diff --git a/README.md b/README.md
index 86782fc..ee3e71d 100644
--- a/README.md
+++ b/README.md
@@ -490,6 +490,9 @@ Chart configuration is as follows:
 | `config.postfix` | `{}` | Key-value list of general postfix options, e.g. `myhostname: "demo"` |
 | `config.opendkim` | `{}` | Key-value list of general OpenDKIM options, e.g. `RequireSafeKeys: "yes"` |
 | `secret` | `{}` | Key-value list of environment variables to be shared with Postfix / OpenDKIM as secrets |
+| `mountSecret.enabled` | `false` | Create a folder with contents of the secret in the pod's container |
+| `mountSecret.path` | `/var/lib/secret` | Where to mount secret data |
+| `mountSecret.data` | `{}` | Key-value list of files to be mount into the container |
 | `persistence.enabled` | `true` | Persist Postfix's queue on disk |
 | `persistence.accessModes` | `[ 'ReadWriteOnce' ]` | Access mode |
 | `persistence.existingClaim` | `""` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. |
diff --git a/helm/mail/templates/secret-mount.yaml b/helm/mail/templates/secret-mount.yaml
new file mode 100644
index 0000000..0fd6427
--- /dev/null
+++ b/helm/mail/templates/secret-mount.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.mountSecret.enabled -}}
+{{- $chart := "mail" -}}
+{{- $fullName := include (print $chart ".fullname") . -}}
+{{- $labels := include (print $chart ".labels") . -}}
+{{- with .Values.mountSecret.data }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $fullName }}-mount
+  labels:
+    {{- $labels | nindent 4 }}
+data:
+  {{- range $key, $value := . }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}
+{{ end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/mail/templates/statefulset.yaml b/helm/mail/templates/statefulset.yaml
index 0fc1cd2..14ed96d 100644
--- a/helm/mail/templates/statefulset.yaml
+++ b/helm/mail/templates/statefulset.yaml
@@ -105,6 +105,11 @@ spec:
               readOnly: true
               subPath: _enable_tls.sh
             {{- end }}
+            {{- if .Values.mountSecret.enabled }}
+            - name: mount-secret
+              mountPath: {{ .Values.mountSecret.path }}
+              readOnly: true
+            {{- end }}
             {{- if .Values.extraVolumeMounts }}{{- toYaml .Values.extraVolumeMounts | nindent 12 }}{{ end }}
           resources: {{ toYaml .Values.resources | nindent 12 }}
         {{- if .Values.extraContainers }}
@@ -135,6 +140,11 @@ spec:
         - name: {{ $fullName }}
           emptyDir: {}
         {{- end }}
+        {{- if .Values.mountSecret.enabled }}
+        - name: mount-secret
+          secret:
+            secretName: {{ $fullName }}-mount
+        {{- end }}
         {{- if .Values.extraVolumes }}{{- toYaml .Values.extraVolumes | nindent 8 }}{{ end }}
   {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
   volumeClaimTemplates:
@@ -145,7 +155,7 @@ spec:
         accessModes: {{- toYaml .Values.persistence.accessModes | nindent 10 }}
         {{- if (eq "-" .Values.persistence.storageClass) }}
         storageClassName: ""
-        {{- end }}{{- if .Values.persistence.storageClass }}
+        {{- else if .Values.persistence.storageClass }}
         storageClassName: "{{ .Values.persistence.storageClass }}"
         {{- end }}
         resources:
diff --git a/helm/mail/values.yaml b/helm/mail/values.yaml
index 1dcb526..663d921 100644
--- a/helm/mail/values.yaml
+++ b/helm/mail/values.yaml
@@ -90,6 +90,18 @@ certs:
 #   hello: world
 secret: {}
 
+# Define a secret which should be deployed together with the
+# chart amd mounted into a specific directory in the pod.
+mountSecret:
+  enabled: false
+  path: /var/lib/secret
+  data: {}
+    # e.g.
+    # dkim-private: |
+    #   -----BEGIN RSA PRIVATE KEY-----
+    #   < redacted >
+    #   -----END RSA PRIVATE KEY-----
+
 config:
   general: {}
     # e.g.
diff --git a/helm/test_1_default.yml b/helm/test_01_default.yml
similarity index 100%
rename from helm/test_1_default.yml
rename to helm/test_01_default.yml
diff --git a/helm/test_2_no_persistence.yml b/helm/test_02_no_persistence.yml
similarity index 100%
rename from helm/test_2_no_persistence.yml
rename to helm/test_02_no_persistence.yml
diff --git a/helm/test_3_no_service_account.yml b/helm/test_03_no_service_account.yml
similarity index 100%
rename from helm/test_3_no_service_account.yml
rename to helm/test_03_no_service_account.yml
diff --git a/helm/test_4_common_config.yml b/helm/test_04_common_config.yml
similarity index 100%
rename from helm/test_4_common_config.yml
rename to helm/test_04_common_config.yml
diff --git a/helm/test_5_secret.yml b/helm/test_05_secret.yml
similarity index 100%
rename from helm/test_5_secret.yml
rename to helm/test_05_secret.yml
diff --git a/helm/test_6_existing_claim.yml b/helm/test_06_existing_claim.yml
similarity index 100%
rename from helm/test_6_existing_claim.yml
rename to helm/test_06_existing_claim.yml
diff --git a/helm/test_7_certs.yml b/helm/test_07_certs.yml
similarity index 100%
rename from helm/test_7_certs.yml
rename to helm/test_07_certs.yml
diff --git a/helm/test_8_extra_containers.yml b/helm/test_08_extra_containers.yml
similarity index 100%
rename from helm/test_8_extra_containers.yml
rename to helm/test_08_extra_containers.yml
diff --git a/helm/test_9_service_spec.yml b/helm/test_09_service_spec.yml
similarity index 100%
rename from helm/test_9_service_spec.yml
rename to helm/test_09_service_spec.yml
diff --git a/helm/test_10_mount_secret.yml b/helm/test_10_mount_secret.yml
new file mode 100644
index 0000000..69c12fb
--- /dev/null
+++ b/helm/test_10_mount_secret.yml
@@ -0,0 +1,8 @@
+mountSecret:
+  enabled: true
+  path: /test
+  data:
+    dkim-private: |
+      -----BEGIN RSA PRIVATE KEY-----
+      < redacted >
+      -----END RSA PRIVATE KEY-----