diff --git a/pkg/deploy/gateway/oauth_proxy.go b/pkg/deploy/gateway/oauth_proxy.go
index bc4f87636..98a3b09aa 100644
--- a/pkg/deploy/gateway/oauth_proxy.go
+++ b/pkg/deploy/gateway/oauth_proxy.go
@@ -99,6 +99,30 @@ skip_provider_button = false
 		skipAuthConfig(ctx.CheCluster))
 }
 
+func getSecretValue(ctx *chetypes.DeployContext) string {
+	secret := &corev1.Secret{}
+	exists, err := deploy.GetNamespacedObject(ctx, ctx.CheCluster.Spec.Networking.Auth.OAuthSecret, secret)
+	if err != nil {
+		logrus.Debug(err)
+	}
+	if !exists {
+		logrus.Infof("Kubernetes secret with name '%s' not found. Assuming oAuthSecret provided is the actual secret.", ctx.CheCluster.Spec.Networking.Auth.OAuthSecret)
+		return ctx.CheCluster.Spec.Networking.Auth.OAuthSecret
+	}
+
+	// Retrieve the value associated with the key "oAuthSecret"
+	value, found := secret.Data["oAuthSecret"]
+	if !found {
+		logrus.Warn("Key 'oAuthSecret' not found. Assuming oAuthSecret provided is the actual secret.")
+		return ctx.CheCluster.Spec.Networking.Auth.OAuthSecret
+	}
+
+	// Convert the byte slice to a string
+	logrus.Infof("Using oAuthSecret found in Kubernetes secret %s", ctx.CheCluster.Spec.Networking.Auth.OAuthSecret)
+	secretValue := string(value)
+	return secretValue
+}
+
 func kubernetesOauthProxyConfig(ctx *chetypes.DeployContext, cookieSecret string) string {
 	return fmt.Sprintf(`
 proxy_prefix = "/oauth"
@@ -128,7 +152,7 @@ cookie_domains = "%s"
 		ctx.CheHost,
 		ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL,
 		ctx.CheCluster.Spec.Networking.Auth.OAuthClientName,
-		ctx.CheCluster.Spec.Networking.Auth.OAuthSecret,
+		getSecretValue(ctx),
 		cookieSecret,
 		cookieExpireAsString(ctx.CheCluster),
 		utils.Whitelist(ctx.CheHost),