diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index 679fa99..f1979ca 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -2,6 +2,12 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "app.fullname" . }}
+  annotations:
+  {{- if .Values.operator.reloader.enabled }}
+  {{- if .Values.operator.reloader.auto }}
+    reloader.stakater.com/auto: "true"
+  {{- end }}
+  {{- end }}
   labels:
     app: {{ include "app.fullname" . }}
 {{ include "app.labels.common" $ | indent 4 }}
diff --git a/templates/secret-keycloak-client.yaml b/templates/secret-keycloak-client.yaml
index 8281251..08ecd66 100644
--- a/templates/secret-keycloak-client.yaml
+++ b/templates/secret-keycloak-client.yaml
@@ -3,11 +3,19 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ include "app.oidc.client.secret.name" $ }}
+  annotations:
+  {{- if .Values.operator.secretgenerator.enabled }}
+  {{- if .Values.operator.keycloak.client.secret.generator.enabled }}
+    secret-generator.v1.mittwald.de/autogenerate: secret
+  {{- end }}
+  {{- end }}
   labels:
     app: {{ template "app.fullname" $ }}
 {{ include "app.labels.common" $ | indent 4 }}    
 type: Opaque
 stringData:
   clientId: {{ .Values.operator.keycloak.client.spec.kcConfig.clientId | default (include "app.fullname" .) }}
+  {{- if not .Values.operator.keycloak.client.secret.generator.enabled }}
   secret: {{ include "app.oidc.client.password" $ }}
+  {{- end }}
 {{- end }}
diff --git a/values.yaml b/values.yaml
index af1417e..6e50d4e 100644
--- a/values.yaml
+++ b/values.yaml
@@ -240,6 +240,19 @@ oidc:
 
 # Kubernetes operator configuration
 operator:
+
+  # secret-generator oprator
+  secretgenerator:
+    # enabled or disable secret-generator annotation 
+    enabled: false
+
+  # reloader operator for configmap and secrets
+  reloader:
+    # enabled or disable reloader annotation 
+    enabled: true
+    # enabled or disable auto reloader (all deployment references)
+    auto: true
+
   # product store microservice
   microservice:
     # enable or disable configuration for operator
@@ -347,7 +360,7 @@ operator:
       remoteEntry:
 
       # default release name (product name)
-      productName:      
+      productName:
       
       # default deployment name (release_name-name or appId)
       appId:
@@ -363,6 +376,13 @@ operator:
       enabled: false
       # Set password for secret of default name of app
       password:
+      # secret configuration
+      secret:
+        # secret generator configuration
+        generator:
+          # enabled or disable secret generator annotation for kc client resource
+          enabled: true
+
       # definition
       spec:
         # keycloak realm where the client has to be created