diff --git a/helm/flowforge/README.md b/helm/flowforge/README.md
index c9a561a9..dcd70f0c 100644
--- a/helm/flowforge/README.md
+++ b/helm/flowforge/README.md
@@ -25,6 +25,7 @@ If using an external PostgreSQL Database you will need to create the database an
  - `forge.domain` the domain instances will be hosted on
  - `forge.entryPoint` if the admin app is hosted on a different domain
  - `forge.https` is the Forge App accessed via HTTPS (default `true`)
+ - `forge.tlsSecretName` is the name of the kubernetes secret that holds the HTTPS certificate, it should be a wildcard cert for the `forge.domain` value
  - `forge.registry` the container registry to find Project templates (default Docker Hub)
  - `forge.dbUsername` (default `forge`)
  - `forge.dbPassword` (default `Zai1Wied`)
diff --git a/helm/flowforge/templates/broker.yaml b/helm/flowforge/templates/broker.yaml
index a4b1a606..7fde1d8d 100644
--- a/helm/flowforge/templates/broker.yaml
+++ b/helm/flowforge/templates/broker.yaml
@@ -131,7 +131,13 @@ metadata:
   labels:
     app: flowforge-broker
   annotations:
+  {{- if .Values.ingress.annotations }}
+    {{- toYaml .Values.ingress.annotations | nindent 4 }}
+  {{- end }}
 spec:
+  {{- if and $.Values.ingress.className (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ $.Values.ingress.className }}
+  {{- end }}
   rules:
     - host: mqtt.{{ .Values.forge.domain }}
       http:
@@ -143,6 +149,14 @@ spec:
                 name: flowforge-broker
                 port:
                   number: 1884
+  {{- if .Values.forge.https }}
+  tls:
+    - hosts:
+      - mqtt.{{ .Values.forge.domain }}
+      {{- if .Values.forge.tlsSecretName }}
+      secretName: {{ .Values.forge.tlsSecretName}}
+      {{- end }}
+  {{- end }}
 # ---
 # apiVersion: v1
 # kind: Service
diff --git a/helm/flowforge/templates/service-ingress.yaml b/helm/flowforge/templates/service-ingress.yaml
index 10038fed..154ca410 100644
--- a/helm/flowforge/templates/service-ingress.yaml
+++ b/helm/flowforge/templates/service-ingress.yaml
@@ -37,3 +37,12 @@ spec:
             name: forge
             port:
               number: 80
+  {{- if .Values.forge.https }}
+  tls:
+  - hosts:
+    - {{ .Values.forge.entryPoint }}
+    {{- if .Values.forge.tlsSecretName }}
+    secretName: {{ .Values.forge.tlsSecretName }}
+    {{- end }}
+  {{- end }}
+  
\ No newline at end of file
diff --git a/helm/flowforge/values.schema.json b/helm/flowforge/values.schema.json
index ae749c8f..62f28fda 100644
--- a/helm/flowforge/values.schema.json
+++ b/helm/flowforge/values.schema.json
@@ -275,6 +275,9 @@
                 },
                 "branding": {
                     "type": "object"
+                },
+                "tlsSecretName": {
+                    "type": "string"
                 }
             },
             "required": [