diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml
index 3e8f8827ce..3b8b62aaee 100644
--- a/keystone/templates/job-domain-manage.yaml
+++ b/keystone/templates/job-domain-manage.yaml
@@ -46,6 +46,7 @@ spec:
         - name: keystone-domain-manage-init
 {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "domain_manage" "container" "keystone_domain_manage_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
 {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
 {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 82b71f0cdd..840ba316cc 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -197,6 +197,9 @@ pod:
       pod:
         runAsUser: 42424
       container:
+        keystone_domain_manage_init:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         keystone_domain_manage:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false