ Kubernetes: `>= 1.30.0-0`
 | argo-cd.dex.enabled | bool | `false` |  |
 | argo-cd.enabled | bool | `false` |  |
 | argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` |  |
-| argo-cd.global.image.tag | string | `"v2.14.9"` |  |
+| argo-cd.global.image.tag | string | `"v2.14.9-1"` |  |
 | argo-cd.global.logging.format | string | `"json"` |  |
 | argo-cd.global.networkPolicy.create | bool | `true` |  |
 | argo-cd.istio.enabled | bool | `false` |  |
 | argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` |  |
 | argo-cd.istio.ipBlocks | list | `[]` |  |
 | argo-cd.kubezero.bootstrap | bool | `false` | deploy the KubeZero Project and GitSync Root App |
+| argo-cd.kubezero.password | string | `"secretref+k8s://v1/Secret/kubezero/kubezero-secrets/argo-cd.kubezero.password"` |  |
 | argo-cd.kubezero.path | string | `"/"` |  |
 | argo-cd.kubezero.repoUrl | string | `""` |  |
 | argo-cd.kubezero.sshPrivateKey | string | `"secretref+k8s://v1/Secret/kubezero/kubezero-secrets/argo-cd.kubezero.sshPrivateKey"` |  |
 | argo-cd.kubezero.targetRevision | string | `"HEAD"` |  |
+| argo-cd.kubezero.username | string | `"secretref+k8s://v1/Secret/kubezero/kubezero-secrets/argo-cd.kubezero.username"` |  |
 | argo-cd.notifications.enabled | bool | `false` |  |
 | argo-cd.redisSecretInit.enabled | bool | `false` |  |
 | argo-cd.repoServer.metrics.enabled | bool | `false` |  |
 | argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` |  |
+| argo-cd.repoServer.volumes[0].emptyDir | object | `{}` |  |
+| argo-cd.repoServer.volumes[0].name | string | `"cmp-tmp"` |  |
 | argo-cd.server.metrics.enabled | bool | `false` |  |
 | argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` |  |
 | argo-cd.server.service.servicePortHttpsName | string | `"grpc"` |  |
diff --git a/charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml b/charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml
index 5600c1ad..b50e3f85 100644
--- a/charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml
+++ b/charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml
@@ -1,4 +1,4 @@
-{{- if and (index .Values "argo-cd" "kubezero" "bootstrap") (index .Values "argo-cd" "kubezero" "repoUrl") }}
+{{- if index .Values "argo-cd" "kubezero" "bootstrap" }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -19,12 +19,15 @@ spec:
     targetRevision: {{ .targetRevision }}
     path: {{ .path }}
     {{- end }}
-    directory:
-      recurse: true
+    plugin:
+      name: kubezero-git-sync
   syncPolicy:
     automated:
       prune: true
     syncOptions:
       - ServerSideApply=true
       - ApplyOutOfSyncOnly=true
+  info:
+    - name: "Source:"
+      value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.31/"
 {{- end }}
diff --git a/charts/kubezero-argo/templates/argo-cd/kubezero-project.yaml b/charts/kubezero-argo/templates/argo-cd/kubezero-project.yaml
index eb4263d4..82bc7185 100644
--- a/charts/kubezero-argo/templates/argo-cd/kubezero-project.yaml
+++ b/charts/kubezero-argo/templates/argo-cd/kubezero-project.yaml
@@ -1,4 +1,4 @@
-{{- if and (index .Values "argo-cd" "kubezero" "bootstrap") (index .Values "argo-cd" "kubezero" "repoUrl") }}
+{{- if index .Values "argo-cd" "kubezero" "bootstrap" }}
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
diff --git a/charts/kubezero-argo/values.yaml b/charts/kubezero-argo/values.yaml
index 86fa70b0..6f335a25 100644
--- a/charts/kubezero-argo/values.yaml
+++ b/charts/kubezero-argo/values.yaml
@@ -38,7 +38,7 @@ argo-cd:
       format: json
     image:
       repository: public.ecr.aws/zero-downtime/zdt-argocd
-      tag: v2.14.9
+      tag: v2.14.9-1
     networkPolicy:
       create: true
 
@@ -125,10 +125,10 @@ argo-cd:
           resources: ["secrets"]
           verbs: ["get", "watch", "list"]
 
-    # cmp vals plugin
+    # cmp kubezero-git-sync plugin
     # @ignored
     extraContainers:
-      - name: cmp-vals
+      - name: cmp-kubezero-git-sync
         image: '{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}'
         imagePullPolicy: '{{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}'
         command: ["/var/run/argocd/argocd-cmp-server"]
diff --git a/charts/kubezero/templates/_app.tpl b/charts/kubezero/templates/_app.tpl
index d140f8a7..6e461d2b 100644
--- a/charts/kubezero/templates/_app.tpl
+++ b/charts/kubezero/templates/_app.tpl
@@ -42,6 +42,9 @@ spec:
       - ServerSideApply=true
       - CreateNamespace=true
       - ApplyOutOfSyncOnly=true
+  info:
+    - name: "Source:"
+      value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.31/charts/kubezero-{{ $name }}"
 {{- include (print $name "-argo") $ }}
 {{- end }}