diff --git a/step-certificates/Chart.yaml b/step-certificates/Chart.yaml
index c2f27ab..bfb0368 100644
--- a/step-certificates/Chart.yaml
+++ b/step-certificates/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: step-certificates
-version: 0.14.6
+version: 0.15.0
 appVersion: 0.14.6
 description: An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.
 keywords:
diff --git a/step-certificates/README.md b/step-certificates/README.md
index b9edbae..cd10eb5 100644
--- a/step-certificates/README.md
+++ b/step-certificates/README.md
@@ -59,6 +59,7 @@ chart and their default values.
 | `ca.db.accessModes`         | Persistent volume access mode                                                     | `["ReadWriteOnce"]`           |
 | `ca.db.size`                | Persistent volume size                                                            | `10Gi`                        |
 | `ca.runAsRoot`              | Run the CA as root.                                                               | `false`                       |
+| `ca.bootstrap.data`         | Secret for bootstrap data                                                         | `{}`                          |
 | `ca.bootstrap.postInitHook` | Extra script snippet to run after `step ca init` has completed.                   | `""`                          |
 | `service.type`              | Service type                                                                      | `ClusterIP`                   |
 | `service.port`              | Incoming port to access Step CA                                                   | `443`                         |
diff --git a/step-certificates/templates/bootstrap.yaml b/step-certificates/templates/bootstrap.yaml
index bafdd65..c8cad88 100644
--- a/step-certificates/templates/bootstrap.yaml
+++ b/step-certificates/templates/bootstrap.yaml
@@ -27,6 +27,11 @@ spec:
       - name: bootstrap
         configMap:
           name: {{ include "step-certificates.fullname" . }}-bootstrap
+      {{- if .Values.ca.bootstrap.data }}
+      - name: data 
+        secret:
+          secretName: {{ .Values.ca.bootstrap.data.name }}
+      {{- end}}
       containers:
       - name: config
         image: "{{ .Values.bootstrapImage.repository }}:{{ .Values.bootstrapImage.tag }}"
@@ -36,4 +41,8 @@ spec:
           - name: bootstrap
             mountPath: /home/step/bootstrap
             readOnly: true
+          {{- if .Values.ca.bootstrap.data }}
+          - name: data
+            mountPath: /tmp/bootstrap-data
+          {{- end }}
 {{- end }}
diff --git a/step-certificates/values.yaml b/step-certificates/values.yaml
index 96d8dc3..1c07546 100644
--- a/step-certificates/values.yaml
+++ b/step-certificates/values.yaml
@@ -68,6 +68,10 @@ ca:
   # some storage provisioners.
   runAsRoot: false
   bootstrap:
+    # A secret which will be mounted to the bootstrap job. This allows for adding custom
+    # certificates or federated roots.
+    data: {}
+      # name:
     # Add script snippets here to be executed after the step ca init has been run
     postInitHook: ""