diff --git a/terraform/addons/external-vuln-scans/main.tf b/terraform/addons/external-vuln-scans/main.tf
index 1693667820..5d29d4dccd 100644
--- a/terraform/addons/external-vuln-scans/main.tf
+++ b/terraform/addons/external-vuln-scans/main.tf
@@ -14,7 +14,8 @@ locals {
   ]
   secrets = [
     for k, v in merge(var.fleet_config.extra_secrets, {
-      FLEET_MYSQL_PASSWORD = var.fleet_config.database.password_secret_arn
+      FLEET_MYSQL_PASSWORD              = var.fleet_config.database.password_secret_arn
+      FLEET_MYSQL_READ_REPLICA_PASSWORD = var.fleet_config.database.password_secret_arn
       }) : {
       name      = k
       valueFrom = v
@@ -83,6 +84,18 @@ resource "aws_ecs_task_definition" "vuln-processing" {
           name  = "FLEET_MYSQL_ADDRESS"
           value = var.fleet_config.database.address
         },
+        {
+          name  = "FLEET_MYSQL_READ_REPLICA_USERNAME"
+          value = var.fleet_config.database.user
+        },
+        {
+          name  = "FLEET_MYSQL_READ_REPLICA_DATABASE"
+          value = var.fleet_config.database.database
+        },
+        {
+          name  = "FLEET_MYSQL_READ_REPLICA_ADDRESS"
+          value = var.fleet_config.database.rr_address == null ? var.fleet_config.database.address : var.fleet_config.database.rr_address
+        },
         {
           name  = "FLEET_REDIS_ADDRESS"
           value = var.fleet_config.redis.address