diff --git a/docs/deployment/kubernetes/overview.mdx b/docs/deployment/kubernetes/overview.mdx
index b40d9c771..a3d889f07 100644
--- a/docs/deployment/kubernetes/overview.mdx
+++ b/docs/deployment/kubernetes/overview.mdx
@@ -14,5 +14,6 @@ We maintain an opinionated, batteries-included Helm chart, but you can customize
 ## Next steps
 - Install Keep on [Kubernetes](/deployment/kubernetes/installation).
 - Keep's [Helm Chart](https://github.com/keephq/helm-charts).
+- Keep with [Kubernetes Secret Manager](/deployment/secret-manager#kubernetes-secret-manager)
 - Deep dive to Keep's kubernetes [Architecture](/deployment/kubernetes/architecture).
 - Install Keep on [OpenShift](/deployment/kubernetes/openshift).
diff --git a/docs/deployment/secret-manager.mdx b/docs/deployment/secret-manager.mdx
index e6db52f51..00b18cb3b 100644
--- a/docs/deployment/secret-manager.mdx
+++ b/docs/deployment/secret-manager.mdx
@@ -59,11 +59,16 @@ Usage:
 
 ## Kubernetes Secret Manager
 
-The `KubernetesSecretManager` interfaces with Kubernetes' native secrets system. It manages secrets within a specified Kubernetes namespace and is designed to operate within a Kubernetes cluster.
+### Overview
 
-Configuration:
+The `KubernetesSecretManager` interfaces with Kubernetes' native secrets system.
+
+It manages secrets within a specified Kubernetes namespace and is designed to operate within a Kubernetes cluster.
+
+### Configuration
 
-Set `K8S_NAMESPACE` environment variable to specify the Kubernetes namespace. Defaults to default if not set. Assumes Kubernetes configurations (like service account tokens) are properly set up when running within a cluster.
+- `SECRET_MANAGER_TYPE=k8s`
+- `K8S_NAMESPACE=keep` - environment variable to specify the Kubernetes namespace. Defaults to `.metadata.namespace` if not set. Assumes Kubernetes configurations (like service account tokens) are properly set up when running within a cluster.
 
 Usage:
 
@@ -71,6 +76,80 @@ Usage:
 - Provides functionalities to create, retrieve, and delete Kubernetes secrets.
 - Handles base64 encoding and decoding as required by Kubernetes.
 
+### Environment Variables From Secrets
+The Kubernetes Secret Manager integration allows Keep to fetch environment variables from Kubernetes Secrets.
+
+For sensitive environment variables, such as `DATABASE_CONNECTION_STRING`, it is recommended to store as a secret:
+
+#### Creating Database Connection Secret
+```bash
+# Create the base64 encoded string without newline
+CONNECTION_STRING_B64=$(echo -n "mysql+pymysql://user:password@host:3306/dbname" | base64)
+
+# Create the Kubernetes secret
+kubectl create secret generic keep-db-secret \
+  --namespace=keep \
+  --from-literal=connection_string=$(echo -n "mysql+pymysql://user:password@host:3306/dbname" | base64)
+
+# Or using a YAML file:
+cat <<EOF | kubectl apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keep-db-secret
+  namespace: keep
+type: Opaque
+data:
+  connection_string: $(echo -n "mysql+pymysql://user:password@host:3306/dbname" | base64)
+EOF
+```
+
+#### Update the helm Values.yaml
+
+After creating the secret, update the `values.yaml` so the helm chart will inject the secret as env var:
+```bash
+backend:
+  enabled: true
+  waitForDatabase: true
+  databaseConnectionStringFromSecret:
+    enabled: true  # Enable using secret for database connection
+    secretName: "keep-db-secret"  # Name of the secret we created
+    secretKey: "connection_string"  # Key in the secret containing our connection string
+```
+
+#### Apply with Helm
+
+```bash
+# If installing for the first time
+helm install keep keephq/keep \
+  -f values.yaml \
+  --namespace keep
+
+# If updating existing installation
+helm upgrade keep keephq/keep \
+  -f values.yaml \
+  --namespace keep
+```
+
+#### Verify the installation
+
+Check if the secret is properly created:
+```bash
+kubectl get secret keep-db-secret -n keep
+```
+
+Verify the content of the secret is correct:
+```bash
+kubectl get secret keep-db-secret -n keep -o jsonpath='{.data.connection_string}' | base64 -d
+```
+
+Verify the pod using the secret:
+```bash
+kubectl get pod -n keep -l app.kubernetes.io/component=backend -o yaml | grep DATABASE_CONNECTION_STRING -A 5
+```
+
+
+
 ## GCP Secret Manager
 
 The `GcpSecretManager` utilizes Google Cloud's Secret Manager service for secret management. It requires setting up with Google Cloud credentials and a project ID.