diff --git a/charts/s1-agent/templates/common/secrets.yaml b/charts/s1-agent/templates/common/secrets.yaml
index 75000e1..b41a68d 100644
--- a/charts/s1-agent/templates/common/secrets.yaml
+++ b/charts/s1-agent/templates/common/secrets.yaml
@@ -16,24 +16,42 @@ data:
 ---
 
 {{- if and (include "helper.secret.create" .) (eq (include "webhooks.enabled" .) "false") }}
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "helper.secret.name" .) }}
+{{- $secretData := "" }}
+{{- if and $existingSecret $existingSecret.data }}
+{{- $secretData = $existingSecret.data | toYaml }}
+{{- else }}
+{{- $secretData = include "helper.certificates" . }}
+{{- end }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "helper.secret.name" . }}
   labels: {{- include "sentinelone.helper.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/resource-policy": keep
 type: kubernetes.io/tls
-data: {{- include "helper.certificates" . | nindent 2 }}
+data: {{- $secretData | nindent 2 }}
 {{- end }}
 
 ---
 
 {{- if include "helper_token.secret.create" . }}
+{{- $existingToken := lookup "v1" "Secret" .Release.Namespace (include "helper_token.secret.name" .) }}
+{{- $serverToken := "" }}
+{{- if and $existingToken $existingToken.data (index $existingToken.data "server-token") }}
+{{- $serverToken = index $existingToken.data "server-token" | quote }}
+{{- else }}
+{{- $serverToken = include "helper.token" . }}
+{{- end }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "helper_token.secret.name" . }}
   labels: {{- include "sentinelone.helper.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/resource-policy": keep
 type: Opaque
 data:
-  server-token: {{ include "helper.token" . }}
+  server-token: {{ $serverToken }}
 {{- end -}}
diff --git a/charts/s1-agent/templates/hooks/webhookconfiguration.yaml b/charts/s1-agent/templates/hooks/webhookconfiguration.yaml
index e48ee60..849f1fa 100644
--- a/charts/s1-agent/templates/hooks/webhookconfiguration.yaml
+++ b/charts/s1-agent/templates/hooks/webhookconfiguration.yaml
@@ -1,13 +1,18 @@
 {{ if eq (include "webhooks.enabled" .) "true" }}
 {{- $certs := "" }}
 {{- $caBundle := "" }}
+{{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace (include "helper.secret.name" .)) }}
 {{- if include "helper.secret.create" . }}
+{{- if and $existingSecret $existingSecret.data }}
+{{- $certs = $existingSecret.data | toYaml -}}
+{{- $caBundle = index $existingSecret.data "ca.crt" -}}
+{{- else }}
 {{- $certs = include "helper.certificates" . -}}
 {{- $caBundle = index ($certs | fromYaml) "ca.crt" -}}
+{{- end }}
 {{- else }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "helper.secret.name" .)) }}
-{{- if $secret -}}
-{{- $caBundle = index $secret "data" "ca.crt" -}}
+{{- if $existingSecret -}}
+{{- $caBundle = index $existingSecret "data" "ca.crt" -}}
 {{- end }}
 {{- end }}
 
@@ -19,6 +24,8 @@ kind: Secret
 metadata:
   name: {{ include "helper.secret.name" . }}
   labels: {{- include "sentinelone.helper.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/resource-policy": keep
 type: kubernetes.io/tls
 data: {{- $certs | nindent 2 }}
 {{- end }}