diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 6ee24fee8..8fce623db 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -39,6 +39,13 @@ release: {{ .Release.Name }}
 app: "{{ template "harbor.name" . }}"
 {{- end -}}
 
+{{/* Helper for printing values from existing secrets*/}}
+{{- define "harbor.secretKeyHelper" -}}
+  {{- if and (not (empty .data)) (hasKey .data .key) }}
+    {{- index .data .key | b64dec -}}
+  {{- end -}}
+{{- end -}}
+
 {{- define "harbor.autoGenCert" -}}
   {{- if and .Values.expose.tls.enabled (eq .Values.expose.tls.certSource "auto") -}}
     {{- printf "true" -}}
@@ -89,7 +96,12 @@ app: "{{ template "harbor.name" . }}"
 
 {{- define "harbor.database.rawPassword" -}}
   {{- if eq .Values.database.type "internal" -}}
-    {{- .Values.database.internal.password -}}
+    {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.database" .) -}}
+    {{- if and (not (empty $existingSecret)) (hasKey $existingSecret.data "POSTGRES_PASSWORD") -}}
+      {{- .Values.database.internal.password | default (index $existingSecret.data "POSTGRES_PASSWORD") | b64dec -}}
+    {{- else -}}
+      {{- .Values.database.internal.password -}}
+    {{- end -}}
   {{- else -}}
     {{- .Values.database.external.password -}}
   {{- end -}}
diff --git a/templates/core/core-secret.yaml b/templates/core/core-secret.yaml
index 8577942eb..62a41fce8 100644
--- a/templates/core/core-secret.yaml
+++ b/templates/core/core-secret.yaml
@@ -1,3 +1,4 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.core" .) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -10,7 +11,7 @@ data:
   secretKey: {{ .Values.secretKey | b64enc | quote }}
   {{- end }}
   {{- if not .Values.core.existingSecret }}
-  secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }}
+  secret: {{ .Values.core.secret | default (include "harbor.secretKeyHelper" (dict "key" "secret" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
   {{- end }}
   {{- if not .Values.core.secretName }}
   {{- $ca := genCA "harbor-token-ca" 365 }}
@@ -27,7 +28,7 @@ data:
   REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
   {{- end }}
   {{- if not .Values.core.existingXsrfSecret }}
-  CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }}
+  CSRF_KEY: {{ .Values.core.xsrfKey | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }}
   {{- end }}
 {{- if .Values.core.configureUserSettings }}
   CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }}
diff --git a/templates/jobservice/jobservice-secrets.yaml b/templates/jobservice/jobservice-secrets.yaml
index d5054f6b3..eeb00bde0 100644
--- a/templates/jobservice/jobservice-secrets.yaml
+++ b/templates/jobservice/jobservice-secrets.yaml
@@ -1,3 +1,4 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.jobservice" .) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,7 +8,7 @@ metadata:
 type: Opaque
 data:
   {{- if not .Values.jobservice.existingSecret }}
-  JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (randAlphaNum 16) | b64enc | quote }}
+  JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (include "harbor.secretKeyHelper" (dict "key" "JOBSERVICE_SECRET" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
   {{- end }}
   {{- if not .Values.registry.credentials.existingSecret }}
   REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
diff --git a/templates/registry/registry-dpl.yaml b/templates/registry/registry-dpl.yaml
index 22b5b789a..5cad45969 100644
--- a/templates/registry/registry-dpl.yaml
+++ b/templates/registry/registry-dpl.yaml
@@ -127,6 +127,33 @@ spec:
               name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
               key: AZURE_STORAGE_ACCESS_KEY
         {{- end }}
+        {{- if .Values.persistence.imageChartStorage.swift.existingSecret }}
+        - name: REGISTRY_STORAGE_SWIFT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
+              key: REGISTRY_STORAGE_SWIFT_PASSWORD
+        - name: REGISTRY_STORAGE_SWIFT_SECRETKEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
+              key: REGISTRY_STORAGE_SWIFT_SECRETKEY
+              optional: true
+        - name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
+              key: REGISTRY_STORAGE_SWIFT_ACCESSKEY
+              optional: true
+        {{- end }}
+        {{- if .Values.persistence.imageChartStorage.oss.existingSecret }}
