diff --git a/charts/openproject/templates/_helpers.tpl b/charts/openproject/templates/_helpers.tpl
index f6ef90d..16abb68 100644
--- a/charts/openproject/templates/_helpers.tpl
+++ b/charts/openproject/templates/_helpers.tpl
@@ -146,6 +146,10 @@ securityContext:
 - secretRef:
     name: {{ include "common.names.fullname" . }}-s3
 {{- end }}
+{{- if .Values.s3.auth.existingSecret }}
+- secretRef:
+    name: {{ .Values.s3.auth.existingSecret }}
+{{- end }}
 {{- if eq .Values.openproject.cache.store "memcache" }}
 - secretRef:
     name: {{ include "common.names.fullname" . }}-memcached
diff --git a/charts/openproject/templates/secret_s3.yaml b/charts/openproject/templates/secret_s3.yaml
index d0c1da4..e7d1059 100644
--- a/charts/openproject/templates/secret_s3.yaml
+++ b/charts/openproject/templates/secret_s3.yaml
@@ -10,14 +10,11 @@ data: # reset data to make sure only keys defined below remain
 stringData:
   OPENPROJECT_ATTACHMENTS__STORAGE: fog
   OPENPROJECT_FOG_CREDENTIALS_PROVIDER: AWS
-  {{/* Fall back to '_' as secret name if the name is not given. This way `lookup` will return null (since secrets with this name will and cannot exist) which it doesn't with an empty string. */}}
-  {{ $secret := (lookup "v1" "Secret" .Release.Namespace (default "_" .Values.s3.auth.existingSecret)) | default (dict "data" dict) -}}
-  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{
-    default .Values.s3.auth.accessKeyId (get $secret.data .Values.s3.auth.secretKeys.accessKeyId | b64dec) | quote
-  }}
-  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{
-    default .Values.s3.auth.secretAccessKey (get $secret.data .Values.s3.auth.secretKeys.secretAccessKey | b64dec) | quote
-  }}
+  {{- if not .Values.s3.auth.existingSecret }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{ .Values.s3.auth.accessKeyId }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.s3.auth.secretAccessKey }}
+  {{- end }}
+
   {{ if .Values.s3.endpoint -}}
   OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.s3.endpoint }}
   {{- end }}
diff --git a/charts/openproject/values.yaml b/charts/openproject/values.yaml
index 8d62388..b68ba89 100644
--- a/charts/openproject/values.yaml
+++ b/charts/openproject/values.yaml
@@ -468,12 +468,13 @@ s3:
     ## To avoid having sensitive credentials in your values.yaml, the preferred way is to
     ## use an existing secret containing the S3 compatible access credentials.
     ## Specify the name of this existing secret here.
-    existingSecret:
 
-    ## In case your secret does not use the default keys in the secret, you can adjust them here.
-    secretKeys:
-      accessKeyId: "accessKeyId"
-      secretAccessKey: "secretAccessKey"
+    # if using an existing secret, use the following keys for your access key and secret.
+    # OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID
+    # OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY
+
+    # note there are double underscores on these keys
+    existingSecret:
 
   region:
   bucketName: