diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml b/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml
new file mode 100644
index 0000000000000..457e5892667a3
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml
@@ -0,0 +1,4 @@
+actionTests:
+  - action: push
+    inputPath: testdata/push-secret.yaml
+    expectedOutputPath: testdata/push-secret-updated.yaml
diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua b/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua
new file mode 100644
index 0000000000000..6b095fbd98dbe
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua
@@ -0,0 +1,3 @@
+actions = {}
+actions["push"] = {["disabled"] = false}
+return actions
diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/push/action.lua b/resource_customizations/external-secrets.io/PushSecret/actions/push/action.lua
new file mode 100644
index 0000000000000..fa29c485fa16a
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/push/action.lua
@@ -0,0 +1,6 @@
+local os = require("os")
+if obj.metadata.annotations == nil then
+    obj.metadata.annotations = {}
+end
+obj.metadata.annotations["force-sync"] = os.date("!%Y-%m-%dT%XZ")
+return obj
diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/testdata/push-secret-updated.yaml b/resource_customizations/external-secrets.io/PushSecret/actions/testdata/push-secret-updated.yaml
new file mode 100644
index 0000000000000..952f7e98232c0
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/testdata/push-secret-updated.yaml
@@ -0,0 +1,41 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  annotations:
+    force-sync: '0001-01-01T00:00:00Z'
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-healthy
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: PushSecret synced successfully
+      reason: Synced
+      status: 'True'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store:
+      remote/path/test:
+        match:
+          remoteRef:
+            property: test
+            remoteKey: remote/path
+          secretKey: test
diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/testdata/push-secret.yaml b/resource_customizations/external-secrets.io/PushSecret/actions/testdata/push-secret.yaml
new file mode 100644
index 0000000000000..487233a773e95
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/testdata/push-secret.yaml
@@ -0,0 +1,39 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-healthy
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: PushSecret synced successfully
+      reason: Synced
+      status: 'True'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store:
+      remote/path/test:
+        match:
+          remoteRef:
+            property: test
+            remoteKey: remote/path
+          secretKey: test
diff --git a/resource_customizations/external-secrets.io/PushSecret/health.lua b/resource_customizations/external-secrets.io/PushSecret/health.lua
new file mode 100644
index 0000000000000..d86cb4c47f8b5
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/health.lua
@@ -0,0 +1,20 @@
+hs = {}
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    for i, condition in ipairs(obj.status.conditions) do
+      if condition.type == "Ready" and condition.status == "False" then
+        hs.status = "Degraded"
+        hs.message = condition.message
+        return hs
+      end
+      if condition.type == "Ready" and condition.status == "True" then
+        hs.status = "Healthy"
+        hs.message = condition.message
+        return hs
+      end
+    end
+  end
+end
+hs.status = "Progressing"
+hs.message = "Waiting for PushSecret"
+return hs
diff --git a/resource_customizations/external-secrets.io/PushSecret/health_test.yaml b/resource_customizations/external-secrets.io/PushSecret/health_test.yaml
new file mode 100644
index 0000000000000..07d6ab3c70136
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/health_test.yaml
@@ -0,0 +1,13 @@
+tests:
+  - healthStatus:
+      status: Progressing
+      message: Waiting for PushSecret
+    inputPath: testdata/progressing.yaml
+  - healthStatus:
+      status: Degraded
+      message: 'set secret failed: could not write remote ref test to target secretstore my-store: Error making API request.'
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Healthy
+      message: 'PushSecret synced successfully'
+    inputPath: testdata/healthy.yaml
diff --git a/resource_customizations/external-secrets.io/PushSecret/testdata/degraded.yaml b/resource_customizations/external-secrets.io/PushSecret/testdata/degraded.yaml
new file mode 100644
index 0000000000000..aab422eb3eb30
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/testdata/degraded.yaml
@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-degraded
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: 'set secret failed: could not write remote ref test to target secretstore my-store: Error making API request.'
+      reason: Errored
+      status: 'False'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store: {}
diff --git a/resource_customizations/external-secrets.io/PushSecret/testdata/healthy.yaml b/resource_customizations/external-secrets.io/PushSecret/testdata/healthy.yaml
new file mode 100644
index 0000000000000..487233a773e95
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/testdata/healthy.yaml
@@ -0,0 +1,39 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-healthy
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
+status:
+  conditions:
+    - lastTransitionTime: '2023-07-05T20:49:16Z'
+      message: PushSecret synced successfully
+      reason: Synced
+      status: 'True'
+      type: Ready
+  syncedPushSecrets:
+    ClusterSecretStore/my-store:
+      remote/path/test:
+        match:
+          remoteRef:
+            property: test
+            remoteKey: remote/path
+          secretKey: test
diff --git a/resource_customizations/external-secrets.io/PushSecret/testdata/progressing.yaml b/resource_customizations/external-secrets.io/PushSecret/testdata/progressing.yaml
new file mode 100644
index 0000000000000..e67d679bae123
--- /dev/null
+++ b/resource_customizations/external-secrets.io/PushSecret/testdata/progressing.yaml
@@ -0,0 +1,24 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: PushSecret
+metadata:
+  creationTimestamp: '2023-07-05T20:49:16Z'
+  generation: 1
+  name: test-progressing
+  namespace: external-secret
+  resourceVersion: '777692391'
+  uid: 88cb613a-07b0-4fb2-8fdb-d5a5a9c2c917
+spec:
+  data:
+    - match:
+        remoteRef:
+          property: test
+          remoteKey: remote/path
+        secretKey: test
+  deletionPolicy: None
+  refreshInterval: 5m
+  secretStoreRefs:
+    - kind: ClusterSecretStore
+      name: my-store
+  selector:
+    secret:
+      name: existing-secret
diff --git a/util/lua/custom_actions_test.go b/util/lua/custom_actions_test.go
index 8f7d0e7495513..6cf5b0916445a 100644
--- a/util/lua/custom_actions_test.go
+++ b/util/lua/custom_actions_test.go
@@ -58,7 +58,7 @@ func (t testNormalizer) Normalize(un *unstructured.Unstructured) error {
 		if err != nil {
 			return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err)
 		}
-	case "ExternalSecret":
+	case "ExternalSecret", "PushSecret":
 		err := unstructured.SetNestedStringMap(un.Object, map[string]string{"force-sync": "0001-01-01T00:00:00Z"}, "metadata", "annotations")
 		if err != nil {
 			return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err)