diff --git a/cmd/azure-keyvault-secrets-webhook/main.go b/cmd/azure-keyvault-secrets-webhook/main.go
index 82d01911..13a4d65d 100644
--- a/cmd/azure-keyvault-secrets-webhook/main.go
+++ b/cmd/azure-keyvault-secrets-webhook/main.go
@@ -206,6 +206,7 @@ func initConfig() {
 	viper.SetDefault("metrics_enabled", false)
 	viper.SetDefault("env_injector_exec_dir", "/azure-keyvault/")
 
+	viper.SetDefault("webhook_container_image_pull_policy", corev1.PullIfNotPresent)
 	viper.SetDefault("webhook_container_security_context_read_only", false)
 	viper.SetDefault("webhook_container_security_context_non_root", false)
 	viper.SetDefault("webhook_container_security_context_user_uid", 1000)
diff --git a/cmd/azure-keyvault-secrets-webhook/pod.go b/cmd/azure-keyvault-secrets-webhook/pod.go
index 722fd7f7..f94ef5bb 100644
--- a/cmd/azure-keyvault-secrets-webhook/pod.go
+++ b/cmd/azure-keyvault-secrets-webhook/pod.go
@@ -65,7 +65,7 @@ func (p podWebHook) getInitContainers() []corev1.Container {
 	container := corev1.Container{
 		Name:            "copy-azurekeyvault-env",
 		Image:           viper.GetString("azurekeyvault_env_image"),
-		ImagePullPolicy: corev1.PullIfNotPresent,
+		ImagePullPolicy: corev1.PullPolicy(viper.GetString("webhook_container_image_pull_policy")),
 		Command:         []string{"sh", "-c", cmd},
 		SecurityContext: &corev1.SecurityContext{
 			Capabilities: &corev1.Capabilities{