diff --git a/stable/spinnaker/templates/configmap/halyard-config.yaml b/stable/spinnaker/templates/configmap/halyard-config.yaml
index bf445437d524..193c7201e034 100644
--- a/stable/spinnaker/templates/configmap/halyard-config.yaml
+++ b/stable/spinnaker/templates/configmap/halyard-config.yaml
@@ -27,11 +27,29 @@ data:
 
     # Storage
     {{ if .Values.minio.enabled }}
-    echo {{ .Values.minio.secretKey }} | $HAL_COMMAND config storage s3 edit --endpoint http://{{ .Release.Name }}-minio:9000 --access-key-id {{ .Values.minio.accessKey }} --secret-access-key --bucket {{ .Values.storageBucket }}
+    echo {{ .Values.minio.secretKey }} | $HAL_COMMAND config storage s3 edit --endpoint http://{{ .Release.Name }}-minio:9000 --access-key-id {{ .Values.minio.accessKey }} --secret-access-key --bucket {{ .Values.minio.bucket }}
+    $HAL_COMMAND config storage edit --type s3
+    {{ end }}
+    {{ if .Values.s3.enabled }}
+    {{- if .Values.s3.secretKey -}} cat /opt/s3/secretKey | {{- end }} $HAL_COMMAND config storage s3 edit \
+      --bucket {{ .Values.s3.bucket }} \
+      {{- if .Values.s3.rootFolder }}
+      --root-folder {{ .Values.s3.rootFolder }} \
+      {{- end }}
+      {{- if .Values.s3.region }}
+      --region {{ .Values.s3.region }} \
+      {{- end }}
+      {{- if .Values.s3.endpoint }}
+      --endpoint {{ .Values.s3.endpoint }} \
+      {{- end }}
+      {{- if .Values.s3.accessKey }}
+      --access-key-id "$(cat /opt/s3/accessKey)" \
+      {{- end }}
+
     $HAL_COMMAND config storage edit --type s3
     {{ end }}
     {{ if .Values.gcs.enabled }}
-    $HAL_COMMAND config storage gcs edit --project {{ .Values.gcs.project }} --json-path /opt/gcs/key.json --bucket {{ .Values.storageBucket }}
+    $HAL_COMMAND config storage gcs edit --project {{ .Values.gcs.project }} --json-path /opt/gcs/key.json --bucket {{ .Values.gcs.bucket }}
     $HAL_COMMAND config storage edit --type gcs
     {{ end }}
 
diff --git a/stable/spinnaker/templates/hooks/install-using-hal.yaml b/stable/spinnaker/templates/hooks/install-using-hal.yaml
index 8e5968791e3d..841e299ce634 100644
--- a/stable/spinnaker/templates/hooks/install-using-hal.yaml
+++ b/stable/spinnaker/templates/hooks/install-using-hal.yaml
@@ -37,7 +37,12 @@ spec:
       {{- if .Values.gcs.enabled }}
       - name: gcs-key
         secret:
-          secretName: {{ template "fullname" . }}-gcs
+          secretName: {{ template "spinnaker.fullname" . }}-gcs
+      {{- end }}
+      {{- if and .Values.s3.enabled .Values.s3.accessKey .Values.s3.secretKey }}
+      - name: s3-secrets
+        secret:
+          secretName: {{ template "spinnaker.fullname" .}}-s3
       {{- end }}
       containers:
       - name: halyard-install
@@ -53,6 +58,10 @@ spec:
         - name: gcs-key
           mountPath: /opt/gcs
         {{- end }}
+        {{- if and .Values.s3.enabled .Values.s3.accessKey .Values.s3.secretKey }}
+        - name: s3-secrets
+          mountPath: /opt/s3
+        {{- end }}
         {{- if .Values.kubeConfig.enabled }}
         - name: kube-config
           mountPath: /opt/kube
diff --git a/stable/spinnaker/templates/secrets/s3.yaml b/stable/spinnaker/templates/secrets/s3.yaml
new file mode 100644
index 000000000000..be0a7bd838e3
--- /dev/null
+++ b/stable/spinnaker/templates/secrets/s3.yaml
@@ -0,0 +1,17 @@
+{{- if and (or .Values.s3.accessKey .Values.s3.secretKey) (not (and .Values.s3.accessKey .Values.s3.secretKey)) -}}
+{{ fail "S3: If providing credentials, accessKey and secretKey must be both set." }}
+{{- end -}}
+
+{{- if and .Values.s3.enabled .Values.s3.accessKey .Values.s3.secretKey }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "spinnaker.fullname" . }}-s3
+  labels:
+{{ include "spinnaker.standard-labels" . | indent 4 }}
+    component: halyard
+type: Opaque
+data:
+  accessKey: {{ .Values.s3.accessKey | b64enc | quote }}
+  secretKey: {{ .Values.s3.secretKey | b64enc | quote }}
+{{- end }}
diff --git a/stable/spinnaker/templates/statefulsets/halyard.yaml b/stable/spinnaker/templates/statefulsets/halyard.yaml
index 85d31608f089..0f61183b441e 100644
--- a/stable/spinnaker/templates/statefulsets/halyard.yaml
+++ b/stable/spinnaker/templates/statefulsets/halyard.yaml
@@ -68,6 +68,11 @@ spec:
         secret:
           secretName: {{ template "spinnaker.fullname" . }}-gcs
       {{- end }}
+      {{- if and .Values.s3.enabled .Values.s3.accessKey .Values.s3.secretKey }}
+      - name: s3-secrets
+        secret:
+          secretName: {{ template "spinnaker.fullname" . }}-s3
+      {{- end }}
       - name: halyard-config
         emptyDir: {}
       containers:
@@ -81,6 +86,10 @@ spec:
         - name: gcs-key
           mountPath: /opt/gcs
         {{- end }}
+        {{- if and .Values.s3.enabled .Values.s3.accessKey .Values.s3.secretKey }}
+        - name: s3-secrets
+          mountPath: /opt/s3
+        {{- end }}
         {{- if .Values.kubeConfig.enabled }}
         - name: kube-config
           mountPath: /opt/kube
diff --git a/stable/spinnaker/values.yaml b/stable/spinnaker/values.yaml
index 9380afcb8015..508255355f7b 100644
--- a/stable/spinnaker/values.yaml
+++ b/stable/spinnaker/values.yaml
@@ -58,9 +58,6 @@ deck:
     #    hosts:
     #      - domain.com
 
-# Bucket to use when storing config data in S3 compatible storage
-storageBucket: spinnaker
-
 # Node labels for pod assignment
 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
 # nodeSelector to provide to each of the Spinnaker components
@@ -80,9 +77,20 @@ minio:
   serviceType: ClusterIP
   accessKey: spinnakeradmin
   secretKey: spinnakeradmin
+  bucket: "spinnaker"
   nodeSelector: {}
 
 gcs:
   enabled: false
   project: my-project-name
+  bucket: "<GCS-BUCKET-NAME>"
   jsonKey: '<INSERT CLOUD STORAGE JSON HERE>'
+
+s3:
+  enabled: false
+  bucket: "<S3-BUCKET-NAME>"
+  # rootFolder: "front50"
+  # region: "us-east-1"
+  # endpoint: ""
+  # accessKey: ""
+  # secretKey: ""