diff --git a/charts/keycloak/templates/keycloak-admin-user-external-secret.yaml b/charts/keycloak/templates/keycloak-admin-user-external-secret.yaml
new file mode 100644
index 00000000..a2775bb0
--- /dev/null
+++ b/charts/keycloak/templates/keycloak-admin-user-external-secret.yaml
@@ -0,0 +1,24 @@
+{{- if eq .Values.keycloak.adminUser.enabled true }}
+apiVersion: "external-secrets.io/v1beta1"
+kind: ExternalSecret
+metadata:
+  name: keycloak-admin-user
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: 15s
+  secretStoreRef:
+    name: {{ .Values.global.secretStore.name }}
+    kind: {{ .Values.global.secretStore.kind }}
+  target:
+    name: {{ .Values.keycloak.adminUser.secretName }}
+    template:
+      type: Opaque
+      data:
+        username: "{{ .Values.keycloak.adminUser.username }}"
+        password: "{{ `{{ .admin_password }}` }}"
+  data:
+  - secretKey: admin_password
+    remoteRef:
+      key: {{ .Values.keycloak.adminUser.passwordVaultKey }}
+      property: admin-password
+{{- end }}
diff --git a/charts/keycloak/templates/keycloak.yaml b/charts/keycloak/templates/keycloak.yaml
index 37121742..a2fd8541 100644
--- a/charts/keycloak/templates/keycloak.yaml
+++ b/charts/keycloak/templates/keycloak.yaml
@@ -6,6 +6,11 @@ metadata:
   annotations:
     argocd.argoproj.io/sync-wave: "5"
 spec:
+{{- if eq .Values.keycloak.adminUser.enabled true }}
+  bootstrapAdmin:
+    user:
+      secret: {{ .Values.keycloak.adminUser.secretName }}
+{{- end }}
   db:
     host: postgresql-db
     passwordSecret:
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
index d019e6bf..057562bd 100644
--- a/charts/keycloak/values.yaml
+++ b/charts/keycloak/values.yaml
@@ -4,6 +4,11 @@ global:
     kind: ClusterSecretStore
     name: vault-backend
 keycloak:
+  adminUser:
+    enabled: true
+    username: admin
+    passwordVaultKey: secret/data/global/keycloak
+    secretName: keycloak-admin-user
   defaultConfig: true
   defaultRealm:
     clients:
diff --git a/values-secret.yaml.template b/values-secret.yaml.template
index db02b485..3f0857c4 100644
--- a/values-secret.yaml.template
+++ b/values-secret.yaml.template
@@ -37,6 +37,9 @@ secrets:
     vaultPrefixes:
     - global
     fields:
+    - name: admin-password
+      onMissingValue: generate
+      vaultPolicy: validatedPatternDefaultPolicy
     - name: db-password
       onMissingValue: generate
       vaultPolicy: validatedPatternDefaultPolicy