diff --git a/Makefile b/Makefile
index 517c5b1..f9a7c0e 100644
--- a/Makefile
+++ b/Makefile
@@ -58,7 +58,7 @@ vet:
 
 .PHONY: build-ttl.sh
 build-ttl.sh:
-	docker buildx build . -t ttl.sh/${USER}/replicated-sdk:24h -f deploy/Dockerfile
+	docker buildx build . -t ttl.sh/${USER}/replicated-sdk:24h -f deploy/Dockerfile --load
 	docker push ttl.sh/${USER}/replicated-sdk:24h
 
 	make -C chart build-ttl.sh
diff --git a/chart/templates/replicated-deployment.yaml b/chart/templates/replicated-deployment.yaml
index bf1cedb..6427382 100644
--- a/chart/templates/replicated-deployment.yaml
+++ b/chart/templates/replicated-deployment.yaml
@@ -53,6 +53,14 @@ spec:
         configMap:
           defaultMode: 420
           name: {{ .Values.privateCAConfigmap }}
+      {{- else if .Values.privateCASecret }}
+      - name: additional-certs
+        secret:
+          defaultMode: 420
+          secretName: {{ .Values.privateCASecret.name }}
+          items:
+          - key: {{ .Values.privateCASecret.key }}
+            path: ca.crt
       {{- end }}
       containers:
       - name: replicated
@@ -74,12 +82,16 @@ spec:
         {{- if .Values.privateCAConfigmap }}
         - mountPath: /certs
           name: additional-certs
+        {{- else if .Values.privateCASecret }}
+        - mountPath: /certs/ca.crt
+          subPath: ca.crt
+          name: additional-certs
         {{- end }}
         env:
         {{- with .Values.extraEnv }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
-        {{- if .Values.privateCAConfigmap }}
+        {{- if or .Values.privateCAConfigmap .Values.privateCASecret }}
         - name: SSL_CERT_DIR
           value: /certs
         {{- end }}
diff --git a/chart/values.yaml.tmpl b/chart/values.yaml.tmpl
index 127de8f..170abbc 100644
--- a/chart/values.yaml.tmpl
+++ b/chart/values.yaml.tmpl
@@ -60,6 +60,7 @@ service:
   port: 3000
 
 privateCAConfigmap: ~
+privateCASecret: ~
 
 extraEnv: []