diff --git a/deploy/dnsimple/templates/_helpers.tpl b/deploy/dnsimple/templates/_helpers.tpl
index 59e71d5..81058bb 100644
--- a/deploy/dnsimple/templates/_helpers.tpl
+++ b/deploy/dnsimple/templates/_helpers.tpl
@@ -46,3 +46,7 @@ Create chart name and version as used by the chart label.
 {{- define "dnsimple-webhook.servingCertificate" -}}
 {{ printf "%s-webhook-tls" (include "dnsimple-webhook.fullname" .) }}
 {{- end -}}
+
+{{- define "dnsimple-webhook.tokenSecretName" -}}
+{{- default (include "dnsimple-webhook.fullname" .) (.Values.dnsimple.tokenSecretName) -}}
+{{- end -}}
diff --git a/deploy/dnsimple/templates/production.cluster-issuer.yaml b/deploy/dnsimple/templates/production.cluster-issuer.yaml
index 6b1988b..d400e0c 100644
--- a/deploy/dnsimple/templates/production.cluster-issuer.yaml
+++ b/deploy/dnsimple/templates/production.cluster-issuer.yaml
@@ -20,7 +20,7 @@ spec:
           config:
             tokenSecretRef:
               key: token
-              name: {{ include "dnsimple-webhook.fullname" . }}
+              name: {{ include "dnsimple-webhook.tokenSecretName" . }}
           groupName: {{ .Values.groupName }}
           solverName: dnsimple
 {{- end -}}
\ No newline at end of file
diff --git a/deploy/dnsimple/templates/secret.yaml b/deploy/dnsimple/templates/secret.yaml
index 6fe6a27..64fb5bd 100644
--- a/deploy/dnsimple/templates/secret.yaml
+++ b/deploy/dnsimple/templates/secret.yaml
@@ -1,7 +1,8 @@
+{{- if not .Values.dnsimple.existingTokenSecret -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "dnsimple-webhook.fullname" . }}
+  name: {{ include "dnsimple-webhook.tokenSecretName" . }}
   labels:
     app: {{ include "dnsimple-webhook.name" . }}
     chart: {{ include "dnsimple-webhook.chart" . }}
@@ -10,6 +11,7 @@ metadata:
 type: Opaque
 data:
   token: {{ .Values.dnsimple.token | b64enc }}
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -23,7 +25,7 @@ metadata:
 rules:
 - apiGroups: [""] # indicates the core API group
   resources: ["secrets"]
-  resourceNames: ["{{ include "dnsimple-webhook.fullname" . }}"]
+  resourceNames: ["{{ include "dnsimple-webhook.tokenSecretName" . }}"]
   verbs: ["get", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/deploy/dnsimple/templates/staging.cluster-issuer.yaml b/deploy/dnsimple/templates/staging.cluster-issuer.yaml
index a1d6e3c..0377f4b 100644
--- a/deploy/dnsimple/templates/staging.cluster-issuer.yaml
+++ b/deploy/dnsimple/templates/staging.cluster-issuer.yaml
@@ -20,7 +20,7 @@ spec:
           config:
             tokenSecretRef:
               key: token
-              name: {{ include "dnsimple-webhook.fullname" . }}
+              name: {{ include "dnsimple-webhook.tokenSecretName" . }}
           groupName: {{ .Values.groupName }}
           solverName: dnsimple
 {{- end -}}
\ No newline at end of file
diff --git a/deploy/dnsimple/values.yaml b/deploy/dnsimple/values.yaml
index 43e1130..8878f4b 100644
--- a/deploy/dnsimple/values.yaml
+++ b/deploy/dnsimple/values.yaml
@@ -13,6 +13,9 @@ certManager:
 # logLevel: 3
 dnsimple:
   token: ""
+
+  # existingTokenSecret: false
+  # tokenSecretName:
 clusterIssuer:
   email: name@example.com
   staging: