diff --git a/cert_test.go b/cert_test.go
index 428e382..0b33751 100644
--- a/cert_test.go
+++ b/cert_test.go
@@ -14,7 +14,7 @@ func TestNormalizeCertURL(t *testing.T) {
 		expectError      bool
 	}{
 		{
-			inURL:            "http://example.com",
+			inURL:            "http://example.com/v1/cert.pem",
 			expectOutURL:     expectedOutURL1,
 			expectOutURLHost: "example.com",
 			expectError:      false,
diff --git a/main.go b/main.go
index b4ec684..6f2bc56 100644
--- a/main.go
+++ b/main.go
@@ -103,7 +103,7 @@ func configure(environment string, configKey string, configValue string) {
 }
 
 func rotate(filename string) {
-	_, environment, err := nameAndEnvFromFilename(filename)
+	secretName, environment, err := nameAndEnvFromFilename(filename)
 	if err != nil {
 		fmt.Printf("%s\n", err)
 		os.Exit(1)
@@ -185,10 +185,18 @@ func rotate(filename string) {
 
 	// TODO: support creating new sealed secrets from scratch
 	newSecrets := secrets.ToValues()
+	if len(sealedSecret.Spec.Template.Metadata) == 0 {
+		timestamp := time.Now().UTC().Format(time.RFC3339)
+		// TODO: get namespace for new secrets
+		secretNamespace := ""
+		sealedSecret.Spec.Template.Metadata = map[string]*string{
+			"creationTimestamp": &timestamp,
+			"name":              &secretName,
+			"namespace":         &secretNamespace,
+		}
+	}
 	secretYAML, err := createSecretYAML(
-		sealedSecret.Metadata.Name,
-		sealedSecret.Metadata.Namespace,
-		time.Now(),
+		sealedSecret.Spec.Template.Metadata,
 		newSecrets,
 	)
 	if err != nil {
diff --git a/sealedsecret.go b/sealedsecret.go
index 006b164..d353426 100644
--- a/sealedsecret.go
+++ b/sealedsecret.go
@@ -15,18 +15,14 @@ import (
 )
 
 type SealedSecret struct {
-	ApiVersion string `json:"apiVersion" yaml:"apiVersion"`
-	Kind       string `json:"kind" yaml:"kind"`
-	Metadata   struct {
-		CreationTimestamp time.Time `json:"creationTimestamp,omitempty" yaml:"creationTimestamp,omitempty"`
-		Name              string    `json:"name" yaml:"name"`
-		Namespace         string    `json:"namespace,omitempty" yaml:"namespace,omitempty"`
-	} `json:"metadata" yaml:"metadata"`
-	Spec struct {
+	ApiVersion string             `json:"apiVersion" yaml:"apiVersion"`
+	Kind       string             `json:"kind" yaml:"kind"`
+	Metadata   map[string]*string `json:"metadata" yaml:"metadata"`
+	Spec       struct {
 		EncryptedData map[string]string `json:"encryptedData,omitempty" yaml:"encryptedData,omitempty"`
 		Template      struct {
-			Data     *map[string]string `json:"data" yaml:"data"`
-			Metadata map[string]string  `json:"metadata" yaml:"metadata"`
+			Data     *map[string]*string `json:"data" yaml:"data"`
+			Metadata map[string]*string  `json:"metadata" yaml:"metadata"`
 		} `json:"template" yaml:"template"`
 	} `json:"spec" yaml:"spec"`
 }
diff --git a/secret.go b/secret.go
index 9870393..51ecf66 100644
--- a/secret.go
+++ b/secret.go
@@ -4,23 +4,20 @@ import (
 	"encoding/base64"
 	"fmt"
 	"regexp"
-	"time"
 
 	"gopkg.in/yaml.v3"
 )
 
 type secretManifest struct {
-	ApiVersion string            `yaml:"apiVersion"`
-	Kind       string            `yaml:"kind"`
-	Type       string            `yaml:"type"`
-	Data       map[string]string `yaml:"data"`
-	Metadata   map[string]string `yaml:"metadata"`
+	ApiVersion string             `yaml:"apiVersion"`
+	Kind       string             `yaml:"kind"`
+	Type       string             `yaml:"type"`
+	Data       map[string]string  `yaml:"data"`
+	Metadata   map[string]*string `yaml:"metadata"`
 }
 
 func createSecretYAML(
-	name string,
-	namespace string,
-	timestamp time.Time,
+	metadata map[string]*string,
 	secrets map[string]string,
 ) (manifestYAML string, err error) {
 	manifest := secretManifest{
@@ -28,11 +25,7 @@ func createSecretYAML(
 		Kind:       "Secret",
 		Type:       "Opaque",
 		Data:       map[string]string{},
-		Metadata: map[string]string{
-			"creationTimestamp": timestamp.UTC().Format(time.RFC3339),
-			"name":              name,
-			"namespace":         namespace,
-		},
+		Metadata:   metadata,
 	}
 	for k, v := range secrets {
 		manifest.Data[k] = base64.StdEncoding.EncodeToString([]byte(v))
diff --git a/secret_test.go b/secret_test.go
index 8ec5566..402fa28 100644
--- a/secret_test.go
+++ b/secret_test.go
@@ -3,12 +3,10 @@ package main
 import (
 	"strings"
 	"testing"
-	"time"
 )
 
 func TestCreateSecretYAML(t *testing.T) {
 	// kubectl create secret generic example-secret -o yaml --from-literal=A=B
-	datetime := "2023-02-22T23:49:39Z"
 	expect := "" +
 		"apiVersion: v1\n" +
 		"kind: Secret\n" +
@@ -16,14 +14,12 @@ func TestCreateSecretYAML(t *testing.T) {
 		"data:\n" +
 		"    A: Qg==\n" +
 		"metadata:\n" +
-		"    creationTimestamp: \"" + datetime + "\"\n" +
-		"    name: example-secret\n" +
-		"    namespace: default\n"
-	timestamp, err := time.Parse(time.RFC3339, datetime)
-	if err != nil {
-		t.Errorf("Unexpected error: %s", err)
+		"    name: example-secret\n"
+	secretName := "example-secret"
+	metadata := map[string]*string{
+		"name": &secretName,
 	}
-	got, err := createSecretYAML("example-secret", "default", timestamp, map[string]string{"A": "B"})
+	got, err := createSecretYAML(metadata, map[string]string{"A": "B"})
 	if err != nil {
 		t.Errorf("Unexpected error: %s", err)
 	}