diff --git a/helm-charts/infisical-standalone-postgres/templates/infisical.yaml b/helm-charts/infisical-standalone-postgres/templates/infisical.yaml
index 4727e20fd6..71a0e51483 100644
--- a/helm-charts/infisical-standalone-postgres/templates/infisical.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/infisical.yaml
@@ -55,6 +55,13 @@ spec:
         ports: 
         - containerPort: 8080
         env:
+        {{- if .Values.postgresql.useExistingPostgresSecret.enabled }}
+        - name: DB_CONNECTION_URI
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.name }}
+              key: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.key }}
+        {{- end }}
         {{- if .Values.postgresql.enabled }}
         - name: DB_CONNECTION_URI
           value: {{ include "infisical.postgresDBConnectionString" . }}
diff --git a/helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml b/helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml
index fa7651e716..04d66f3d4d 100644
--- a/helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/jobs-rbac.yaml
@@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: k8s-wait-for-infisical-schema-migration
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: ["batch"]
     resources: ["jobs"]
@@ -10,11 +11,12 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: default
+  name: infisical-database-schema-migration
+  namespace: {{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
-    name: default 
-    namespace: {{ .Release.Namespace }}
+    name: {{ .Values.infisical.databaseSchemaMigrationJob.serviceAccountName | default "default" }}
+    namespace: {{ .Values.infisical.databaseSchemaMigrationJob.serviceAccountNamespace | default .Release.Namespace }}
 roleRef:
   kind: Role
   name: k8s-wait-for-infisical-schema-migration
diff --git a/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml b/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
index 40cd0bc9b9..06a1f840b5 100644
--- a/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
+++ b/helm-charts/infisical-standalone-postgres/templates/schema-migration-job.yaml
@@ -16,6 +16,7 @@ spec:
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
         helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     spec:
+      serviceAccountName: {{ .Values.infisical.databaseSchemaMigrationJob.serviceAccountName | default "default" }}
     {{- if $infisicalValues.image.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml $infisicalValues.image.imagePullSecrets | nindent 6 }}
@@ -26,6 +27,13 @@ spec:
           image: "{{ $infisicalValues.image.repository }}:{{ $infisicalValues.image.tag }}"
           command: ["npm", "run", "migration:latest"]
           env:
+          {{- if .Values.postgresql.useExistingPostgresSecret.enabled }}
+          - name: DB_CONNECTION_URI
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.name }}
+                key: {{ .Values.postgresql.useExistingPostgresSecret.existingConnectionStringSecret.key }}
+          {{- end }}
           {{- if .Values.postgresql.enabled }}
           - name: DB_CONNECTION_URI
             value: {{ include "infisical.postgresDBConnectionString" . }}
diff --git a/helm-charts/infisical-standalone-postgres/values.yaml b/helm-charts/infisical-standalone-postgres/values.yaml
index 3f43e4a61c..eefe7beb39 100644
--- a/helm-charts/infisical-standalone-postgres/values.yaml
+++ b/helm-charts/infisical-standalone-postgres/values.yaml
@@ -5,6 +5,10 @@ infisical:
   enabled: true
   name: infisical
   autoDatabaseSchemaMigration: true
+  databaseSchemaMigrationJob:
+    serviceAccountNamespace: default
+    serviceAccountName: default
+       
   fullnameOverride: ""
   podAnnotations: {}
   deploymentAnnotations: {}
@@ -18,6 +22,7 @@ infisical:
 
   affinity: {}
   kubeSecretRef: "infisical-secrets"
+
   service:
     annotations: {}
     type: ClusterIP
@@ -43,6 +48,7 @@ ingress:
     #     - some.domain.com
 
 postgresql:
+  # -- When enabled, this will start up a in cluster Postgres
   enabled: true
   name: "postgresql"
   fullnameOverride: "postgresql"
@@ -50,6 +56,15 @@ postgresql:
     username: infisical
     password: root
     database: infisicalDB
+  useExistingPostgresSecret:
+    # -- When this is enabled, postgresql.enabled needs to be false
+    enabled: false
+    # -- The name from where to get the existing postgresql connection string
+    existingConnectionStringSecret:
+      # -- The name of the secret that contains the postgres connection string
+      name: ""
+      # -- Secret key name that contains the postgres connection string
+      key: ""
 
 redis:
   enabled: true