diff --git a/chart/templates/engine_configmap.yaml b/chart/templates/engine_configmap.yaml
index be0232ec8e2422be242eb121841e610fe238ec49..517331dba009214edf81eb21bcf926512bdfdc23 100644
--- a/chart/templates/engine_configmap.yaml
+++ b/chart/templates/engine_configmap.yaml
@@ -59,9 +59,7 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-      {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
       secret: ${ANCHORE_SAML_SECRET}
       {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
diff --git a/chart/templates/engine_secret.yaml b/chart/templates/engine_secret.yaml
index 230d20fa252d5753df275238de58d04ede791a22..e151447666f1257484e22f38d88c4e3723026759 100644
--- a/chart/templates/engine_secret.yaml
+++ b/chart/templates/engine_secret.yaml
@@ -16,8 +16,10 @@ stringData:
   ANCHORE_DB_PASSWORD: {{ index .Values "postgresql" "postgresPassword" | quote }}
   {{- $anchorefullname := include "anchore-engine.fullname" . -}}
   {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-  {{- if or (not $old_secret) (not $old_secret.data) }}
-  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }}
+  {{- if .Values.anchoreGlobal.saml.secret }}
+  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
+  {{- else if or (not $old_secret) (not $old_secret.data) }}
+  ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
   {{ else }}
   ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
   {{- end }}
diff --git a/chart/templates/enterprise_configmap.yaml b/chart/templates/enterprise_configmap.yaml
index c793738e3094cab2f56dc6e9514cb5043eb05b2b..4743622be34c51f5b2b19e370bcdf82a0effbe67 100644
--- a/chart/templates/enterprise_configmap.yaml
+++ b/chart/templates/enterprise_configmap.yaml
@@ -41,9 +41,7 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-      {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
       secret: ${ANCHORE_SAML_SECRET}
       {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
diff --git a/chart/templates/enterprise_feeds_configmap.yaml b/chart/templates/enterprise_feeds_configmap.yaml
index 130beff6713f51c43831ccf14d341c3d1656ca59..b5e652fda6f9a420bc3070abecf190737d3e39d1 100644
--- a/chart/templates/enterprise_feeds_configmap.yaml
+++ b/chart/templates/enterprise_feeds_configmap.yaml
@@ -35,9 +35,7 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-      {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
       secret: ${ANCHORE_SAML_SECRET}
       {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
diff --git a/chart/templates/enterprise_feeds_secret.yaml b/chart/templates/enterprise_feeds_secret.yaml
index d1c2e291c31d0adc6890aeae4691a990b1f8b8fe..24990f6cf85833053cf4fc02e37ae432a0d97b55 100644
--- a/chart/templates/enterprise_feeds_secret.yaml
+++ b/chart/templates/enterprise_feeds_secret.yaml
@@ -17,8 +17,10 @@ stringData:
   ANCHORE_FEEDS_DB_PASSWORD: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }}
   {{- $anchorefullname := include "anchore-engine.fullname" . -}}
   {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-  {{- if or (not $old_secret) (not $old_secret.data) }}
-  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }}
+  {{- if .Values.anchoreGlobal.saml.secret }}
+  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
+  {{- else if or (not $old_secret) (not $old_secret.data) }}
+  ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
   {{ else }}
   ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
   {{- end }}
diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md
index 6cc7316c2b0959e71fa421c6efffd13d2bead49f..8cc3c77729df17c92760a0266136a5fd59afee79 100644
--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
@@ -225,10 +225,12 @@ To resolve an issue where Anchore would redeploy after every update, `./chart/te
 ```yaml
 {{- $anchorefullname := include "anchore-engine.fullname" . -}}
 {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-{{- if or (not $old_secret) (not $old_secret.data) }}
-ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }}
+{{- if .Values.anchoreGlobal.saml.secret }}
+ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
+{{- else if or (not $old_secret) (not $old_secret.data) }}
+ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
 {{ else }}
-ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }}
+ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
 {{- end }}
 ```
 
@@ -236,11 +238,7 @@ Additionally, `./chart/templates/engine_configmap.yaml`, `./chart/templates/ente
 
 ```yaml
 keys:
-  {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-  {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-  {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+  {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
   secret: ${ANCHORE_SAML_SECRET}
   {{- end }}
-```
-
-If you want to change your `ANCHORE_SAML_SECRET` value, remember to delete the previous 2 secrets so the value is not reused.
\ No newline at end of file
+```
\ No newline at end of file