diff --git a/stable/kong/Chart.yaml b/stable/kong/Chart.yaml
index 814e8d3d17a4..1cc5ef08aa5d 100644
--- a/stable/kong/Chart.yaml
+++ b/stable/kong/Chart.yaml
@@ -12,5 +12,5 @@ maintainers:
 name: kong
 sources:
 - https://github.com/Kong/kong
-version: 0.29.0
+version: 0.30.0
 appVersion: 1.3
diff --git a/stable/kong/README.md b/stable/kong/README.md
index 721e0e697950..e39131e4e4a9 100644
--- a/stable/kong/README.md
+++ b/stable/kong/README.md
@@ -320,7 +320,7 @@ always be changed for both configurations.
 
 After creating your secret, set its name in values.yaml, in the
 `.enterprise.rbac.session_conf_secret` and
-`.enterprise.rbac.session_conf_secret` keys.
+`.enterprise.portal.session_conf_secret` keys.
 
 #### Email/SMTP
 
@@ -408,6 +408,13 @@ You can can learn about kong ingress custom resource definitions [here](https://
 
 ## Changelog
 
+### 0.30.0
+
+#### Breaking changes
+
+- `admin_gui_auth_conf_secret` is now required for Kong Manager authentication methods other than `basic-auth`.
+  Users defining values for `admin_gui_auth_conf` should migrate them to an externally-defined secret with a key of `admin_gui_auth_conf` and reference the secret name in `admin_gui_auth_conf_secret`.
+
 ### 0.29.0
 
 #### New Features
diff --git a/stable/kong/templates/deployment.yaml b/stable/kong/templates/deployment.yaml
index 058dc549a0b3..78ee093f7072 100644
--- a/stable/kong/templates/deployment.yaml
+++ b/stable/kong/templates/deployment.yaml
@@ -132,8 +132,13 @@ spec:
           value: "on"
         - name: KONG_ADMIN_GUI_AUTH
           value: {{ .Values.enterprise.rbac.admin_gui_auth | default "basic-auth" }}
+        {{- if not (eq .Values.enterprise.rbac.admin_gui_auth "basic-auth") }}
         - name: KONG_ADMIN_GUI_AUTH_CONF
-          value: '{{ toJson .Values.enterprise.rbac.admin_gui_auth_conf }}'
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.enterprise.rbac.admin_gui_auth_conf_secret }}
+              key: admin_gui_auth_conf
+        {{- end }}
         - name: KONG_ADMIN_GUI_SESSION_CONF
           valueFrom:
             secretKeyRef:
diff --git a/stable/kong/values.yaml b/stable/kong/values.yaml
index dd8d0fe733eb..a0b6f410c1be 100644
--- a/stable/kong/values.yaml
+++ b/stable/kong/values.yaml
@@ -237,8 +237,9 @@ enterprise:
     # If RBAC is enabled, this Secret must contain an admin_gui_session_conf key
     # The key value must be a secret configuration, following the example at https://docs.konghq.com/enterprise/0.35-x/kong-manager/authentication/sessions/
     session_conf_secret: you-must-create-an-rbac-session-conf-secret
-    # Set to the appropriate plugin config JSON if not using basic-auth
-    admin_gui_auth_conf: {}
+    # If admin_gui_auth is not set to basic-auth, provide a secret name which
+    # has an admin_gui_auth_conf key containing the plugin config JSON
+    admin_gui_auth_conf_secret: you-must-create-an-admin-gui-auth-conf-secret
   smtp:
     enabled: false
     portal_emails_from: none@example.com