diff --git a/chart/templates/secrets/fernetkey-secret.yaml b/chart/templates/secrets/fernetkey-secret.yaml
index a9a1f6016938b..0127fb097b06f 100644
--- a/chart/templates/secrets/fernetkey-secret.yaml
+++ b/chart/templates/secrets/fernetkey-secret.yaml
@@ -21,6 +21,8 @@
 ## Airflow Fernet Key Secret
 #################################
 {{- if not .Values.fernetKeySecretName }}
+# Fernet key value must be b64enc
+{{- $generated_fernet_key := (randAlphaNum 32 | b64enc) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -42,5 +44,5 @@ metadata:
     {{- end }}
 type: Opaque
 data:
-  fernet-key: {{ (.Values.fernetKey) | default (randAlphaNum 32) | b64enc | quote }}
+  fernet-key: {{ (default $generated_fernet_key .Values.fernetKey) | b64enc | quote }}
 {{- end }}
diff --git a/helm-tests/tests/helm_tests/security/test_fernetkey_secret.py b/helm-tests/tests/helm_tests/security/test_fernetkey_secret.py
index a134273bba7b0..e558eb7e4fd08 100644
--- a/helm-tests/tests/helm_tests/security/test_fernetkey_secret.py
+++ b/helm-tests/tests/helm_tests/security/test_fernetkey_secret.py
@@ -16,21 +16,46 @@
 # under the License.
 from __future__ import annotations
 
+import base64
+
 import jmespath
 from chart_utils.helm_template_generator import render_chart
+from cryptography.fernet import Fernet
 
 
 class TestFernetKeySecret:
     """Tests fernet key secret."""
 
     def test_should_add_annotations_to_fernetkey_secret(self):
+        # Create a Fernet key
+        fernet_key_provided = Fernet.generate_key().decode()
         docs = render_chart(
             values={
-                "fernetKey": "test",
+                "fernetKey": fernet_key_provided,
                 "fernetKeySecretAnnotations": {"test_annotation": "test_annotation_value"},
             },
             show_only=["templates/secrets/fernetkey-secret.yaml"],
         )[0]
-
         assert "annotations" in jmespath.search("metadata", docs)
         assert jmespath.search("metadata.annotations", docs)["test_annotation"] == "test_annotation_value"
+
+        # Extract the base64 encoded fernet key from the secret
+        fernet_key_b64 = jmespath.search('data."fernet-key"', docs).strip('"')
+        fernet_key = base64.b64decode(fernet_key_b64).decode()
+
+        # Verify the key is valid by creating a Fernet instance
+        Fernet(fernet_key.encode())  # Raise: Fernet key must be 32 url-safe base64-encoded bytes.
+
+    def test_should_generate_valid_fernetkey_secret(self):
+        """Test that a valid Fernet key is generated."""
+        docs = render_chart(
+            values={},  # No fernetKey provided
+            show_only=["templates/secrets/fernetkey-secret.yaml"],
+        )[0]
+
+        # Extract the base64 encoded fernet key from the secret
+        fernet_key_b64 = jmespath.search('data."fernet-key"', docs).strip('"')
+        fernet_key = base64.b64decode(fernet_key_b64).decode()
+
+        # Verify the key is valid by creating a Fernet instance
+        Fernet(fernet_key.encode())  # Raise: Fernet key must be 32 url-safe base64-encoded bytes.