diff --git a/mirrord-operator/Chart.yaml b/mirrord-operator/Chart.yaml
index b102c6b..5fdfc15 100644
--- a/mirrord-operator/Chart.yaml
+++ b/mirrord-operator/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.11.1
+version: 1.12.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/mirrord-operator/templates/crd.yaml b/mirrord-operator/templates/crd.yaml
index c503544..c0ca103 100644
--- a/mirrord-operator/templates/crd.yaml
+++ b/mirrord-operator/templates/crd.yaml
@@ -460,6 +460,10 @@ spec:
       jsonPath: .spec.parent
       name: PARENT
       type: string
+    - description: Name of Secret to load from.
+      jsonPath: .spec.loadFromSecret
+      name: SECRET
+      type: string
     name: v1alpha
     schema:
       openAPIV3Schema:
@@ -468,6 +472,15 @@ spec:
           spec:
             description: Configuration to use when creating operator's Kafka client. Resources of this kind should live in the operator's namespace.
             properties:
+              loadFromSecret:
+                description: |-
+                  Namespace and name of a `Secret` to use as another source of properties.
+
+                  The secret is fetched and entries in its `.data` field are resolved to properties. Properties resolved this way override properties from the parent configuration. Properties defined inline in this object override properties resolved from the secret.
+
+                  Example value: `default/my-secret`
+                nullable: true
+                type: string
               parent:
                 description: Name of parent resource to use as base when resolving final configuration.
                 nullable: true
diff --git a/mirrord-operator/templates/role-binding.yaml b/mirrord-operator/templates/role-binding.yaml
index 9bbbe8e..443037a 100644
--- a/mirrord-operator/templates/role-binding.yaml
+++ b/mirrord-operator/templates/role-binding.yaml
@@ -11,3 +11,18 @@ subjects:
 - kind: ServiceAccount
   name: mirrord-operator
   namespace: {{ .Values.namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: mirrord-operator
+  namespace: mirrord
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mirrord-operator
+subjects:
+- apiGroup: ''
+  kind: ServiceAccount
+  name: mirrord-operator
+  namespace: mirrord
\ No newline at end of file
diff --git a/mirrord-operator/templates/role.yaml b/mirrord-operator/templates/role.yaml
index dca5915..1565d59 100644
--- a/mirrord-operator/templates/role.yaml
+++ b/mirrord-operator/templates/role.yaml
@@ -12,3 +12,18 @@ rules:
   - configmaps
   verbs:
   - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: mirrord-operator
+  namespace: mirrord
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
\ No newline at end of file