diff --git a/src/keycloak/chart/templates/secret-kc-realm.yaml b/src/keycloak/chart/templates/secret-kc-realm.yaml
new file mode 100644
index 000000000..28dcdbe94
--- /dev/null
+++ b/src/keycloak/chart/templates/secret-kc-realm.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "keycloak.fullname" . }}-realm-env
+  namespace: {{ .Release.Namespace }}  
+  labels:
+    {{- include "keycloak.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- range $key, $value := .Values.realmInitEnv }}
+  {{- if eq (typeOf $value) "bool" }}
+  REALM_{{ $key }}: {{ toString $value | b64enc }}
+  {{- else }}
+  REALM_{{ $key }}: {{ $value | b64enc }}
+  {{- end }}
+  {{- end }}
\ No newline at end of file
diff --git a/src/keycloak/chart/templates/statefulset.yaml b/src/keycloak/chart/templates/statefulset.yaml
index 7d032fd0a..1938fa041 100644
--- a/src/keycloak/chart/templates/statefulset.yaml
+++ b/src/keycloak/chart/templates/statefulset.yaml
@@ -72,6 +72,9 @@ spec:
             # This will only import the realm if it does not exist
             - "--import-realm"
             - "--features=preview"
+          envFrom:
+            - secretRef:
+                name: {{ include "keycloak.fullname" . }}-realm-env            
           env:
             # Common configuration
             - name: UDS_DOMAIN
diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
index e54edaa76..5d629232d 100644
--- a/src/keycloak/chart/values.yaml
+++ b/src/keycloak/chart/values.yaml
@@ -15,6 +15,13 @@ domain: "###ZARF_VAR_DOMAIN###"
 # The primary Keycloak realm
 realm: uds
 
+# UDS Identity Config Environment Variables. More info here: https://github.com/defenseunicorns/uds-identity-config/blob/main/docs/CUSTOMIZE.md#override-default-realm
+realmInitEnv:
+  GOOGLE_IDP_ENABLED: false
+  # Other UDS Identity Config fields that will be used in the realm.json initalization of keycloak
+  # GOOGLE_IDP_CLIENTID: ""
+  # GOOGLE_IDP_CLIENT_SECRET: ""
+
 # Generates an initial password for first admin user - only use if install is headless
 # (i.e. cannot hit keycloak UI with `zarf connect keycloak`), password should be changed after initial login
 insecureAdminPasswordGeneration: