diff --git a/charts/garm/templates/_credentials.tpl b/charts/garm/templates/_credentials.tpl
index cc41a51..e93bd03 100644
--- a/charts/garm/templates/_credentials.tpl
+++ b/charts/garm/templates/_credentials.tpl
@@ -33,24 +33,22 @@ Get Gitea token - either user-provided or generated
 {{- end -}}
 {{- end -}}
 
-{{/*
-Get JWT secret - either user-provided or generated
-*/}}
 {{- define "garm.jwtSecret" -}}
-{{- if .Values.garm.jwtAuth.secret -}}
-{{- .Values.garm.jwtAuth.secret -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}}
+{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).jwt_auth.secret) -}}
+{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}}
+{{ $another.jwt_auth.secret }}
 {{- else -}}
 {{- include "garm.randomString" . -}}
 {{- end -}}
 {{- end -}}
 
-{{/*
-Get database passphrase - either user-provided or generated
-*/}}
 {{- define "garm.dbPassphrase" -}}
-{{- if .Values.garm.database.passphrase -}}
-{{- .Values.garm.database.passphrase -}}
+{{- $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-config" ( include "garm.fullname" . )) -}}
+{{- if and $secret ((fromToml (index $secret.data "config.toml" | b64dec)).database.passphrase) -}}
+{{- $another := fromToml (index $secret.data "config.toml" | b64dec) -}}
+{{ $another.database.passphrase }}
 {{- else -}}
 {{- include "garm.randomString" . -}}
 {{- end -}}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/charts/garm/values.yaml b/charts/garm/values.yaml
index 484cf2a..2e3629f 100644
--- a/charts/garm/values.yaml
+++ b/charts/garm/values.yaml
@@ -52,8 +52,6 @@ garm:
     disableAuth: false
 
   jwtAuth:
-    # You should change this in production
-    # secret: "changeme-use-a-secure-random-string"
     timeToLive: "8760h"
 
   apiserver:
@@ -65,7 +63,6 @@ garm:
 
   database:
     backend: sqlite3
-    # passphrase: "changeme-use-a-secure-random-string"
     sqlite3:
       dbFile: "/garm/garm.db"