diff --git a/charts/gxf/Chart.yaml b/charts/gxf/Chart.yaml
index 9cab780..d4795b5 100644
--- a/charts/gxf/Chart.yaml
+++ b/charts/gxf/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: gxf
 description: Generic GXF Helm chart
-version: '1.8.1'
+version: '1.8.2'
 icon: https://artwork.lfenergy.org/projects/grid-exchange-fabric/abbrev/color/grid-exchange-fabric-abbrev-color.png
 maintainers:
   - name: OSGP
diff --git a/charts/gxf/templates/certificate-keystore-secret.yaml b/charts/gxf/templates/certificate-keystore-secret.yaml
index 693231f..867ff00 100644
--- a/charts/gxf/templates/certificate-keystore-secret.yaml
+++ b/charts/gxf/templates/certificate-keystore-secret.yaml
@@ -1,7 +1,12 @@
+{{- if .Values.keystore.generateSecret -}}
 apiVersion: v1
-kind: Secret 
+kind: Secret
 metadata:
   name: {{ .Release.Name }}-keystore-password
+  annotations:
+    {{- if .Values.keystore.managedBySealedSecrets }}
+    sealedsecrets.bitnami.com/managed: "true"
+    {{- end }}
 type: Opaque
 data:
   keystore-password: {{ $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-keystore-password" .Release.Name) }}
@@ -10,3 +15,4 @@ data:
     {{- else -}}
       {{- randAlphaNum 32 | b64enc | quote -}}
     {{- end -}}
+{{- end }}
diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml
index 53ae544..368d7ad 100644
--- a/charts/gxf/templates/certificate.yaml
+++ b/charts/gxf/templates/certificate.yaml
@@ -33,7 +33,7 @@ spec:
     pkcs12:
       create: true
       passwordSecretRef:
-        name: {{ $.Release.Name }}-keystore-password
+        name: {{ $.Values.keystore.secretName | default (printf "%s-keystore-password" $.Release.Name) }}
         key: keystore-password
 ---
 {{- end }}
diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml
index eadb185..171d83f 100644
--- a/charts/gxf/values.yaml
+++ b/charts/gxf/values.yaml
@@ -114,3 +114,7 @@ certificates: []
   #   commonName: example.com
   #   dnsNames:
   #     - example.com
+keystore:
+  generateSecret: false  # Set to true if you want to generate a new secret
+  sealedSecretsManaged: false  # Set to false if the annotation should not be added
+  keystoreSecretName: ""