diff --git a/charts/centralidp/templates/secret-centralidp.yaml b/charts/centralidp/templates/secret-centralidp.yaml
index e43b4d22..901278fa 100644
--- a/charts/centralidp/templates/secret-centralidp.yaml
+++ b/charts/centralidp/templates/secret-centralidp.yaml
@@ -30,7 +30,7 @@ data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
   # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
-  admin-password: {{ ( .Values.secrets.auth.existingSecret.adminpassword | b64enc | quote ) | default ( index $secret.data "admin-password" ) }}
+  admin-password: {{ ( .Values.secrets.auth.existingSecret.adminpassword | b64enc ) | default ( index $secret.data "admin-password" ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
diff --git a/charts/centralidp/templates/secret-external-db.yaml b/charts/centralidp/templates/secret-external-db.yaml
index ca8a23db..656a89fc 100644
--- a/charts/centralidp/templates/secret-external-db.yaml
+++ b/charts/centralidp/templates/secret-external-db.yaml
@@ -30,7 +30,7 @@ type: Opaque
 data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
-  password: {{ ( .Values.keycloak.externalDatabase.password | b64enc | quote ) | default $secret.data.password }}
+  password: {{ ( .Values.keycloak.externalDatabase.password | b64enc ) | default $secret.data.password  | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
diff --git a/charts/centralidp/templates/secret-postgres-init.yaml b/charts/centralidp/templates/secret-postgres-init.yaml
index fe17c8a2..5305014b 100644
--- a/charts/centralidp/templates/secret-postgres-init.yaml
+++ b/charts/centralidp/templates/secret-postgres-init.yaml
@@ -31,9 +31,9 @@ data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
   # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
-  postgres-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.postgrespassword | b64enc | quote )  | default ( index $secret.data "postgres-password" ) }}
-  password: {{ ( .Values.secrets.postgresql.auth.existingSecret.password | b64enc | quote ) | default $secret.data.password }}
-  replication-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.replicationPassword | b64enc | quote )  | default ( index $secret.data "replication-password" ) }}
+  postgres-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.postgrespassword | b64enc )  | default ( index $secret.data "postgres-password" ) | quote }}
+  password: {{ ( .Values.secrets.postgresql.auth.existingSecret.password | b64enc ) | default $secret.data.password | quote }}
+  replication-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.replicationPassword | b64enc )  | default ( index $secret.data "replication-password" ) | quote}}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
diff --git a/charts/sharedidp/templates/secret-external-db.yaml b/charts/sharedidp/templates/secret-external-db.yaml
index ca8a23db..38a3408b 100644
--- a/charts/sharedidp/templates/secret-external-db.yaml
+++ b/charts/sharedidp/templates/secret-external-db.yaml
@@ -30,7 +30,7 @@ type: Opaque
 data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
-  password: {{ ( .Values.keycloak.externalDatabase.password | b64enc | quote ) | default $secret.data.password }}
+  password: {{ ( .Values.keycloak.externalDatabase.password | b64enc ) | default $secret.data.password | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
diff --git a/charts/sharedidp/templates/secret-postgres-init.yaml b/charts/sharedidp/templates/secret-postgres-init.yaml
index 93ebfac0..7c640192 100644
--- a/charts/sharedidp/templates/secret-postgres-init.yaml
+++ b/charts/sharedidp/templates/secret-postgres-init.yaml
@@ -31,9 +31,9 @@ data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
   # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
-  postgres-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.postgrespassword | b64enc | quote )  | default ( index $secret.data "postgres-password" ) }}
-  password: {{ ( .Values.secrets.postgresql.auth.existingSecret.password | b64enc | quote ) | default $secret.data.password }}
-  replication-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.replicationPassword | b64enc | quote )  | default ( index $secret.data "replication-password" ) }}
+  postgres-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.postgrespassword | b64enc )  | default ( index $secret.data "postgres-password" ) | quote }}
+  password: {{ ( .Values.secrets.postgresql.auth.existingSecret.password | b64enc ) | default $secret.data.password | quote }}
+  replication-password: {{ ( .Values.secrets.postgresql.auth.existingSecret.replicationPassword | b64enc )  | default ( index $secret.data "replication-password" ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
diff --git a/charts/sharedidp/templates/secret-sharedidp.yaml b/charts/sharedidp/templates/secret-sharedidp.yaml
index e43b4d22..901278fa 100644
--- a/charts/sharedidp/templates/secret-sharedidp.yaml
+++ b/charts/sharedidp/templates/secret-sharedidp.yaml
@@ -30,7 +30,7 @@ data:
   # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
   # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
   # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
-  admin-password: {{ ( .Values.secrets.auth.existingSecret.adminpassword | b64enc | quote ) | default ( index $secret.data "admin-password" ) }}
+  admin-password: {{ ( .Values.secrets.auth.existingSecret.adminpassword | b64enc ) | default ( index $secret.data "admin-password" ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one