diff --git a/kube-enforcer/templates/kube-enforcer-deployment.yaml b/kube-enforcer/templates/kube-enforcer-deployment.yaml
index f97f2123..98463169 100644
--- a/kube-enforcer/templates/kube-enforcer-deployment.yaml
+++ b/kube-enforcer/templates/kube-enforcer-deployment.yaml
@@ -13,9 +13,17 @@ spec:
       labels:
         app: {{ include "kube-enforcer.fullname" . }}
     spec:
+      {{- with .Values.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       serviceAccountName: {{ .Values.serviceAccount.name }}
       containers:
         - name: kube-enforcer
+          {{- with .Values.container_securityContext }}
+          securityContext:
+{{ toYaml . | indent 12 }}
+          {{- end }}
           image: "{{ .Values.imageCredentials.repositoryUriPrefix }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: Always
           ports:
diff --git a/kube-enforcer/values.yaml b/kube-enforcer/values.yaml
index 1680c591..8186a526 100644
--- a/kube-enforcer/values.yaml
+++ b/kube-enforcer/values.yaml
@@ -30,7 +30,7 @@ logLevel:
 #enable to true if you want to use existing secret for the cluster
 existing_secret:
   enable: false
-  secretName:
+  secretName: ""
 
 certsSecret:
   name: aqua-kube-enforcer-certs
@@ -69,6 +69,12 @@ webhooks:
   mutatingWebhook:
     name: kube-enforcer-me-injection-hook-config
 
+securityContext:
+  runAsUser: 11431
+  runAsGroup: 11433
+  fsGroup: 11433
+container_securityContext: {}
+
 livenessProbe:
   tcpSocket:
     port: 8080