diff --git a/charts/authentik/README.md b/charts/authentik/README.md
index c447e67..bad0c63 100644
--- a/charts/authentik/README.md
+++ b/charts/authentik/README.md
@@ -165,6 +165,7 @@ The secret `authentik-postgres-credentials` must have `username` and `password`
 | global.podLabels | object | `{}` | Labels for all deployed pods |
 | global.priorityClassName | string | `""` | Default priority class for all components |
 | global.revisionHistoryLimit | int | `3` |  |
+| global.secretAnnotations | object | `{}` | Annotations for all deployed secrets |
 | global.securityContext | object | `{}` (See [values.yaml]) | Toggle and define pod-level security context. |
 | global.tolerations | list | `[]` | Default tolerations for all components |
 | global.topologySpreadConstraints | list | `[]` | Default [TopologySpreadConstraints] rules for all components # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ |
diff --git a/charts/authentik/templates/secret.yaml b/charts/authentik/templates/secret.yaml
index ad8718b..dea159f 100644
--- a/charts/authentik/templates/secret.yaml
+++ b/charts/authentik/templates/secret.yaml
@@ -5,9 +5,9 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "authentik.labels" (dict "context" .) | nindent 4 }}
-  {{- if .Values.annotations }}
+  {{- if .Values.global.secretAnnotations }}
   annotations:
-    {{- toYaml .Values.annotations | nindent 4 }}
+    {{- toYaml .Values.global.secretAnnotations | nindent 4 }}
   {{- end }}
 data:
   {{- include "authentik.env" (dict "root" . "values" .Values.authentik) | indent 2 }}
diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml
index 18abe2e..02bb1bf 100644
--- a/charts/authentik/values.yaml
+++ b/charts/authentik/values.yaml
@@ -40,6 +40,9 @@ global:
   # -- Annotations for all deployed pods
   podAnnotations: {}
 
+  # -- Annotations for all deployed secrets
+  secretAnnotations: {}
+
   # -- Labels for all deployed pods
   podLabels: {}