diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc7219db7d4..524e8e33c05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -108,6 +108,7 @@ New deprecation(s):
 - **General**: Introduce ENABLE_OPENTELEMETRY in deploying/testing process  ([#5375](https://github.com/kedacore/keda/issues/5375)|[#5578](https://github.com/kedacore/keda/issues/5578))
 - **General**: Migrate away from unmaintained golang/mock and use uber/gomock ([#5440](https://github.com/kedacore/keda/issues/5440))
 - **General**: Minor refactor to reduce copy/paste code in ScaledObject webhook ([#5397](https://github.com/kedacore/keda/issues/5397))
+- **General**: No need to list all secret in the namespace to find just one ([#5669](https://github.com/kedacore/keda/pull/5669))
 - **Kafka**: Expose GSSAPI service name  ([#5474](https://github.com/kedacore/keda/issues/5474))
 
 ## v2.13.1
diff --git a/pkg/certificates/certificate_manager.go b/pkg/certificates/certificate_manager.go
index 5f390e1b205..abd4e5e806d 100644
--- a/pkg/certificates/certificate_manager.go
+++ b/pkg/certificates/certificate_manager.go
@@ -24,6 +24,7 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/open-policy-agent/cert-controller/pkg/rotator"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -109,26 +110,24 @@ func getDNSNames(service, k8sClusterDomain string) []string {
 
 // ensureSecret ensures that the secret used for storing TLS certificates exists
 func (cm CertManager) ensureSecret(ctx context.Context, mgr manager.Manager, secretName string) error {
-	secrets := &corev1.SecretList{}
+	secret := &corev1.Secret{}
 	kedaNamespace := kedautil.GetPodNamespace()
-	opt := &client.ListOptions{
+	objKey := client.ObjectKey{
 		Namespace: kedaNamespace,
+		Name:      secretName,
 	}
-
-	err := mgr.GetAPIReader().List(ctx, secrets, opt)
+	create := false
+	err := mgr.GetAPIReader().Get(ctx, objKey, secret)
 	if err != nil {
-		cm.Logger.Error(err, "unable to check secrets")
-		return err
-	}
-
-	exists := false
-	for _, secret := range secrets.Items {
-		if secret.Name == secretName {
-			exists = true
-			break
+		if errors.IsNotFound(err) {
+			create = true
+		} else {
+			cm.Logger.Error(err, "unable to check secret")
+			return err
 		}
 	}
-	if !exists {
+
+	if create {
 		secret := &corev1.Secret{
 			ObjectMeta: v1.ObjectMeta{
 				Name:      secretName,