diff --git a/deployment/helm/templates/deployment.yaml b/deployment/helm/templates/deployment.yaml
index e02c22be14f5d12363c25b05fd186891acc8d40b..4ea1a708c1380cdc92c110dc2f1545ce5b3dffd9 100644
--- a/deployment/helm/templates/deployment.yaml
+++ b/deployment/helm/templates/deployment.yaml
@@ -52,14 +52,25 @@ spec:
             value: {{ .Values.signer.http.timeout.write | quote }}
           - name: VAULT_ADDR
             value: {{ .Values.signer.vault.addr | quote }}
+          {{- if .Values.signer.vault.token }}
           - name: VAULT_TOKEN
             value: {{ .Values.signer.vault.token | quote }}
+          {{- end }}
           - name: VAULT_SIGNING_KEY
             value: {{ .Values.signer.vault.key.signing | quote }}
           - name: VAULT_SUPPORTED_KEYS
             value: {{ .Values.signer.vault.key.supported | quote }}
           - name: CREDENTIAL_ISSUER
             value: {{ .Values.signer.credential.issuer | quote }}
+          {{- if .Values.secretEnv }}
+          {{- range $key, $value := .Values.secretEnv }}
+          - name: "{{ $key }}"
+            valueFrom:
+              secretKeyRef:
+                name: "{{ $value.name }}"
+                key: "{{ $value.key }}"
+          {{- end }}
+          {{- end }}
 {{- if .Values.extraVars }}
 {{ toYaml .Values.extraVars | indent 8 }}
 {{- end }}