diff --git a/charts/fleet/templates/deployment.yaml b/charts/fleet/templates/deployment.yaml
index 7f658cce7c..add029fd95 100644
--- a/charts/fleet/templates/deployment.yaml
+++ b/charts/fleet/templates/deployment.yaml
@@ -336,7 +336,11 @@ spec:
         {{- if .Values.fleet.tls.enabled }}
         - name: fleet-tls
           secret:
+            {{- if .Values.fleet.tls.uniqueTLSSecret }}
+            secretName: "{{ .Values.fleet.tls.secretName }}"
+            {{- else }}
             secretName: "{{ .Values.fleet.secretName }}"
+            {{- end }}
         {{- end }}
         {{- if .Values.mysql.tls.enabled }}
         - name: mysql-tls
diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml
index e4578307d8..f815bc704f 100644
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@@ -55,12 +55,16 @@ ingress:
 # All of the settings relating to configuring the Fleet server
 fleet:
   listenPort: 8080
-  # Name of the Secret resource storing TLS and S3 bucket secrets
+  # Name of the Secret resource storing S3 bucket and optionally TLS secrets
   secretName: fleet
   # Whether or not to run `fleet db prepare` to run SQL migrations before starting Fleet
   autoApplySQLMigrations: true
   tls:
     enabled: true
+    # Set to true if you need a separate secret for just TLS data.
+    # Useful with cert-manager and similar deployments.
+    uniqueTLSSecret: false
+    secretName: fleet-tls
     compatibility: modern
     certSecretKey: server.cert
     keySecretKey: server.key