diff --git a/README.md b/README.md
index e44dfd1..50ead1d 100644
--- a/README.md
+++ b/README.md
@@ -82,12 +82,64 @@ helm install flow entit/flow \
 |-----------|-------------|---------|
 | `global.namespace` | Namespace to install all Flow components (uses --namespace if not set) | `""` |
 | `global.imageRegistry` | Container registry for all images | `cr.kn.entit.eu` |
-| `global.imagePullSecrets` | Image pull secrets | `[]` |
+| `global.imagePullSecrets` | Image pull secrets (list of existing secret names) | `[]` |
+| `global.imageCredentials.enabled` | Enable creation of image pull secret from credentials | `false` |
+| `global.imageCredentials.username` | Registry username | `""` |
+| `global.imageCredentials.password` | Registry password | `""` |
 | `global.azureAd.enabled` | Enable Azure AD authentication | `true` |
 | `global.azureAd.tenantId` | Azure AD tenant ID | `""` |
 | `global.azureAd.clientId` | Azure AD application client ID | `""` |
 | `global.database.provider` | Database provider (Postgres/SqlServer) | `Postgres` |
 
+### Harbor Registry Authentication
+
+The Flow images are hosted on Harbor at `cr.kn.entit.eu`. Harbor requires authentication to pull images even from public repositories.
+
+#### Option 1: Auto-create Secret with Credentials (Recommended)
+
+Pass Harbor credentials during installation to automatically create the registry secret:
+
+```bash
+helm install flow entit/flow \
+  --namespace flow \
+  --create-namespace \
+  --set global.imageCredentials.enabled=true \
+  --set global.imageCredentials.username=$HARBOR_USER \
+  --set global.imageCredentials.password=$HARBOR_PASSWORD
+```
+
+Or in your values file:
+
+```yaml
+global:
+  imageRegistry: "cr.kn.entit.eu"
+  imageCredentials:
+    enabled: true
+    username: ""  # Set via --set flag
+    password: ""  # Set via --set flag
+```
+
+#### Option 2: Use Existing Secret
+
+If you prefer to manage the secret separately:
+
+```bash
+# Create the secret first
+kubectl create secret docker-registry flow-registry-credentials \
+  --docker-server=cr.kn.entit.eu \
+  --docker-username=$HARBOR_USER \
+  --docker-password=$HARBOR_PASSWORD \
+  -n flow
+```
+
+Then reference it in values:
+
+```yaml
+global:
+  imageCredentials:
+    existingSecret: "flow-registry-credentials"
+```
+
 ### Namespace Configuration
 
 All Flow components are installed into a single namespace for easy management and cleanup:
diff --git a/examples/values-dev.yaml b/examples/values-dev.yaml
index a7c7356..3f48a6f 100644
--- a/examples/values-dev.yaml
+++ b/examples/values-dev.yaml
@@ -8,11 +8,27 @@
 #   helm install postgresql oci://registry-1.docker.io/bitnamicharts/postgresql -n flow
 #
 # Or use your own deployments/operators.
+#
+# HARBOR CREDENTIALS:
+# Pass Harbor credentials during install:
+#   helm install flow ./helm/flow -f values-dev.yaml \
+#     --set global.imageCredentials.enabled=true \
+#     --set global.imageCredentials.username=$HARBOR_USER \
+#     --set global.imageCredentials.password=$HARBOR_PASSWORD
 
 global:
   imageRegistry: "cr.kn.entit.eu"
-  imagePullSecrets:
-    - flow-registry-credentials
+  
+  # Harbor registry credentials - creates dockerconfigjson secret automatically
+  # Harbor requires authentication even for public repositories
+  # Enable and set credentials via --set flags during install:
+  #   --set global.imageCredentials.enabled=true
+  #   --set global.imageCredentials.username=$HARBOR_USER
+  #   --set global.imageCredentials.password=$HARBOR_PASSWORD
+  imageCredentials:
+    enabled: false  # Set to true and provide credentials during install
+    username: ""
+    password: ""
   
   azureAd:
     enabled: false  # Disable auth for local development
diff --git a/examples/values-prod.yaml b/examples/values-prod.yaml
index 295f363..52f9bd9 100644
--- a/examples/values-prod.yaml
+++ b/examples/values-prod.yaml
@@ -1,5 +1,14 @@
 # Production environment values
 # Use with: helm install flow ./helm/flow -f ./helm/flow/values-prod.yaml --namespace flow --create-namespace
+#
+# HARBOR CREDENTIALS:
+# Pass Harbor credentials during install:
+#   helm install flow ./helm/flow -f values-prod.yaml \
+#     --set global.imageCredentials.enabled=true \
+#     --set global.imageCredentials.username=$HARBOR_USER \
+#     --set global.imageCredentials.password=$HARBOR_PASSWORD \
+#     --set global.azureAd.tenantId=YOUR_TENANT_ID \
+#     --set global.azureAd.clientId=YOUR_CLIENT_ID
 
 global:
   # -- Explicit namespace for all Flow components
@@ -8,8 +17,17 @@ global:
   namespace: "flow"
   
   imageRegistry: "cr.kn.entit.eu"
-  imagePullSecrets:
-    - flow-registry-credentials
+  
+  # Harbor registry credentials - creates dockerconfigjson secret automatically
+  # Harbor requires authentication even for public repositories
+  # Enable and set credentials via --set flags during install:
+  #   --set global.imageCredentials.enabled=true
+  #   --set global.imageCredentials.username=$HARBOR_USER
+  #   --set global.imageCredentials.password=$HARBOR_PASSWORD
+  imageCredentials:
+    enabled: false  # Set to true and provide credentials during install
+    username: ""
+    password: ""
   
   azureAd:
     enabled: true