diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md
index b80e998c50b..45440836ed9 100644
--- a/docs/content/en/docs/reference/helm-chart.md
+++ b/docs/content/en/docs/reference/helm-chart.md
@@ -32,7 +32,10 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u
 | daemonSetLabelsOverride | object | `{}` |  |
 | dnsPolicy | string | `"Default"` | DNS policy for Tetragon pods.  https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy |
 | enabled | bool | `true` |  |
-| export | object | `{"filenames":["tetragon.log"],"mode":"stdout","resources":{},"securityContext":{},"stdout":{"argsOverride":[],"commandOverride":[],"enabledArgs":true,"enabledCommand":true,"extraEnv":[],"extraVolumeMounts":[],"image":{"override":null,"repository":"quay.io/cilium/hubble-export-stdout","tag":"v1.1.0"}}}` | Tetragon events export settings |
+| export | object | `{"filenames":["tetragon.log"],"mode":"stdout","resources":{},"securityContext":{},"stdout":{"argsOverride":[],"commandOverride":[],"enabledArgs":true,"enabledCommand":true,"envFromSecrets":[],"extraEnv":[],"extraEnvFrom":[],"extraVolumeMounts":[],"image":{"override":null,"repository":"quay.io/cilium/hubble-export-stdout","tag":"v1.1.0"}}}` | Tetragon events export settings |
+| export.stdout.envFromSecrets | list | `[]` | A simplified way to add secret references to envFrom. Can be specified either as a string (just the secret name) or as an object with additional parameters. Example: envFromSecrets:   - my-simple-secret   - name: my-optional-secret     optional: true |
+| export.stdout.extraEnv | list | `[]` | Extra environment variables to add to the export-stdout container. Example: extraEnv:   - name: FOO     value: bar   - name: SECRET_KEY     valueFrom:       secretKeyRef:         name: my-secret         key: secret-key |
+| export.stdout.extraEnvFrom | list | `[]` | Extra envFrom sources to add to the export-stdout container. This allows adding any type of envFrom source (configMapRef, secretRef, etc.). Example: extraEnvFrom:   - configMapRef:       name: my-config-map   - secretRef:       name: my-secret       optional: true |
 | exportDirectory | string | `"/var/run/cilium/tetragon"` | Directory to put Tetragon JSON export files. |
 | extraConfigmapMounts | list | `[]` |  |
 | extraHostPathMounts | list | `[]` |  |
diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md
index bb2bac04eaf..6a474ce1da7 100644
--- a/install/kubernetes/tetragon/README.md
+++ b/install/kubernetes/tetragon/README.md
@@ -14,7 +14,10 @@ Helm chart for Tetragon
 | daemonSetLabelsOverride | object | `{}` |  |
 | dnsPolicy | string | `"Default"` | DNS policy for Tetragon pods.  https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy |
 | enabled | bool | `true` |  |
-| export | object | `{"filenames":["tetragon.log"],"mode":"stdout","resources":{},"securityContext":{},"stdout":{"argsOverride":[],"commandOverride":[],"enabledArgs":true,"enabledCommand":true,"extraEnv":[],"extraVolumeMounts":[],"image":{"override":null,"repository":"quay.io/cilium/hubble-export-stdout","tag":"v1.1.0"}}}` | Tetragon events export settings |
+| export | object | `{"filenames":["tetragon.log"],"mode":"stdout","resources":{},"securityContext":{},"stdout":{"argsOverride":[],"commandOverride":[],"enabledArgs":true,"enabledCommand":true,"envFromSecrets":[],"extraEnv":[],"extraEnvFrom":[],"extraVolumeMounts":[],"image":{"override":null,"repository":"quay.io/cilium/hubble-export-stdout","tag":"v1.1.0"}}}` | Tetragon events export settings |
+| export.stdout.envFromSecrets | list | `[]` | A simplified way to add secret references to envFrom. Can be specified either as a string (just the secret name) or as an object with additional parameters. Example: envFromSecrets:   - my-simple-secret   - name: my-optional-secret     optional: true |
+| export.stdout.extraEnv | list | `[]` | Extra environment variables to add to the export-stdout container. Example: extraEnv:   - name: FOO     value: bar   - name: SECRET_KEY     valueFrom:       secretKeyRef:         name: my-secret         key: secret-key |
+| export.stdout.extraEnvFrom | list | `[]` | Extra envFrom sources to add to the export-stdout container. This allows adding any type of envFrom source (configMapRef, secretRef, etc.). Example: extraEnvFrom:   - configMapRef:       name: my-config-map   - secretRef:       name: my-secret       optional: true |
 | exportDirectory | string | `"/var/run/cilium/tetragon"` | Directory to put Tetragon JSON export files. |
 | extraConfigmapMounts | list | `[]` |  |
 | extraHostPathMounts | list | `[]` |  |
diff --git a/install/kubernetes/tetragon/templates/_container_export_stdout.tpl b/install/kubernetes/tetragon/templates/_container_export_stdout.tpl
index b1453ab7694..e208e296875 100644
--- a/install/kubernetes/tetragon/templates/_container_export_stdout.tpl
+++ b/install/kubernetes/tetragon/templates/_container_export_stdout.tpl
@@ -3,7 +3,29 @@
   image: "{{ if .Values.export.stdout.image.override }}{{ .Values.export.stdout.image.override }}{{ else }}{{ .Values.export.stdout.image.repository }}:{{ .Values.export.stdout.image.tag }}{{ end }}"
   imagePullPolicy: {{ .Values.imagePullPolicy }}
   terminationMessagePolicy: FallbackToLogsOnError
-  env: {{- toYaml .Values.export.stdout.extraEnv | nindent 4 }}
+  {{- with .Values.export.stdout.extraEnv }}
+  env:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- $envFrom := list }}
+  {{- with .Values.export.stdout.extraEnvFrom }}
+    {{- $envFrom = concat $envFrom . }}
+  {{- end }}
+  {{- range $item := .Values.export.stdout.envFromSecrets }}
+    {{- if kindIs "map" $item }}
+      {{- $sr := dict "name" ($item.name | default "") }}
+      {{- if hasKey $item "optional" }}
+        {{- $_ := set $sr "optional" $item.optional }}
+      {{- end }}
+      {{- $envFrom = append $envFrom (dict "secretRef" $sr) }}
+    {{- else }}
+      {{- $envFrom = append $envFrom (dict "secretRef" (dict "name" $item)) }}
+    {{- end }}
+  {{- end }}
+  {{- if gt (len $envFrom) 0 }}
+  envFrom:
+    {{- toYaml $envFrom | nindent 4 }}
+  {{- end }}
   securityContext:
     {{- toYaml .Values.export.securityContext | nindent 4 }}
   resources:
diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml
index 675adeb3371..d73d00b3ee3 100644
--- a/install/kubernetes/tetragon/values.yaml
+++ b/install/kubernetes/tetragon/values.yaml
@@ -356,10 +356,37 @@ export:
     - tetragon.log
   # stdout specific exporter settings
   stdout:
-    extraEnv: []
+    # -- Extra environment variables to add to the export-stdout container.
+    # Example:
     # extraEnv:
-    #   - name: foo
+    #   - name: FOO
     #     value: bar
+    #   - name: SECRET_KEY
+    #     valueFrom:
+    #       secretKeyRef:
+    #         name: my-secret
+    #         key: secret-key
+    extraEnv: []
+    
+    # -- Extra envFrom sources to add to the export-stdout container.
+    # This allows adding any type of envFrom source (configMapRef, secretRef, etc.).
+    # Example:
+    # extraEnvFrom:
+    #   - configMapRef:
+    #       name: my-config-map
+    #   - secretRef:
+    #       name: my-secret
+    #       optional: true
+    extraEnvFrom: []
+    
+    # -- A simplified way to add secret references to envFrom.
+    # Can be specified either as a string (just the secret name) or as an object with additional parameters.
+    # Example:
+    # envFromSecrets:
+    #   - my-simple-secret
+    #   - name: my-optional-secret
+    #     optional: true
+    envFromSecrets: []
 
     # * When enabledCommand=true and commandOverride is not set, the command inserted will be hubble-export-stdout.
     #   This supports the default for the current deployment instructions to deploy stdout-export sidecar container.