diff --git a/components/tyk-gateway/templates/deployment-gw-repset.yaml b/components/tyk-gateway/templates/deployment-gw-repset.yaml
index aa6d952a..1932098b 100644
--- a/components/tyk-gateway/templates/deployment-gw-repset.yaml
+++ b/components/tyk-gateway/templates/deployment-gw-repset.yaml
@@ -338,9 +338,18 @@ spec:
             value: "{{ .Values.gateway.opentelemetry.exporter }}"
           - name: TYK_GW_OPENTELEMETRY_ENDPOINT
             value: "{{ .Values.gateway.opentelemetry.endpoint}}"
+            {{- if and .Values.gateway.opentelemetry.headers .Values.gateway.opentelemetry.headerSecret.name }}
+              {{- fail "You can't use '.Values.gateway.opentelemetry.headers' and '.Values.gateway.opentelemetry.headerSecret' at the same time!" }}
+            {{- end }}
             {{- if .Values.gateway.opentelemetry.headers }}
           - name: TYK_GW_OPENTELEMETRY_HEADERS
             value: "{{ include "otel-headers" . }}"
+            {{- else if and .Values.gateway.opentelemetry.headerSecret.name .Values.gateway.opentelemetry.headerSecret.key }}
+          - name: TYK_GW_OPENTELEMETRY_HEADERS
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.gateway.opentelemetry.headerSecret.name | quote }}
+                key: {{ .Values.gateway.opentelemetry.headerSecret.key | quote }}
             {{- end }}
           - name: TYK_GW_OPENTELEMETRY_CONNECTIONTIMEOUT
             value: "{{ .Values.gateway.opentelemetry.connectionTimeout }}"
diff --git a/components/tyk-gateway/values.yaml b/components/tyk-gateway/values.yaml
index 24f9a0f9..284157b8 100644
--- a/components/tyk-gateway/values.yaml
+++ b/components/tyk-gateway/values.yaml
@@ -514,6 +514,22 @@ gateway:
     # A map of headers that will be sent with HTTP requests to the collector.
     # It should be set to map of string to string
     headers: {}
+    # A secret that supplies *one* header which is sent with HTTP requests to the collector. Useful for Authorization
+    # headers, which should not be exposed in the Helm values file.
+    # The key of the secret will be used as the header name, and the value will be used as the header value.
+    # Example:
+    #
+    # headerSecret:
+    #   name: otel-auth-secret
+    #   key: Authorization
+    #
+    # This example will be converted to the following header:
+    # Authorization: <value of the secret>
+    #
+    # Note that the headerSecret setting can't be used at the same time as the headers setting.
+    headerSecret:
+      name: otel-auth-secret
+      key: Authorization
     # Timeout for establishing a connection to the collector
     connectionTimeout: 1
     # Name of the resource that will be used to identify the resource.
diff --git a/tyk-control-plane/values.yaml b/tyk-control-plane/values.yaml
index 3cb97255..f30bbefd 100644
--- a/tyk-control-plane/values.yaml
+++ b/tyk-control-plane/values.yaml
@@ -510,6 +510,22 @@ tyk-gateway:
       # A map of headers that will be sent with HTTP requests to the collector.
       # It should be set to map of string to string
       headers: {}
+      # A secret that supplies *one* header which is sent with HTTP requests to the collector. Useful for Authorization
+      # headers, which should not be exposed in the Helm values file.
+      # The key of the secret will be used as the header name, and the value will be used as the header value.
+      # Example:
+      #
+      # headerSecret:
+      #   name: otel-auth-secret
+      #   key: Authorization
+      #
+      # This example will be converted to the following header:
+      # Authorization: <value of the secret>
+      #
+      # Note that the headerSecret setting can't be used at the same time as the headers setting.
+      headerSecret:
+        name: otel-auth-secret
+        key: Authorization
       # Timeout for establishing a connection to the collector
       connectionTimeout: 1
       # Name of the resource that will be used to identify the resource.
diff --git a/tyk-data-plane/values.yaml b/tyk-data-plane/values.yaml
index 919b799e..3ecd77f8 100644
--- a/tyk-data-plane/values.yaml
+++ b/tyk-data-plane/values.yaml
@@ -488,6 +488,22 @@ tyk-gateway:
       # A map of headers that will be sent with HTTP requests to the collector.
       # It should be set to map of string to string
       headers: {}
+      # A secret that supplies *one* header which is sent with HTTP requests to the collector. Useful for Authorization
+      # headers, which should not be exposed in the Helm values file.
+      # The key of the secret will be used as the header name, and the value will be used as the header value.
+      # Example:
+      #
+      # headerSecret:
+      #   name: otel-auth-secret
+      #   key: Authorization
+      #
+      # This example will be converted to the following header:
+      # Authorization: <value of the secret>
+      #
+      # Note that the headerSecret setting can't be used at the same time as the headers setting.
+      headerSecret:
+        name: otel-auth-secret
+        key: Authorization
       # Timeout for establishing a connection to the collector
       connectionTimeout: 1
       # Name of the resource that will be used to identify the resource.
diff --git a/tyk-oss/values.yaml b/tyk-oss/values.yaml
index ef6fea39..b8e696be 100644
--- a/tyk-oss/values.yaml
+++ b/tyk-oss/values.yaml
@@ -444,6 +444,22 @@ tyk-gateway:
       # A map of headers that will be sent with HTTP requests to the collector.
       # It should be set to map of string to string
       headers: {}
+      # A secret that supplies *one* header which is sent with HTTP requests to the collector. Useful for Authorization
+      # headers, which should not be exposed in the Helm values file.
+      # The key of the secret will be used as the header name, and the value will be used as the header value.
+      # Example:
+      #
+      # headerSecret:
+      #   name: otel-auth-secret
+      #   key: Authorization
+      #
+      # This example will be converted to the following header:
+      # Authorization: <value of the secret>
+      #
+      # Note that the headerSecret setting can't be used at the same time as the headers setting.
+      headerSecret:
+        name: otel-auth-secret
+        key: Authorization
       # Timeout for establishing a connection to the collector
       connectionTimeout: 1
       # Name of the resource that will be used to identify the resource.
diff --git a/tyk-stack/values.yaml b/tyk-stack/values.yaml
index 4d7f5e5d..a8bd9248 100644
--- a/tyk-stack/values.yaml
+++ b/tyk-stack/values.yaml
@@ -537,6 +537,22 @@ tyk-gateway:
       # A map of headers that will be sent with HTTP requests to the collector.
       # It should be set to map of string to string
       headers: {}
+      # A secret that supplies *one* header which is sent with HTTP requests to the collector. Useful for Authorization
+      # headers, which should not be exposed in the Helm values file.
+      # The key of the secret will be used as the header name, and the value will be used as the header value.
+      # Example:
+      #
+      # headerSecret:
+      #   name: otel-auth-secret
+      #   key: Authorization
+      #
+      # This example will be converted to the following header:
+      # Authorization: <value of the secret>
+      #
+      # Note that the headerSecret setting can't be used at the same time as the headers setting.
+      headerSecret:
+        name: otel-auth-secret
+        key: Authorization
       # Timeout for establishing a connection to the collector
       connectionTimeout: 1
       # Name of the resource that will be used to identify the resource.