diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 8900913..799f88c 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -127,7 +127,11 @@ Insert LDAP environment variables
 - name: LDAPADMINDN
   value: "{{ $ldap.adminDn }}"
 - name: LDAPADMINPASSWORD
-  value: "{{ $ldap.adminPassword }}"
+  valueFrom:
+    secretKeyRef:
+      name: {{ $ldap.existingSecret | default (printf "%s-ldap-passwords-secret" (include "georchestra.fullname" .)) }}
+      key: SLAPD_PASSWORD
+      optional: false
 - name: LDAPUSERSRDN
   value: "{{ $ldap.usersRdn }}"
 - name: LDAPROLESRDN
diff --git a/templates/ldap/openldap-deployment.yaml b/templates/ldap/openldap-deployment.yaml
index 184b64b..056afa5 100644
--- a/templates/ldap/openldap-deployment.yaml
+++ b/templates/ldap/openldap-deployment.yaml
@@ -36,8 +36,6 @@ spec:
             value: georchestra
           - name: SLAPD_DOMAIN
             value: georchestra.org
-          - name: SLAPD_PASSWORD
-            value: secret
           - name: RUN_AS_UID
             value: "0"
           - name: RUN_AS_GID
@@ -45,8 +43,12 @@ spec:
           {{- if $webapp.extra_environment }}
           {{- $webapp.extra_environment | toYaml | nindent 10 }}
           {{- end }}
+        # Load the ldap admin password from a secret. Can also allow to override some other env vars with env vars defined in this secret, like for instance the GEORCHESTRA_PRIVILEGED_USER_PASSWORD
+        envFrom:
+          - secretRef:
+              name: {{ .Values.ldap.existingSecret | default (printf "%s-ldap-passwords-secret" (include "georchestra.fullname" .)) | quote }}
         ports:
-        - containerPort: 389
+        - containerPort: {{ .Values.ldap.port }}
           name: ldap
         volumeMounts:
           - mountPath: /etc/ldap
@@ -58,9 +60,9 @@ spec:
             command:
             - ldapsearch
             - -x
-            - -Hldap://localhost:389/
-            - -bdc=georchestra,dc=org
-            - cn=admin,dc=georchestra,dc=org
+            - -Hldap://localhost:{{ .Values.ldap.port }}/
+            - -b{{ .Values.ldap.baseDn }}
+            - {{ .Values.ldap.adminDn }}
           initialDelaySeconds: 30
       volumes:
       - name: openldap-data
diff --git a/templates/ldap/openldap-passwords-secret.yaml b/templates/ldap/openldap-passwords-secret.yaml
new file mode 100644
index 0000000..6382bb4
--- /dev/null
+++ b/templates/ldap/openldap-passwords-secret.yaml
@@ -0,0 +1,11 @@
+{{- if (not .Values.ldap.existingSecret ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "georchestra.fullname" . }}-ldap-passwords-secret
+  labels:
+    {{- include "georchestra.labels" . | nindent 4 }}
+type: Opaque
+data:
+  SLAPD_PASSWORD: {{ .Values.ldap.adminPassword | b64enc | quote }}
+{{- end }}
diff --git a/values.yaml b/values.yaml
index 075d68c..c5213f8 100644
--- a/values.yaml
+++ b/values.yaml
@@ -197,6 +197,16 @@ ldap:
   adminDn: "cn=admin,dc=georchestra,dc=org"
   rolesRdn: "ou=roles"
   orgsRdn: "ou=orgs"
+  # By default, a secret is automatically created with the password declared above.
+  # You can override this by using an existingSecret declaring some environment variables
+  # and that should at least declare the ldap admin password
+  # Example of valid secret content (limited to the data part) would be
+  # "data": {
+  #     "SLAPD_PASSWORD": "mysecretldapadminpasswor_base64encoded"
+  # },
+  # Optionally, you can also provide the GEORCHESTRA_PRIVILEGED_USER_PASSWORD env var, that will
+  # be used to replace the default one on first run, see https://github.com/georchestra/georchestra/blob/master/ldap/docker-root/docker-entrypoint.d/01-populate#L47-L54
+  # existingSecret: mysecretldapenvvars
 
 database:
   builtin: true