diff --git a/cmd/install/example.go b/cmd/install/example.go
index c8ff2aa..7f9f6c1 100644
--- a/cmd/install/example.go
+++ b/cmd/install/example.go
@@ -2,6 +2,7 @@ package install
 
 import (
 	"github.com/awslabs/eksdemo/pkg/application"
+	"github.com/awslabs/eksdemo/pkg/application/example/ascp"
 	"github.com/awslabs/eksdemo/pkg/application/example/eks_workshop"
 	"github.com/awslabs/eksdemo/pkg/application/example/game_2048"
 	"github.com/awslabs/eksdemo/pkg/application/example/ghost"
@@ -49,6 +50,7 @@ func NewUninstallExampleCmd() *cobra.Command {
 
 func init() {
 	exampleApps = []func() *application.Application{
+		ascp.NewApp,
 		eks_workshop.NewApp,
 		game_2048.NewApp,
 		ghost.New,
diff --git a/pkg/application/csi/secretsstore/secrets_store.go b/pkg/application/csi/secretsstore/secrets_store.go
index a50de25..e6797d8 100644
--- a/pkg/application/csi/secretsstore/secrets_store.go
+++ b/pkg/application/csi/secretsstore/secrets_store.go
@@ -21,7 +21,7 @@ func NewApp() *application.Application {
 			Parent:      "secrets",
 			Name:        "store-csi-driver",
 			Description: "Integrates secrets stores with K8s via a CSI volume",
-			Aliases:     []string{"store-csi", "csi-driver", "csi"},
+			Aliases:     []string{"store-csi", "store", "csi-driver", "csi"},
 		},
 
 		Flags: flags,
diff --git a/pkg/application/example/ascp/ascp.go b/pkg/application/example/ascp/ascp.go
new file mode 100644
index 0000000..81337c6
--- /dev/null
+++ b/pkg/application/example/ascp/ascp.go
@@ -0,0 +1,59 @@
+package ascp
+
+import (
+	"github.com/awslabs/eksdemo/pkg/application"
+	"github.com/awslabs/eksdemo/pkg/cmd"
+	"github.com/awslabs/eksdemo/pkg/installer"
+	"github.com/awslabs/eksdemo/pkg/resource"
+	"github.com/awslabs/eksdemo/pkg/resource/irsa"
+	"github.com/awslabs/eksdemo/pkg/template"
+)
+
+//
+
+func NewApp() *application.Application {
+	return &application.Application{
+		Command: cmd.Command{
+			Parent:      "example",
+			Name:        "ascp",
+			Description: "Example for AWS Secrets Manager and Config Provider for Secret Store CSI Driver",
+		},
+
+		Dependencies: []*resource.Resource{
+			irsa.NewResourceWithOptions(&irsa.IrsaOptions{
+				CommonOptions: resource.CommonOptions{
+					Name: "example-ascp-irsa",
+				},
+				PolicyType: irsa.PolicyDocument,
+				PolicyDocTemplate: &template.TextTemplate{
+					Template: policyDocument,
+				},
+			}),
+		},
+
+		Installer: &installer.ManifestInstaller{
+			AppName: "example-ascp",
+			ResourceTemplate: &template.TextTemplate{
+				Template: secretsProviderClassTemplate + serviceAccountTemplate + serviceAndDeploymentTemplate,
+			},
+		},
+
+		Options: &application.ApplicationOptions{
+			DisableServiceAccountFlag: true,
+			DisableVersionFlag:        true,
+			Namespace:                 "ascp",
+			ServiceAccount:            "nginx-deployment-sa",
+		},
+	}
+}
+
+// https://github.com/aws/secrets-store-csi-driver-provider-aws#usage
+const policyDocument = `
+Version: '2012-10-17'
+Statement:
+- Effect: Allow
+  Action:
+  - secretsmanager:GetSecretValue
+  - secretsmanager:DescribeSecret
+  Resource: arn:{{ .Partition }}:secretsmanager:{{ .Region }}:{{ .Account }}:secret:MySecret-??????
+`
diff --git a/pkg/application/example/ascp/manifest.go b/pkg/application/example/ascp/manifest.go
new file mode 100644
index 0000000..85e828b
--- /dev/null
+++ b/pkg/application/example/ascp/manifest.go
@@ -0,0 +1,78 @@
+package ascp
+
+// https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/examples/ExampleDeployment.yaml
+const secretsProviderClassTemplate = `---
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: nginx-deployment-aws-secrets
+spec:
+  provider: aws
+  parameters:
+    objects: |
+        - objectName: "MySecret"
+          objectType: "secretsmanager"
+`
+
+const serviceAccountTemplate = `---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations:
+    {{ .IrsaAnnotation }}
+  name: {{ .ServiceAccount}}
+  namespace: {{ .Namespace }}
+`
+
+// https://github.com/aws/secrets-store-csi-driver-provider-aws/blob/main/examples/ExampleDeployment.yaml
+const serviceAndDeploymentTemplate = `---
+kind: Service
+apiVersion: v1
+metadata:
+  name: nginx-deployment
+  namespace: {{ .Namespace }}
+  labels:
+    app: nginx
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: {{ .Namespace }}
+  labels:
+    app: nginx
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      serviceAccountName: nginx-deployment-sa
+      volumes:
+      - name: secrets-store-inline
+        csi:
+          driver: secrets-store.csi.k8s.io
+          readOnly: true
+          volumeAttributes:
+            secretProviderClass: "nginx-deployment-aws-secrets"
+      containers:
+      - name: nginx-deployment
+        image: nginx
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: secrets-store-inline
+          mountPath: "/mnt/secrets-store"
+          readOnly: true
+`