diff --git a/kubernetes-keystone-webhook/templates/secret-certificates.yaml b/kubernetes-keystone-webhook/templates/secret-certificates.yaml
index 54779ad8d..54cdadf03 100644
--- a/kubernetes-keystone-webhook/templates/secret-certificates.yaml
+++ b/kubernetes-keystone-webhook/templates/secret-certificates.yaml
@@ -23,6 +23,6 @@ metadata:
   name: {{ $envAll.Values.secrets.certificates.api }}
 type: kubernetes.io/tls
 data:
-  tls.crt: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.crt }}
-  tls.key: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.key }}
+  tls.crt: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.crt | default "" | b64enc }}
+  tls.key: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.key | default "" | b64enc }}
 {{- end }}
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
index 0b7ad9356..5cb2693b5 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
@@ -50,17 +50,17 @@
 - name: kubeadm | get certs
   block:
     - name: kubeadm | get kubeapi cert
-      shell: cat /etc/kubernetes/pki/apiserver.crt | base64 -w0
+      shell: cat /etc/kubernetes/pki/apiserver.crt
       register: kubeadm_kubeapi_cert
     - name: kubeadm | get kubeapi key
-      shell: cat /etc/kubernetes/pki/apiserver.key | base64 -w0
+      shell: cat /etc/kubernetes/pki/apiserver.key
       register: kubeadm_kubeapi_key
 
 - name: kubeadm | keystone auth
   delegate_to: 127.0.0.1
   block:
     - name: kubeadm | keystone auth
-      command: "helm upgrade --install kubernetes-keystone-webhook /opt/charts/kubernetes-keystone-webhook --namespace=kube-system --set endpoints.identity.namespace=openstack --set endpoints.kubernetes.auth.api.tls.crt={{ kubeadm_kubeapi_cert.stdout }} --set endpoints.kubernetes.auth.api.tls.key={{ kubeadm_kubeapi_key.stdout }}"
+      command: "helm upgrade --install kubernetes-keystone-webhook /opt/charts/kubernetes-keystone-webhook --namespace=kube-system --set endpoints.identity.namespace=openstack --set endpoints.kubernetes.auth.api.tls.crt='{{ kubeadm_kubeapi_cert.stdout }}' --set endpoints.kubernetes.auth.api.tls.key='{{ kubeadm_kubeapi_key.stdout }}'"
       environment:
         HELM_HOST: 'localhost:44134'
     - name: kubeadm | keystone auth