+        - name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.oss.existingSecret }}
+              key: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
+              optional: true
+        {{- end}}
 {{- with .Values.registry.registry.extraEnvVars }}
 {{- toYaml . | nindent 8 }}
 {{- end }}
@@ -253,6 +280,33 @@ spec:
               name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
               key: AZURE_STORAGE_ACCESS_KEY
         {{- end }}
+        {{- if .Values.persistence.imageChartStorage.swift.existingSecret }}
+        - name: REGISTRY_STORAGE_SWIFT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
+              key: REGISTRY_STORAGE_SWIFT_PASSWORD
+        - name: REGISTRY_STORAGE_SWIFT_SECRETKEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
+              key: REGISTRY_STORAGE_SWIFT_SECRETKEY
+              optional: true
+        - name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
+              key: REGISTRY_STORAGE_SWIFT_ACCESSKEY
+              optional: true
+        {{- end }}
+        {{- if .Values.persistence.imageChartStorage.oss.existingSecret }}
+        - name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.imageChartStorage.oss.existingSecret }}
+              key: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
+              optional: true
+        {{- end}}
 {{- with .Values.registry.controller.extraEnvVars }}
 {{- toYaml . | nindent 8 }}
 {{- end }}
diff --git a/templates/registry/registry-secret.yaml b/templates/registry/registry-secret.yaml
index 8ef6ce447..e853a9cbe 100644
--- a/templates/registry/registry-secret.yaml
+++ b/templates/registry/registry-secret.yaml
@@ -1,3 +1,4 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.registry" .) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,7 +8,7 @@ metadata:
 type: Opaque
 data:
   {{- if not .Values.registry.existingSecret }}
-  REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (randAlphaNum 16) | b64enc | quote }}
+  REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (include "harbor.secretKeyHelper" (dict "key" "REGISTRY_HTTP_SECRET" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
   {{- end }}
   {{- if not .Values.redis.external.existingSecret }}
   REGISTRY_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }}
@@ -25,7 +26,7 @@ data:
   {{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }}
   REGISTRY_STORAGE_S3_SECRETKEY: {{ $storage.s3.secretkey | b64enc | quote }}
   {{- end }}
-  {{- else if eq $type "swift" }}
+  {{- else if and (eq $type "swift") (not ($storage.swift.existingSecret)) }}
   REGISTRY_STORAGE_SWIFT_PASSWORD: {{ $storage.swift.password | b64enc | quote }}
   {{- if $storage.swift.secretkey }}
   REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ $storage.swift.secretkey | b64enc | quote }}
@@ -33,7 +34,7 @@ data:
   {{- if $storage.swift.accesskey }}
   REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ $storage.swift.accesskey | b64enc | quote }}
   {{- end }}
-  {{- else if eq $type "oss" }}
+  {{- else if and (eq $type "oss") ((not ($storage.oss.existingSecret))) }}
   REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }}
   {{- end }}
 {{- if not .Values.registry.credentials.existingSecret }}
diff --git a/values.yaml b/values.yaml
index e66f4df63..97b203590 100644
--- a/values.yaml
+++ b/values.yaml
@@ -291,6 +291,8 @@ persistence:
       username: username
       password: password
       container: containername
+      # keys in existing secret must be REGISTRY_STORAGE_SWIFT_PASSWORD, REGISTRY_STORAGE_SWIFT_SECRETKEY, REGISTRY_STORAGE_SWIFT_ACCESSKEY
+      existingSecret: ""
       #region: fr
       #tenant: tenantname
       #tenantid: tenantid
@@ -311,6 +313,8 @@ persistence:
       accesskeysecret: accesskeysecret
       region: regionname
       bucket: bucketname
+      # key in existingSecret must be REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
+      existingSecret: ""
       #endpoint: endpoint
       #internal: false
       #encrypt: false
@@ -633,6 +637,7 @@ registry:
     existingSecret: ""
     # Login and password in htpasswd string format. Excludes `registry.credentials.username`  and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt.
     # htpasswdString: $apr1$XLefHzeG$Xl4.s00sMSCCcMyJljSZb0 # example string
+    htpasswdString: ""
   middleware:
     enabled: false
     type: cloudFront