diff --git a/chart/templates/keycloak/values.yaml b/chart/templates/keycloak/values.yaml
index fb660bff1c99c35bd355710e584b0346ec5865ac..f4f4d231e5c2f606036d71f7bde88e27e2a5a0a4 100644
--- a/chart/templates/keycloak/values.yaml
+++ b/chart/templates/keycloak/values.yaml
@@ -45,6 +45,16 @@ monitoring:
   enabled: {{ .Values.monitoring.enabled }}
 serviceMonitor:
   enabled: {{ .Values.monitoring.enabled }}
+  # conditional passes only for default istio: enabled, mTLS: SCRICT
+  {{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.keycloak.values) "STRICT") }}
+  scheme: https
+  tlsConfig:
+    caFile: /etc/prom-certs/root-cert.pem
+    certFile: /etc/prom-certs/cert-chain.pem
+    keyFile: /etc/prom-certs/key.pem
+    # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+    insecureSkipVerify: true
+  {{- end }}
 
 {{- if .Values.addons.keycloak.database.host }}
 postgresql:
diff --git a/chart/values.yaml b/chart/values.yaml
index 4d4cb5caf69e4dcff0ae9479dc5f029911ae2e82..74b1c9b65f9002e1035dacf398702a0facf5cd62 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1375,7 +1375,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
       path: "./chart"
-      tag: "18.2.1-bb.4"
+      tag: "18.2.1-bb.5"
 
     database:
       # -- Hostname of a pre-existing database to use for Keycloak.