diff --git a/charts/fmi-himan/templates/job-template.yaml b/charts/fmi-himan/templates/job-template.yaml
index 4cbc0e3..5fc840e 100644
--- a/charts/fmi-himan/templates/job-template.yaml
+++ b/charts/fmi-himan/templates/job-template.yaml
@@ -134,14 +134,27 @@ objects:
             requests:
               cpu: ${CPU_REQUEST}
               memory: ${MEMORY_REQUEST}
-          {{- with .Values.volumeMounts }}
           volumeMounts:
+          {{- with .Values.volumeMounts }}
             {{- toYaml . | nindent 10 }}
           {{- end }}
+          {{ if eq .Values.cloud "aws" -}}
+          - name: secrets-store-inline
+            mountPath: {{ .Values.s3.credentials.storePath }}
+            readOnly: true
+          {{- end }}
         volumes:
         {{- with .Values.volumes }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{ if eq .Values.cloud "aws" -}}
+        - name: secrets-store-inline
+          csi:
+            driver: secrets-store.csi.k8s.io
+            readOnly: true
+            volumeAttributes:
+              secretProviderClass: {{ .Release.Name }}-secrets
+        {{- end }}
 parameters:
 - description: Unique id for this run
   name: RUN_IDENTIFIER
diff --git a/charts/fmi-himan/templates/secretstorage.yaml b/charts/fmi-himan/templates/secretstorage.yaml
new file mode 100644
index 0000000..113a67b
--- /dev/null
+++ b/charts/fmi-himan/templates/secretstorage.yaml
@@ -0,0 +1,26 @@
+{{ if eq .Values.cloud "aws" -}}
+apiVersion: secrets-store.csi.x-k8s.io/v1
+kind: SecretProviderClass
+metadata:
+  name: {{ .Release.Name }}-secrets
+  namespace: {{ .Release.Namespace }}
+spec:
+  provider: aws
+  parameters:
+    objects: |
+      - objectName: {{ .Values.s3.credentials.name }}
+        objectType: secretsmanager
+        jmesPath:
+          - path: S3_ACCESS_KEY_ID
+            objectAlias: accessKey
+          - path: S3_SECRET_ACCESS_KEY
+            objectAlias: secretAccessKey
+  secretObjects: # map secrets from aws secret storage to kubernetes secrets
+  - data:
+    - key: S3_ACCESS_KEY_ID
+      objectName: accessKey
+    - key: S3_SECRET_ACCESS_KEY
+      objectName: secretAccessKey
+    secretName: {{ .Values.s3.credentials.name }}
+    type: Opaque
+{{- end }}
diff --git a/charts/fmi-himan/values.yaml b/charts/fmi-himan/values.yaml
index 7a21216..4572b8c 100644
--- a/charts/fmi-himan/values.yaml
+++ b/charts/fmi-himan/values.yaml
@@ -19,6 +19,7 @@ image:
 s3:
   credentials:
     name:
+    storePath: /mnt/secretstore
 
 radon:
   databaseName: radon