diff --git a/README.md b/README.md
index 5c4afe6..acb878d 100644
--- a/README.md
+++ b/README.md
@@ -14,10 +14,10 @@ helm show values mastodon/mastodon > values.yaml
 helm install --namespace mastodon --create-namespace mastodon/mastodon --values values.yaml
 ```
 
-This chart is tested with k8s 1.27+ and helm 3.6.0+.
+This chart is tested with k8s v1.31+ and helm 3.16.0+.
 
 ## Known caveats for this chart
-Currently, you need to run PostgreSQL and Redis helm charts independently of this one, because there's a helm hook job called db-migrate that we can't figure out how to make run after the dependency charts are fully installed, but before everything else. If you know the answer to this, please open an issue/pr here and let us know!
+Currently, you need to run PostgreSQL and Redis (or Valkey) helm charts independently of this one, because there's a helm hook job called db-migrate that we can't figure out how to make run after the dependency charts are fully installed, but before everything else. If you know the answer to this, please open an issue/pr here and let us know!
 
 # Configuration
 
diff --git a/charts/mastodon/Chart.yaml b/charts/mastodon/Chart.yaml
index d1b58a8..c8df378 100644
--- a/charts/mastodon/Chart.yaml
+++ b/charts/mastodon/Chart.yaml
@@ -9,7 +9,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 9.3.0
+version: 9.4.0
 
 # renovate: image=ghcr.io/mastodon/mastodon
 appVersion: v4.3.1
diff --git a/charts/mastodon/README.md b/charts/mastodon/README.md
index 9d247cb..3fc2418 100644
--- a/charts/mastodon/README.md
+++ b/charts/mastodon/README.md
@@ -1,6 +1,6 @@
 # mastodon
 
-![Version: 9.3.0](https://img.shields.io/badge/Version-9.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.3.1](https://img.shields.io/badge/AppVersion-v4.3.1-informational?style=flat-square)
+![Version: 9.4.0](https://img.shields.io/badge/Version-9.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.3.1](https://img.shields.io/badge/AppVersion-v4.3.1-informational?style=flat-square)
 
 Mastodon is a free, open-source social network server based on ActivityPub.
 
@@ -97,7 +97,10 @@ Mastodon is a free, open-source social network server based on ActivityPub.
 | mastodon.s3.secretKeys.s3Endpoint | string | `""` |  |
 | mastodon.s3.secretKeys.s3Hostname | string | `""` |  |
 | mastodon.s3.secretKeys.s3Region | string | `""` |  |
-| mastodon.secrets.existingSecret | string | `""` | the name of an existing Secret to use. keys must be: VAPID_PRIVATE_KEY, VAPID_PUBLIC_KEY, SECRET_KEY_BASE, OTP_SECRET |
+| mastodon.secrets.activeRecordEncryption.deterministicKey | string | `""` |  |
+| mastodon.secrets.activeRecordEncryption.keyDerivationSalt | string | `""` |  |
+| mastodon.secrets.activeRecordEncryption.primaryKey | string | `""` |  |
+| mastodon.secrets.existingSecret | string | `""` | the name of an existing Secret to use. keys must be: VAPID_PRIVATE_KEY VAPID_PUBLIC_KEY SECRET_KEY_BASE OTP_SECRET ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT |
 | mastodon.secrets.otp_secret | string | `""` |  |
 | mastodon.secrets.secret_key_base | string | `""` | must be set manually; autogenerated keys are rotated on each upgrade |
 | mastodon.secrets.vapid.private_key | string | `""` |  |
diff --git a/charts/mastodon/dev-values.yaml b/charts/mastodon/dev-values.yaml
index 6c080cf..0e76b9d 100644
--- a/charts/mastodon/dev-values.yaml
+++ b/charts/mastodon/dev-values.yaml
@@ -103,6 +103,10 @@ mastodon:
     vapid:
       private_key: dummy-vapid-private_key
       public_key: dummy-vapid-public_key
+    activeRecordEncryption:
+      primaryKey: "dummy-are-primary_key"
+      deterministicKey: "dummy-are-deterministic_key"
+      keyDerivationSalt: "dummy-are-key_derivation_salt"
     # -- you can also specify the name of an existing Secret
     # with keys SECRET_KEY_BASE and OTP_SECRET and
     # VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY
diff --git a/charts/mastodon/templates/secret.yaml b/charts/mastodon/templates/secret.yaml
index 1e0f9ed..a0fe738 100644
--- a/charts/mastodon/templates/secret.yaml
+++ b/charts/mastodon/templates/secret.yaml
@@ -27,4 +27,19 @@ data:
   {{- else }}
   VAPID_PUBLIC_KEY: {{ required "mastodon.secrets.vapid.public_key is required if not using mastodon.secrets.existingSecret" .Values.mastodon.secrets.vapid.public_key }}
   {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.primaryKey) }}
+  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.primaryKey | b64enc }}"
+  {{- else }}
+  ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: {{ required "activeRecordEncryption.primaryKey is required" .Values.mastodon.secrets.activeRecordEncryption.primaryKey }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.deterministicKey) }}
+  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: "{{ .Values.mastodon.secrets.activeRecordEncryption.deterministicKey | b64enc }}"
+  {{- else }}
+  ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: {{ required "activeRecordEncryption.deterministicKey is required" .Values.mastodon.secrets.activeRecordEncryption.deterministicKey }}
+  {{- end }}
+  {{- if not (empty .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt) }}
+  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: "{{ .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt | b64enc }}"
+  {{- else }}
+  ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: {{ required "activeRecordEncryption.keyDerivationSalt is required" .Values.mastodon.secrets.activeRecordEncryption.keyDerivationSalt }}
+  {{- end }}
 {{- end }}
diff --git a/charts/mastodon/values.yaml b/charts/mastodon/values.yaml
index 8dbe5d1..a30a002 100644
--- a/charts/mastodon/values.yaml
+++ b/charts/mastodon/values.yaml
@@ -145,7 +145,18 @@ mastodon:
     vapid:
       private_key: ""
       public_key: ""
-    # -- the name of an existing Secret to use. keys must be: VAPID_PRIVATE_KEY, VAPID_PUBLIC_KEY, SECRET_KEY_BASE, OTP_SECRET
+    activeRecordEncryption:
+      primaryKey: ""
+      deterministicKey: ""
+      keyDerivationSalt: ""
+    # -- the name of an existing Secret to use. keys must be:
+    # VAPID_PRIVATE_KEY
+    # VAPID_PUBLIC_KEY
+    # SECRET_KEY_BASE
+    # OTP_SECRET
+    # ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
+    # ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
+    # ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
     existingSecret: ""
 
   sidekiq: