diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index 350cd8716775aab78cd5128e85eb96b68c159012..0b3344918e2e2c1233fe8c6df14fa2763a9b7da1 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -23,6 +23,20 @@ branch: {{ .branch | quote }}
 {{- end -}}
 {{- end -}}
 
+{{/*
+Build the appropriate git credentials secret for private git repositories
+*/}}
+{{- define "gitCreds" -}}
+{{- if .existingSecret -}}
+secretRef:
+  name: {{ .existingSecret }}
+{{- else if coalesce .credentials.username .credentials.password .credentials.privateKey .credentials.publicKey .credentials.knownHosts "" -}}
+{{- /* Input validation happens in git-credentials.yaml template */ -}}
+secretRef:
+  name: git-credentials
+{{- end -}}
+{{- end -}}
+
 {{/*
 Build common set of file extensions to include/exclude
 */}}
diff --git a/chart/templates/argocd/gitrepository.yaml b/chart/templates/argocd/gitrepository.yaml
index 9a11f59b109564a0e14ee780321b5ab61642abb7..f598d536e8899cb89f8957d5f2e586c09c3645ad 100644
--- a/chart/templates/argocd/gitrepository.yaml
+++ b/chart/templates/argocd/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.addons.argocd.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/authservice/gitrepository.yaml b/chart/templates/authservice/gitrepository.yaml
index 291b0adb4bb873ee30558225ae005eaa7f946dec..d305260f1cadeb5480c1fa2af92b27849447402b 100644
--- a/chart/templates/authservice/gitrepository.yaml
+++ b/chart/templates/authservice/gitrepository.yaml
@@ -5,13 +5,10 @@ metadata:
   name: authservice
   namespace: {{ .Release.Namespace }}
 spec:
-  ignore: |
-    # exclude file extensions
-    /**/*.md
-    /**/*.txt
-    /**/*.sh
   interval: {{ .Values.flux.interval }}
   url: {{ .Values.addons.authservice.git.repo }}
   ref:
     {{- include "validRef" .Values.addons.authservice.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/clusterauditor/gitrepository.yaml b/chart/templates/clusterauditor/gitrepository.yaml
index afeda99f37adc7dae9a1640496cf9abb0f9ee14a..4fb205224848ba8e01a528a2cea4e32e4f4b8f69 100644
--- a/chart/templates/clusterauditor/gitrepository.yaml
+++ b/chart/templates/clusterauditor/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.clusterAuditor.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/gatekeeper/gitrepository.yaml b/chart/templates/gatekeeper/gitrepository.yaml
index db735a407441774a95a0540d4977f748be033f34..cdea27f0beaf794ea52335b416df59756b032f64 100644
--- a/chart/templates/gatekeeper/gitrepository.yaml
+++ b/chart/templates/gatekeeper/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.gatekeeper.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/git-credentials.yaml b/chart/templates/git-credentials.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9c1bad84dd00d0d3722025a2c92d9d121d0236eb
--- /dev/null
+++ b/chart/templates/git-credentials.yaml
@@ -0,0 +1,29 @@
+{{- if not .Values.git.existingSecret }}
+{{- with .Values.git -}}
+{{- if coalesce  .credentials.username .credentials.password .credentials.privateKey .credentials.publicKey .credentials.knownHosts -}}
+{{- $http := coalesce .credentials.username .credentials.password "" }}
+{{- $ssh := coalesce .credentials.privateKey .credentials.publicKey .credentials.knownHosts "" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Release.Name }}-git-credentials
+  namespace: {{ $.Release.Namespace }}
+type: Opaque
+data:
+  {{- if $http }}
+  {{- if not (and .credentials.username .credentials.password) }}
+  {{- fail "When using http git credentials, username and password must both be specified" }}
+  {{- end }}
+  username: {{ .credentials.username | b64enc }}
+  password: {{ .credentials.password | b64enc }}
+  {{- else }}
+  {{- if not (and (and .credentials.privateKey .credentials.publicKey) .credentials.knownHosts) }}
+  {{- fail "When using ssh git credentials, privateKey, publicKey, and knownHosts must all be specified" }}
+  {{- end }}
+  identity: {{ .credentials.privateKey | b64enc }}
+  identity.pub: {{ .credentials.publicKey | b64enc }}
+  known_hosts: {{ .credentials.knownHosts | b64enc }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/controlplane/gitrepository.yaml b/chart/templates/istio/controlplane/gitrepository.yaml
index a5005bee2c40322c9bace9496a71b6171a86ae7e..676c4cd4d81b165e6e6d895f96662d9ad1e36cf6 100644
--- a/chart/templates/istio/controlplane/gitrepository.yaml
+++ b/chart/templates/istio/controlplane/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.istio.git | nindent 4 }}
   {{ include "gitIgnore" . }}
-{{- end }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/istio/operator/gitrepository.yaml b/chart/templates/istio/operator/gitrepository.yaml
index e0cfea146f6bebebd644b1531e48f2cbcea9d7f9..191ec1c2c7dffb3feb6027d3b1e556a060d2c3df 100644
--- a/chart/templates/istio/operator/gitrepository.yaml
+++ b/chart/templates/istio/operator/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.istiooperator.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/logging/eck-operator/gitrepository.yaml b/chart/templates/logging/eck-operator/gitrepository.yaml
index 3f8ecfb0f54a7d5871ed8dd2db8bd50411a9912f..06430d16484adc62598a6400b512bcdb9fb08d6e 100644
--- a/chart/templates/logging/eck-operator/gitrepository.yaml
+++ b/chart/templates/logging/eck-operator/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.eckoperator.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/logging/elasticsearch-kibana/gitrepository.yaml b/chart/templates/logging/elasticsearch-kibana/gitrepository.yaml
index a2bbc5f1d96ce49ebe54acbc5da7373f38726e53..c9c1902ca7ba21ff6d240bbaaa21e836e9ede61b 100644
--- a/chart/templates/logging/elasticsearch-kibana/gitrepository.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.logging.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/logging/fluentbit/gitrepository.yaml b/chart/templates/logging/fluentbit/gitrepository.yaml
index 4ebcf1fdfa4dbd52ee104c3e5306a3460b4c149c..7a5c0b29444b837a161a9a00f110f4e7a702fe6d 100644
--- a/chart/templates/logging/fluentbit/gitrepository.yaml
+++ b/chart/templates/logging/fluentbit/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.fluentbit.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/monitoring/gitrepository.yaml b/chart/templates/monitoring/gitrepository.yaml
index 73ba7cd4e446b61175ca08bc9f065ab3c9c3ef1c..499084c2897ba13788a3813dcd43a2ad091e4408 100644
--- a/chart/templates/monitoring/gitrepository.yaml
+++ b/chart/templates/monitoring/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.monitoring.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/templates/twistlock/gitrepository.yaml b/chart/templates/twistlock/gitrepository.yaml
index 87b0273a5ca1cbaea17ea4803be44988e55231c2..85893fbea7aaac6961335e9b8756d5a65da6c899 100644
--- a/chart/templates/twistlock/gitrepository.yaml
+++ b/chart/templates/twistlock/gitrepository.yaml
@@ -10,4 +10,5 @@ spec:
   ref:
     {{- include "validRef" .Values.twistlock.git | nindent 4 }}
   {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
 {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 8f9ee2bd31bb3e2582074920a4991631db0373b9..f823f3788824ae099e89f577248664a5a19db06f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -11,6 +11,26 @@ registryCredentials:
   password: ""
   email: ""
 
+# Global git values
+# Order of precedence is:
+#   1. existingSecret
+#   2. http credentials (username/password)
+#   3. ssh credentials (privateKey/publicKey/knownHosts)
+git:
+  # Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
+  existingSecret: ""
+
+  # Chart created secrets with user defined values
+  credentials:
+    # HTTP git credentials, both username and password must be provided
+    username: ""
+    password: ""
+
+    # SSH git credentials, privateKey, publicKey, and knownHosts must be provided
+    privateKey: ""
+    publicKey: ""
+    knownHosts: ""
+
 # Flux reconciliation parameters
 flux:
   interval: 2m
@@ -34,6 +54,7 @@ istio:
   values: {}
 
 istiooperator:
+  enabled: true
   git:
     repo: https://repo1.dsop.io/platform-one/big-bang/apps/core/istio-operator.git
     path: "./chart"
@@ -77,6 +98,7 @@ logging:
   values: {}
 
 eckoperator:
+  enabled: true
   git:
     repo: https://repo1.dsop.io/platform-one/big-bang/apps/core/eck-operator.git
     path: "./chart"
@@ -84,6 +106,7 @@ eckoperator:
   values: {}
 
 fluentbit:
+  enabled: true
   git:
     repo: https://repo1.dsop.io/platform-one/big-bang/apps/core/fluentbit.git
     path: "./chart"