diff --git a/charts/fleet/Chart.yaml b/charts/fleet/Chart.yaml
index 127dd20fba..48f68dd162 100644
--- a/charts/fleet/Chart.yaml
+++ b/charts/fleet/Chart.yaml
@@ -4,7 +4,7 @@ name: fleet
 keywords:
   - fleet
   - osquery
-version: v5.0.0
+version: v5.0.1
 home: https://github.com/fleetdm/fleet
 sources:
   - https://github.com/fleetdm/fleet.git
diff --git a/charts/fleet/templates/deployment.yaml b/charts/fleet/templates/deployment.yaml
index add029fd95..4ade7c1baa 100644
--- a/charts/fleet/templates/deployment.yaml
+++ b/charts/fleet/templates/deployment.yaml
@@ -116,12 +116,18 @@ spec:
           - name: FLEET_MYSQL_CONN_MAX_LIFETIME
             value: "{{ .Values.mysql.connMaxLifetime }}"
           {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.mysql.tls.caCertKey }}
           - name: FLEET_MYSQL_TLS_CA
             value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
+          {{- end }}
+          {{- if .Values.mysql.tls.certKey }}
           - name: FLEET_MYSQL_TLS_CERT
             value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
+          {{- end }}
+          {{- if .Values.mysql.tls.keyKey }}
           - name: FLEET_MYSQL_TLS_KEY
             value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
+          {{- end }}
           - name: FLEET_MYSQL_TLS_CONFIG
             value: "{{ .Values.mysql.tls.config }}"
           - name: FLEET_MYSQL_TLS_SERVER_NAME
diff --git a/charts/fleet/templates/job-migration.yaml b/charts/fleet/templates/job-migration.yaml
index 7a3f2f2bec..bd9444c8c2 100644
--- a/charts/fleet/templates/job-migration.yaml
+++ b/charts/fleet/templates/job-migration.yaml
@@ -90,12 +90,18 @@ spec:
           - name: FLEET_MYSQL_CONN_MAX_LIFETIME
             value: "{{ .Values.mysql.connMaxLifetime }}"
           {{- if .Values.mysql.tls.enabled }}
+          {{- if .Values.mysql.tls.caCertKey }}
           - name: FLEET_MYSQL_TLS_CA
             value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
+          {{- end }}
+          {{- if .Values.mysql.tls.certKey }}
           - name: FLEET_MYSQL_TLS_CERT
             value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
+          {{- end }}
+          {{- if .Values.mysql.tls.keyKey }}
           - name: FLEET_MYSQL_TLS_KEY
             value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
+          {{- end }}
           - name: FLEET_MYSQL_TLS_CONFIG
             value: "{{ .Values.mysql.tls.config }}"
           - name: FLEET_MYSQL_TLS_SERVER_NAME
diff --git a/charts/fleet/values.yaml b/charts/fleet/values.yaml
index a0f7becd74..038233c61d 100644
--- a/charts/fleet/values.yaml
+++ b/charts/fleet/values.yaml
@@ -160,9 +160,11 @@ mysql:
   connMaxLifetime: 0
   tls:
     enabled: false
-    caCertKey: ca.cert
-    certKey: client.cert
-    keyKey: client.key
+    ## Commented options below are optional.  Uncomment to use.
+    # caCertKey: ca.cert
+    ## Client certificates require both the certKey and keyKey
+    # certKey: client.cert
+    # keyKey: client.key
     config: ""
     serverName: ""