diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index b8ecb4da..e4eb6d41 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -44,6 +44,16 @@ data:
     {{- end }}
     {{- else }}
     apisix:    # universal configurations
+      {{- if .Values.apisix.encryption }}
+      data_encryption:         # Data encryption settings
+        enable_encrypt_fields: {{ .Values.apisix.encryption.enabled }}
+        {{- if and .Values.apisix.encryption.keyring (gt (len .Values.apisix.encryption.keyring) 0) }}
+        keyring:
+          {{- range $key := .Values.apisix.encryption.keyring }}
+          - {{ $key | quote }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
       {{- if not (eq .Values.apisix.deployment.role "control_plane") }}
       node_listen:    # APISIX listening port
         - {{ .Values.service.http.containerPort }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index 520f4d0d..e44cde08 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -603,6 +603,15 @@ apisix:
     ip: "0.0.0.0"
     port: 7085
 
+  # -- Data encryption settings.
+  encryption:
+    # -- Enable or disable the encryption feature.
+    enabled: true
+    # -- The keyring used for encryption and decryption of sensitive data.
+    # leave empty to use the default keyring.
+    keyring: []
+      # - "0123456789abcdef"
+
   # -- When configured, APISIX will trust the `X-Forwarded-*` Headers passed in requests from the IP/CIDR in the list.
   trustedAddresses:
     - 127.0.0.1