diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml
index 95616ec0a..a0310b959 100644
--- a/kibana/templates/deployment.yaml
+++ b/kibana/templates/deployment.yaml
@@ -112,6 +112,9 @@ spec:
           {{- range .Values.secretMounts }}
           - name: {{ .name }}
             mountPath: {{ .path }}
+            {{- if .subPath }}
+            subPath: {{ .subPath }}
+            {{- end }}
           {{- end }}
           {{- range $path, $config := .Values.kibanaConfig }}
           - name: kibanaconfig
diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py
index e3453b615..9b57f4c53 100644
--- a/kibana/tests/kibana_test.py
+++ b/kibana/tests/kibana_test.py
@@ -364,3 +364,33 @@ def test_adding_pod_labels():
 '''
      r = helm_template(config)
      assert r['deployment'][name]['metadata']['labels']['app.kubernetes.io/name'] == 'kibana'
+
+def test_adding_a_secret_mount_with_subpath():
+    config = '''
+secretMounts:
+  - name: elastic-certificates
+    secretName: elastic-certs
+    path: /usr/share/elasticsearch/config/certs
+    subPath: cert.crt
+'''
+    r = helm_template(config)
+    d = r['deployment'][name]['spec']['template']['spec']
+    assert d['containers'][0]['volumeMounts'][-1] == {
+        'mountPath': '/usr/share/elasticsearch/config/certs',
+        'subPath': 'cert.crt',
+        'name': 'elastic-certificates'
+    }
+
+def test_adding_a_secret_mount_without_subpath():
+    config = '''
+secretMounts:
+  - name: elastic-certificates
+    secretName: elastic-certs
+    path: /usr/share/elasticsearch/config/certs
+'''
+    r = helm_template(config)
+    d = r['deployment'][name]['spec']['template']['spec']
+    assert d['containers'][0]['volumeMounts'][-1] == {
+        'mountPath': '/usr/share/elasticsearch/config/certs',
+        'name': 'elastic-certificates'
+    }
diff --git a/kibana/values.yaml b/kibana/values.yaml
index cf08ef6f8..e253b3e66 100755
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@@ -16,9 +16,10 @@ extraEnvs: []
 # This is useful for mounting certificates for security and for mounting
 # the X-Pack license
 secretMounts: []
-#  - name: elastic-certificates
-#    secretName: elastic-certificates
-#    path: /usr/share/elasticsearch/config/certs
+#  - name: kibana-keystore
+#    secretName: kibana-keystore
+#    path: /usr/share/kibana/data/kibana.keystore
+#    subPath: kibana.keystore # optional
 
 image: "docker.elastic.co/kibana/kibana"
 imageTag: "7.2.0"