diff --git a/helm/hpcc/values.schema.json b/helm/hpcc/values.schema.json
index d73687e2039..0bb896e12d4 100644
--- a/helm/hpcc/values.schema.json
+++ b/helm/hpcc/values.schema.json
@@ -2322,6 +2322,10 @@
           "default": false,
           "description": "Require SOAPCALL and HTTPCALL URLs are secrets or mapped to secrets"
         },
+        "updateSecretsInBackground": {
+          "type": "boolean",
+          "description": "Preemptively update secrets that are active and about to expire in the background"
+        },
         "expert": {
           "description": "Custom internal options usually reserved for internal testing",
           "type": "object"
diff --git a/roxie/ccd/ccdmain.cpp b/roxie/ccd/ccdmain.cpp
index 159d6f99642..0b0358b6c90 100644
--- a/roxie/ccd/ccdmain.cpp
+++ b/roxie/ccd/ccdmain.cpp
@@ -945,6 +945,8 @@ int CCD_API roxie_main(int argc, const char *argv[], const char * defaultYaml)
 #endif
 
         roxieMetrics.setown(createRoxieMetricsManager());
+        if (topology->getPropBool("@updateSecretsInBackground", !runOnce))
+            startSecretUpdateThread(0);
 
         Owned<IPropertyTreeIterator> userMetrics = topology->getElements("./UserMetric");
         ForEach(*userMetrics)
@@ -1686,6 +1688,7 @@ int CCD_API roxie_main(int argc, const char *argv[], const char * defaultYaml)
         E->Release();
     }
 
+    stopSecretUpdateThread();
     roxieMetrics.clear();
 #ifndef _CONTAINERIZED
     stopPerformanceMonitor();