diff --git a/charts/graphistry-helm/templates/nexus/nexus-deployment.yaml b/charts/graphistry-helm/templates/nexus/nexus-deployment.yaml
index 6cb39932..c557a8d6 100644
--- a/charts/graphistry-helm/templates/nexus/nexus-deployment.yaml
+++ b/charts/graphistry-helm/templates/nexus/nexus-deployment.yaml
@@ -54,6 +54,10 @@ spec:
             value: {{ .Values.sessionCookieAge | quote }}
           - name : JWT_EXPIRATION_DELTA 
             value: {{ .Values.jwtExpirationDelta | quote }}
+          - name : GRAPHISTRY_NEXUS_SIGNING_KEY
+            value: {{ .Values.graphistryNexusSigningKey | quote }}
+          - name : GRAPHISTRY_NEXUS_SIGNING_SALT
+            value: {{ .Values.graphistryNexusSigningSalt | quote }}
           - name : ENABLE_DJANGO_SILK
             value: {{ .Values.enableDjangoSilk | quote  }}
           {{- if eq .Values.tls true  }}
diff --git a/charts/graphistry-helm/values.yaml b/charts/graphistry-helm/values.yaml
index f5ad9a23..8ce13fdf 100644
--- a/charts/graphistry-helm/values.yaml
+++ b/charts/graphistry-helm/values.yaml
@@ -280,6 +280,12 @@ sessionCookieAge : "1209600" # django session cookie timeout (seconds)
 # django drf-jwt, jwt token timeout (seconds)
 jwtExpirationDelta : "3600" # django drf-jwt, jwt token timeout (seconds)
 
+# Nexus unique key per deployment, can be generated with this command: dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64
+graphistryNexusSigningKey : ""
+
+# Nexus unique signing salt per deployment, can be generated with this command: uuidgen -r | cut -c 1-8
+graphistryNexusSigningSalt : ""
+
 # ENABLE django silk - performance analysis library
 enableDjangoSilk : "False" # ENABLE django silk - performance analysis library
 
diff --git a/docs/source/graphistry-helm-docs.rst b/docs/source/graphistry-helm-docs.rst
index d202efc2..bb6efab6 100644
--- a/docs/source/graphistry-helm-docs.rst
+++ b/docs/source/graphistry-helm-docs.rst
@@ -162,6 +162,8 @@ Parameter                                          Description
 ``rollingUpdate``                                  rolling update deployment strategy switch                                                            ``false``                                         
 ``sessionCookieAge``                               django session cookie timeout (seconds)                                                              ``"1209600"``                                     
 ``jwtExpirationDelta``                             django drf-jwt, jwt token timeout (seconds)                                                          ``"3600"``                                        
+``graphistryNexusSigningKey``                      nexus key (unique per deployment)                                                                    ``""``                                          
+``graphistryNexusSigningSalt``                     nexus signing salt (unique per deployment)                                                           ``""``                                          
 ``enableDjangoSilk``                               ENABLE django silk - performance analysis library                                                    ``"False"``                                       
 ``domain``                                         domain - set to a domain of your choosing                                                            ``null``                                          
 ``tlsStaging``                                     set tlsStaging to true to enable use of LetsEncrypt staging environment                              ``false``