diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml
index 7de6f1a5..d6e2d304 100644
--- a/charts/lagoon-core/Chart.yaml
+++ b/charts/lagoon-core/Chart.yaml
@@ -41,21 +41,4 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update Lagoon appVersion to v2.21.0
-      links:
-        - name: lagoon-core v2.21.0 release
-          url: https://github.com/uselagoon/lagoon/releases/tag/v2.21.0
-    - kind: changed
-      description: update insights-handler to v0.0.6
-      links:
-        - name: insights-remote v0.0.6 release
-          url: https://github.com/uselagoon/insights-handler/releases/tag/v0.0.6
-    - kind: changed
-      description: update ssh-portal and ssh-token to v0.37.2
-      links:
-        - name: ssh-portal v0.37.2 release
-          url: https://github.com/uselagoon/lagoon-ssh-portal/releases/tag/v0.37.2
-    - kind: changed
-      description: add broker-flag-enable pre-upgrade job
-    - kind: changed
-      description: add KEYCLOAK_FRONTEND_URL variable to api deployment
+      description: add KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET variable to keycloak and ui deployment
diff --git a/charts/lagoon-core/templates/keycloak.secret.yaml b/charts/lagoon-core/templates/keycloak.secret.yaml
index 55b7465c..9f3e5270 100644
--- a/charts/lagoon-core/templates/keycloak.secret.yaml
+++ b/charts/lagoon-core/templates/keycloak.secret.yaml
@@ -10,6 +10,7 @@ This somewhat complex logic is intended to:
 {{- $keycloakAPIClientSecret := coalesce .Values.keycloakAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_API_CLIENT_SECRET" | empty)) }}
 {{- $keycloakAuthServerClientSecret := coalesce .Values.keycloakAuthServerClientSecret (ternary uuidv4 (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | empty)) }}
 {{- $keycloakServiceAPIClientSecret := coalesce .Values.keycloakServiceAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | empty)) }}
+{{- $keycloakLagoonUIOIDCClientSecret := coalesce .Values.keycloakLagoonUIOIDCClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET" | empty)) }}
 {{- $keycloakLagoonOpensearchSyncClientSecret := coalesce .Values.keycloakLagoonOpensearchSyncClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | empty)) }}
 {{- $keycloakLagoonAdminPassword := coalesce .Values.keycloakLagoonAdminPassword (ternary (randAlpha 32) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | empty)) }}
 {{/* set the variable globally for access in NOTES */}}
@@ -27,5 +28,6 @@ stringData:
   KEYCLOAK_API_CLIENT_SECRET: {{ $keycloakAPIClientSecret }}
   KEYCLOAK_AUTH_SERVER_CLIENT_SECRET: {{ $keycloakAuthServerClientSecret | quote }}
   KEYCLOAK_SERVICE_API_CLIENT_SECRET: {{ $keycloakServiceAPIClientSecret | quote }}
+  KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET: {{ $keycloakLagoonUIOIDCClientSecret | quote }}
   KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET: {{ $keycloakLagoonOpensearchSyncClientSecret | quote }}
   KEYCLOAK_LAGOON_ADMIN_PASSWORD: {{ $keycloakLagoonAdminPassword | quote }}
diff --git a/charts/lagoon-core/templates/ui.deployment.yaml b/charts/lagoon-core/templates/ui.deployment.yaml
index f3779290..0ad892b3 100644
--- a/charts/lagoon-core/templates/ui.deployment.yaml
+++ b/charts/lagoon-core/templates/ui.deployment.yaml
@@ -52,6 +52,11 @@ spec:
           {{- else }}
           value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/auth
           {{- end }}
+        - name: KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "lagoon-core.keycloak.fullname" . }}
+              key: KEYCLOAK_LAGOON_UI_OIDC_CLIENT_SECRET
         - name: WEBHOOK_URL
           {{- if .Values.lagoonWebhookURL }}
           value: {{ .Values.lagoonWebhookURL | quote }}
diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml
index 41ae684a..de2df921 100644
--- a/charts/lagoon-core/values.yaml
+++ b/charts/lagoon-core/values.yaml
@@ -45,6 +45,7 @@
 # keycloakAdminPassword:
 # keycloakAPIClientSecret:
 # keycloakAuthServerClientSecret:
+# keycloakLagoonUIOIDCClientSecret:
 # keycloakDBPassword:
 # keycloakLagoonAdminPassword:
 # logsDBAdminPassword: