diff --git a/Chart.yaml b/Chart.yaml
index 6c967f8..7781572 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -5,8 +5,8 @@ description: |
   Fournit : Deployment hardened, Service, Ingress avec cert-manager + rate-limit,
   ConfigMap, ExternalSecret (Vault → K8s), NetworkPolicy, PDB, ServiceMonitor, HPA.
 type: application
-version: 1.0.0
-appVersion: "1.0.0"
+version: 1.0.1
+appVersion: "1.0.1"
 kubeVersion: ">=1.28.0-0"
 maintainers:
   - name: Lions Infrastructure Team
@@ -21,4 +21,5 @@ keywords:
   - microservice
 annotations:
   artifacthub.io/changes: |
-    - Chart initial (v1.0.0) : Deployment/Service/Ingress/ConfigMap/ExternalSecret/NetworkPolicy/PDB/SM/HPA
+    - v1.0.1 : ajout extraEnvFrom pour Secrets K8s existants (migration legacy)
+    - v1.0.0 : Chart initial — Deployment/Service/Ingress/ConfigMap/ExternalSecret/NetworkPolicy/PDB/SM/HPA
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index ed50c7c..23afc77 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -67,7 +67,7 @@ spec:
             {{- toYaml . | nindent 12 }}
             {{- end }}
           {{- end }}
-          {{- if or (and .Values.configMap.enabled .Values.configMap.envFrom (gt (len (keys .Values.configMap.data)) 0)) .Values.externalSecret.enabled }}
+          {{- if or (and .Values.configMap.enabled .Values.configMap.envFrom (gt (len (keys .Values.configMap.data)) 0)) .Values.externalSecret.enabled .Values.extraEnvFrom }}
           envFrom:
             {{- if and .Values.configMap.enabled .Values.configMap.envFrom (gt (len (keys .Values.configMap.data)) 0) }}
             - configMapRef:
@@ -77,6 +77,9 @@ spec:
             - secretRef:
                 name: {{ include "lions-app.secretName" . }}
             {{- end }}
+            {{- with .Values.extraEnvFrom }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
           {{- end }}
           {{- if .Values.probes.startup.enabled }}
           startupProbe:
diff --git a/values.yaml b/values.yaml
index 3bb78cb..b6c9d78 100644
--- a/values.yaml
+++ b/values.yaml
@@ -133,6 +133,17 @@ configMap:
   # APP_ENV: production
   # KAFKA_BOOTSTRAP_SERVERS: kafka-service.kafka.svc.cluster.local:9092
 
+# ------------------------------------------------------------
+# extraEnvFrom — envFrom additionnels vers Secrets/ConfigMaps existants
+# ------------------------------------------------------------
+# Utile pour référencer des Secrets K8s créés hors Helm (ex: migration
+# depuis un déploiement legacy, pré-Vault).
+extraEnvFrom: []
+# - secretRef:
+#     name: my-existing-db-secret
+# - configMapRef:
+#     name: my-existing-config
+
 # ------------------------------------------------------------
 # ExternalSecret (Vault → K8s Secret via ESO)
 # ------------------------------------------------------------