diff --git a/packages/zarf-registry/chart/templates/_helpers.tpl b/packages/zarf-registry/chart/templates/_helpers.tpl
index a91077ef6f..3e570d3078 100644
--- a/packages/zarf-registry/chart/templates/_helpers.tpl
+++ b/packages/zarf-registry/chart/templates/_helpers.tpl
@@ -22,3 +22,15 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Merge all configmaps
+*/}}
+{{- define "docker-registry.configMaps" -}}
+{{- if .Values.caBundle }}
+- name: {{ template "docker-registry.fullname" . }}-ca-bundle
+  data:
+    ca-certificates.crt: |
+{{ .Values.caBundle | indent 6 }}
+{{- end }}
+{{- end -}}
diff --git a/packages/zarf-registry/chart/templates/configmap.yaml b/packages/zarf-registry/chart/templates/configmap.yaml
new file mode 100644
index 0000000000..2c8471b661
--- /dev/null
+++ b/packages/zarf-registry/chart/templates/configmap.yaml
@@ -0,0 +1,16 @@
+{{- range (include "docker-registry.configMaps" . | fromYamlArray ) }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .name }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app: {{ default $.Chart.Name $.Values.nameOverride | trunc 63 | trimSuffix "-" }}
+    chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
+    heritage: {{ $.Release.Service }}
+    release: {{ $.Release.Name }}
+type: Opaque
+data:
+{{ toYaml .data | indent 2 }}
+{{- end }}
diff --git a/packages/zarf-registry/chart/templates/deployment.yaml b/packages/zarf-registry/chart/templates/deployment.yaml
index ab3a0c0562..ce8126f60a 100644
--- a/packages/zarf-registry/chart/templates/deployment.yaml
+++ b/packages/zarf-registry/chart/templates/deployment.yaml
@@ -77,6 +77,12 @@ spec:
               mountPath: /var/lib/registry/
             - name: config
               mountPath: "/etc/docker/registry"
+{{- if .Values.caBundle }}
+            - mountPath: /etc/ssl/certs/ca-certificates.crt
+              name: {{ template "docker-registry.fullname" . }}-ca-bundle
+              subPath: ca-certificates.crt
+              readOnly: true
+{{- end }}
       affinity:
 {{- if (eq "ReadWriteMany" .Values.persistence.accessMode) }}
         podAntiAffinity:
@@ -111,3 +117,8 @@ spec:
           emptyDir:
             sizeLimit: {{ .Values.persistence.size }}
 {{- end }}
+{{- if .Values.caBundle }}
+        - name: {{ template "docker-registry.fullname" . }}-ca-bundle
+          configMap:
+            name: {{ template "docker-registry.fullname" . }}-ca-bundle
+{{- end }}
diff --git a/packages/zarf-registry/chart/values.yaml b/packages/zarf-registry/chart/values.yaml
index 93276dc0b5..527578eca0 100644
--- a/packages/zarf-registry/chart/values.yaml
+++ b/packages/zarf-registry/chart/values.yaml
@@ -54,6 +54,23 @@ autoscaling:
   maxReplicas: 5
   targetCPUUtilizationPercentage: 80
 
+caBundle: ""
+## One or more concatenated certificates
+## Will be mounted to /etc/ssl/certs/ca-certificates.crt
+# caBundle: |
+#   # Root CA 1
+#   -----BEGIN CERTIFICATE-----
+#   ...
+#   -----END CERTIFICATE-----
+#   # Intermediate CA 1
+#   -----BEGIN CERTIFICATE-----
+#   ...
+#   -----END CERTIFICATE-----
+#   # Root CA 2
+#   -----BEGIN CERTIFICATE-----
+#   ...
+#   -----END CERTIFICATE-----
+
 extraEnvVars: []
 ## Additional ENV variables to set
 # - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
diff --git a/packages/zarf-registry/registry-values.yaml b/packages/zarf-registry/registry-values.yaml
index 7f43da9c67..bfaf046aa1 100644
--- a/packages/zarf-registry/registry-values.yaml
+++ b/packages/zarf-registry/registry-values.yaml
@@ -40,5 +40,7 @@ autoscaling:
   maxReplicas: "###ZARF_VAR_REGISTRY_HPA_MAX###"
   targetCPUUtilizationPercentage: 80
 
+caBundle: ###ZARF_VAR_REGISTRY_CA_BUNDLE###
+
 extraEnvVars:
   ###ZARF_VAR_REGISTRY_EXTRA_ENVS###
diff --git a/packages/zarf-registry/zarf.yaml b/packages/zarf-registry/zarf.yaml
index 1fe3fa9286..38a13006c1 100644
--- a/packages/zarf-registry/zarf.yaml
+++ b/packages/zarf-registry/zarf.yaml
@@ -47,6 +47,12 @@ variables:
     description: Enable the Horizontal Pod Autoscaler for the registry
     default: "true"
 
+  - name: REGISTRY_CA_BUNDLE
+    description: Filepath to a bundle of trusted certificates to mount into the registry container
+    default: ""
+    autoIndent: true
+    type: file
+
   - name: REGISTRY_EXTRA_ENVS
     description: Array of additional environment variables passed to the registry container
     default: ""
diff --git a/src/pkg/utils/io.go b/src/pkg/utils/io.go
index 662e1891d2..38349329fd 100755
--- a/src/pkg/utils/io.go
+++ b/src/pkg/utils/io.go
@@ -170,7 +170,7 @@ func ReplaceTextTemplate(path string, mappings map[string]*TextTemplate, depreca
 				value = template.Value
 
 				// Check if the value is a file type and load the value contents from the file
-				if template.Type == types.FileVariableType {
+				if template.Type == types.FileVariableType && value != "" {
 					if isText, err := IsTextFile(value); err != nil || !isText {
 						message.Warnf("Refusing to load a non-text file for templating %s", templateKey)
 						line = matches[regexTemplateLine.SubexpIndex("postTemplate")]