diff --git a/chart/flux/README.md b/chart/flux/README.md
index 12f852d50..276a89c39 100755
--- a/chart/flux/README.md
+++ b/chart/flux/README.md
@@ -245,6 +245,7 @@ The following tables lists the configurable parameters of the Flux chart and the
 | `registry.ecr.require`                            | `false`                                              | Refuse to start if the AWS API is not available
 | `registry.acr.enabled`                            | `false`                                              | Mount `azure.json` via HostPath into the Flux Pod, enabling Flux to use AKS's service principal for ACR authentication
 | `registry.acr.hostPath`                           | `/etc/kubernetes/azure.json`                         | Alternative location of `azure.json` on the host
+| `registry.acr.secretName`                         | `None`                                               | Secret to mount instead of a hostPath
 | `registry.dockercfg.enabled`                      | `false`                                              | Mount `config.json` via Secret into the Flux Pod, enabling Flux to use a custom docker config file
 | `registry.dockercfg.secretName`                   | `None`                                               | Kubernetes secret with the docker config.json
 | `registry.dockercfg.configFileName`               | `/dockercfg/config.json`                             | Alternative path/name of the docker config.json
diff --git a/chart/flux/templates/deployment.yaml b/chart/flux/templates/deployment.yaml
index cde415386..d196b57d4 100644
--- a/chart/flux/templates/deployment.yaml
+++ b/chart/flux/templates/deployment.yaml
@@ -60,9 +60,14 @@ spec:
           medium: Memory
       {{- if .Values.registry.acr.enabled }}
       - name: acr-credentials
+        {{- if (not .Values.registry.acr.secretName) }}
         hostPath:
           path: "{{ .Values.registry.acr.hostPath }}"
           type: ""
+        {{- else }}
+        secret:
+          secretName: {{ .Values.registry.acr.secretName }}
+        {{- end }}
       {{- end }}
       {{- if .Values.registry.dockercfg.enabled }}
       - name: docker-credentials
diff --git a/chart/flux/values.yaml b/chart/flux/values.yaml
index 854b16ffb..6d95315e9 100644
--- a/chart/flux/values.yaml
+++ b/chart/flux/values.yaml
@@ -218,6 +218,7 @@ registry:
   acr:
     enabled: false
     hostPath: /etc/kubernetes/azure.json
+    secretName: ""
   dockercfg:
     enabled: false
     secretName: ""
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 38bbb41b2..e66415ddf 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -105,6 +105,9 @@ reasons this can happen:
           path: /etc/kubernetes/azure.json
           type: ""
    ```
+   If you encounter [permission errors](https://github.com/Azure/AKS/issues/729), 
+   you can alternatively create a secret `acr-credentials` based on the
+   `azure.json` file and set `registry.acr.secretName=acr-credentials`.
  - Flux excludes images with no suitable manifest (linux amd64) in manifestlist
  - Flux doesn't yet understand image refs that use digests instead of
    tags; see