diff --git a/bitnami/milvus/CHANGELOG.md b/bitnami/milvus/CHANGELOG.md
index b74eb627e2a262..09af5f45e15945 100644
--- a/bitnami/milvus/CHANGELOG.md
+++ b/bitnami/milvus/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog
 
-## 8.2.4 (2024-06-14)
+## 8.2.5 (2024-06-17)
 
-* [bitnami/milvus] Release 8.2.4 ([#27171](https://github.com/bitnami/charts/pull/27171))
+* [bitnami/milvus] Do not expose externalKafka.tls.keyPassword ([#27145](https://github.com/bitnami/charts/pull/27145))
+
+## <small>8.2.4 (2024-06-14)</small>
+
+* [bitnami/milvus] Release 8.2.4 (#27171) ([5e6ddd4](https://github.com/bitnami/charts/commit/5e6ddd4911796bdc5e6456e8019c1600fe254deb)), closes [#27171](https://github.com/bitnami/charts/issues/27171)
 
 ## <small>8.2.3 (2024-06-14)</small>
 
diff --git a/bitnami/milvus/Chart.yaml b/bitnami/milvus/Chart.yaml
index 8115ea8ffc3e59..b04405595c3ea9 100644
--- a/bitnami/milvus/Chart.yaml
+++ b/bitnami/milvus/Chart.yaml
@@ -48,4 +48,4 @@ maintainers:
 name: milvus
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/milvus
-version: 8.2.4
+version: 8.2.5
diff --git a/bitnami/milvus/templates/_helpers.tpl b/bitnami/milvus/templates/_helpers.tpl
index a1f0ea3f881f44..497b984b4eda80 100644
--- a/bitnami/milvus/templates/_helpers.tpl
+++ b/bitnami/milvus/templates/_helpers.tpl
@@ -1007,7 +1007,7 @@ Init container definition for waiting for the database to be ready
       yq e -i '.kafka.ssl.tlsCaCert = "/opt/bitnami/milvus/configs/cert/kafka/client/{{ .context.Values.externalKafka.tls.caCert }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
       {{- end }}
       {{- if .context.Values.externalKafka.tls.keyPassword }}
-      yq e -i '.kafka.ssl.tlsKeyPassword = "{{ .context.Values.externalKafka.tls.keyPassword }}"' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
+      yq e -i '.kafka.ssl.tlsKeyPassword = {{ print "{{ MILVUS_KAFKA_TLS_KEY_PASSWORD }}" | quote }}' /bitnami/milvus/rendered-conf/pre-render-config_01.yaml
       {{- end }}
       {{- end }}
       {{- else }}
@@ -1030,13 +1030,22 @@ Init container definition for waiting for the database to be ready
   env:
     - name: BITNAMI_DEBUG
       value: {{ ternary "true" "false" (or .context.Values.milvus.image.debug .context.Values.diagnosticMode.enabled) | quote }}
-    {{- if and (include "milvus.kafka.deployed" .context) (include "milvus.kafka.authEnabled" .context) }}
+    {{- if (include "milvus.kafka.deployed" .context) }}
+    {{- if (include "milvus.kafka.authEnabled" .context) }}
     - name: MILVUS_KAFKA_PASSWORD
       valueFrom:
         secretKeyRef:
           name: {{ include "milvus.kafka.secretName" .context }}
           key: {{ include "milvus.kafka.secretPasswordKey" .context }}
     {{- end }}
+    {{- if and .context.Values.externalKafka.tls.enabled .context.Values.externalKafka.tls.keyPassword .context.Values.externalKafka.tls.existingSecret }}
+    - name: MILVUS_KAFKA_TLS_KEY_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: {{ printf "%s-external-kafka-tls-passwords" (include "common.names.fullname" .context) }}
+          key: key-password
+    {{- end }}
+    {{- end }}
     {{- if and (include "milvus.s3.deployed" .context) }}
     - name: MILVUS_S3_ACCESS_ID
       valueFrom:
diff --git a/bitnami/milvus/templates/externalkafka-tls-password-secret.yaml b/bitnami/milvus/templates/externalkafka-tls-password-secret.yaml
new file mode 100644
index 00000000000000..2b28a37b4e27b2
--- /dev/null
+++ b/bitnami/milvus/templates/externalkafka-tls-password-secret.yaml
@@ -0,0 +1,20 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.externalKafka.tls.enabled .Values.externalKafka.tls.keyPassword .Values.externalKafka.tls.existingSecret }}
+{{- $secretName := printf "%s-external-kafka-tls-passwords" (include "common.names.fullname" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  key-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "key-password" "providedValues" (list "externalKafka.tls.keyPassword") "context" $) }}
+{{- end }}