diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index e239785c..6a5a774b 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -66,6 +66,56 @@ postgresql Port
 {{- end -}}
 {{- end -}}
 
+{{/*
+Get the betydb secret.
+*/}}
+{{- define "betydb.secretName" -}}
+{{- if .Values.auth.existingSecret -}}
+    {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
+{{- else -}}
+    {{- printf "%s" (include "betydb.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the betyPassword key.
+*/}}
+{{- define "betyPassword" -}}
+{{- if .Values.auth.existingSecret }}
+    {{- if .Values.auth.secretKeys.betyPassword }}
+        {{- printf "%s" (tpl .Values.auth.secretKeys.betyPassword $) -}}
+    {{- else -}}
+        {{ .Values.betyPassword | b64enc | quote }}
+    {{- end -}}
+{{- else -}}
+    {{ .Values.betyPassword | b64enc | quote }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the betydb encryption secret key.
+*/}}
+{{- define "betydb.betydbEncryptionSecretKey" -}}
+{{- if .Values.auth.existingSecret }}
+    {{- if .Values.auth.secretKeys.betydbEncryptionKey }}
+        {{- printf "%s" (tpl .Values.auth.secretKeys.betydbEncryptionKey $) -}}
+    {{- else -}}
+        {{- "secretKey" }}
+    {{- end -}}
+{{- else -}}
+    {{- "secretKey" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a betydb secret object should be created
+*/}}
+{{- define "betydb.createSecret" -}}
+{{- if not (.Values.auth.existingSecret) -}}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Environment variables for PostgreSQL
 */}}
@@ -94,11 +144,6 @@ Environment variables for BetyDB
 {{- define "betydb.betydbEnv" -}}
 - name: BETYUSER
   value: {{ .Values.betyUser | quote }}
-- name: BETYPASSWORD
-  valueFrom:
-    secretKeyRef:
-      name: {{ include "betydb.fullname" . }}
-      key: betyPassword
 - name: BETYDATABASE
   value: {{ .Values.betyDatabase | quote }}
 - name: LOCAL_SERVER
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index b9027786..2207a1c5 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -60,12 +60,17 @@ spec:
             - name: SECRET_KEY_BASE
               valueFrom:
                 secretKeyRef:
-                  name: {{ include "betydb.fullname" . }}
-                  key: secretKey
+                  name: {{ include "betydb.secretName" . }}
+                  key: {{ include "betydb.betydbEncryptionSecretKey" . }}
             - name: RAILS_RELATIVE_URL_ROOT
               value: {{ .Values.ingress.path | default "" | trimSuffix "/" | quote }}
             - name: RAILS_LOG_TO_STDOUT
               value: "true"
+            - name: BETYPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "betydb.secretName" . }}
+                  key: {{ include "betydb.betydbPasswordKey" . }}
             {{- include "betydb.postgresqlEnv" . | nindent 12 }}
             {{- include "betydb.betydbEnv" . | nindent 12 }}
           {{- if .Values.customization }}
diff --git a/templates/hooks/add-user.yaml b/templates/hooks/add-user.yaml
index df160cbe..189a0df4 100644
--- a/templates/hooks/add-user.yaml
+++ b/templates/hooks/add-user.yaml
@@ -64,6 +64,11 @@ spec:
             - {{ .data | quote }}
             - {{ .page | quote }}
           env:
+            - name: BETYPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "betydb.secretName" . }}
+                  key: {{ include "betydb.betydbPasswordKey" . }}
             {{- $pgenv | nindent 12 }}
             {{- $betyenv | nindent 12 }}
         {{- end }}
diff --git a/templates/hooks/load-db.yaml b/templates/hooks/load-db.yaml
index e6e244db..3f843c5b 100644
--- a/templates/hooks/load-db.yaml
+++ b/templates/hooks/load-db.yaml
@@ -57,6 +57,11 @@ spec:
           imagePullPolicy: Always
           {{- end }}
           env:
+            - name: BETYPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "betydb.secretName" . }}
+                  key: {{ include "betydb.betydbPasswordKey" . }}
             {{- include "betydb.postgresqlEnv" . | nindent 12 }}
             {{- include "betydb.betydbEnv" . | nindent 12 }}
 {{- end }}
diff --git a/templates/secrets.yaml b/templates/secrets.yaml
index 70d0e937..65084858 100644
--- a/templates/secrets.yaml
+++ b/templates/secrets.yaml
@@ -1,3 +1,4 @@
+{{- if (include "postgresql.createSecret" .) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -11,3 +12,4 @@ data:
 {{- end }}
   betyPassword:  {{ .Values.betyPassword | b64enc | quote }}
   secretKey:  {{ .Values.secretKey | b64enc | quote }}
+{{- end }}
\ No newline at end of file
diff --git a/values.yaml b/values.yaml
index 13d48931..40e3f1c1 100644
--- a/values.yaml
+++ b/values.yaml
@@ -181,3 +181,12 @@ affinity: {}
 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
 hooks:
   affinity: {}
+
+
+## Use existing bety password as secret
+## Create secret pecan-betydb-old with key betyPassword
+auth:
+  existingSecret: ""
+  secretKeys:
+    betydbPasswordKey: ""
+    betydbEncryptSecretKey: ""
\ No newline at end of file