diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
index 7568664c..61235656 100644
--- a/stable/anchore-engine/Chart.yaml
+++ b/stable/anchore-engine/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.11.0
+version: 1.11.1
 appVersion: 0.9.0
 description: Anchore container analysis and policy evaluation engine service
 keywords:
diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
index b2338d6a..362973ff 100644
--- a/stable/anchore-engine/templates/engine_configmap.yaml
+++ b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -99,7 +99,9 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      secret: {{ .Values.anchoreGlobal.saml.secret }}
+      {{- if .Values.anchoreGlobal.saml.secret }}
+      secret: ${ANCHORE_SAML_SECRET}
+      {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
       public_key_path: /home/anchore/certs/{{- . }}
       {{- end }}
diff --git a/stable/anchore-engine/templates/enterprise_configmap.yaml b/stable/anchore-engine/templates/enterprise_configmap.yaml
index cb4885a3..6222039a 100644
--- a/stable/anchore-engine/templates/enterprise_configmap.yaml
+++ b/stable/anchore-engine/templates/enterprise_configmap.yaml
@@ -41,7 +41,9 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      secret: {{ .Values.anchoreGlobal.saml.secret }}
+      {{- if .Values.anchoreGlobal.saml.secret }}
+      secret: ${ANCHORE_SAML_SECRET}
+      {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
       public_key_path: /home/anchore/certs/{{- . }}
       {{- end }}
diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
index 70644877..8f669dc9 100644
--- a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
+++ b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
@@ -33,7 +33,9 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      secret: {{ .Values.anchoreGlobal.saml.secret }}
+      {{- if .Values.anchoreGlobal.saml.secret }}
+      secret: ${ANCHORE_SAML_SECRET}
+      {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
       public_key_path: /home/anchore/certs/{{- . }}
       {{- end }}
diff --git a/stable/anchore-engine/templates/secrets.yaml b/stable/anchore-engine/templates/secrets.yaml
index 5bfee1c0..cadb45b0 100644
--- a/stable/anchore-engine/templates/secrets.yaml
+++ b/stable/anchore-engine/templates/secrets.yaml
@@ -18,4 +18,7 @@ stringData:
   {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }}
   .feedsDbPassword: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }}
   {{- end }}
+  {{- with .Values.anchoreGlobal.saml.secret }}
+  ANCHORE_SAML_SECRET: {{ . }}
+  {{- end }}
 {{- end }}
diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
index c3f0de78..acbbe462 100644
--- a/stable/anchore-engine/values.yaml
+++ b/stable/anchore-engine/values.yaml
@@ -173,9 +173,11 @@ anchoreGlobal:
   defaultAdminEmail: example@email.com
 
   saml:
-    # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
+    # Locations for keys used for signing and encryption. Only one of 'secret' or 'privateKeyName'/'publicKeyName' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     secret: Null
+    # If set to true, use the secret specified in anchoreGlobal.existingSecret to set the ANCHORE_SAML_SECRET env variable
+    useExistingSecret: false
     privateKeyName: Null
     publicKeyName: Null