diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml
index 1cba17c0..5bf1f6cf 100644
--- a/charts/keycloak/Chart.yaml
+++ b/charts/keycloak/Chart.yaml
@@ -1,5 +1,5 @@
 name: keycloak
-version: 4.13.1
+version: 4.13.2
 appVersion: 5.0.0
 description: Open Source Identity and Access Management For Modern Applications and Services
 keywords:
diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md
index 94e7520d..4370b124 100644
--- a/charts/keycloak/README.md
+++ b/charts/keycloak/README.md
@@ -70,7 +70,8 @@ Parameter | Description | Default
 `keycloak.podAnnotations` | Extra annotations to add to pod | `{}`
 `keycloak.hostAliases` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]`
 `keycloak.enableServiceLinks` | Indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links | `false`
-`keycloak.securityContext` | Security context for the pod | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}`
+`keycloak.securityContext` | Security context for the entire pod. Every container running in the pod will inherit this security context. This might be relevant when other components of the environment inject additional containers into running pods (service meshs are the most prominent example for this) | `{fsGroup: 1000}`
+`keycloak.containerSecurityContext` | Security context for containers running in the pod. Will not be inherited by additionally injected containers | `{runAsUser: 1000, runAsNonRoot: true}`
 `keycloak.preStartScript` | Custom script to run before Keycloak starts up | ``
 `keycloak.lifecycleHooks` | Container lifecycle hooks. Passed through the `tpl` function and thus to be configured a string | ``
 `keycloak.extraArgs` | Additional arguments to the start command | ``
@@ -117,7 +118,8 @@ Parameter | Description | Default
 `test.image.repository` | Test image repository | `unguiculus/docker-python3-phantomjs-selenium`
 `test.image.tag` | Test image tag | `v1`
 `test.image.pullPolicy` | Test image pull policy | `IfNotPresent`
-`test.securityContext` | Security context for the test pod | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}`
+`test.securityContext` | Security context for the test pod. Every container running in the pod will inherit this security context. This might be relevant when other components of the environment inject additional containers into the running pod (service meshs are the most prominent example for this) | `{fsGroup: 1000}`
+`test.containerSecurityContext` | Security context for containers running in the test pod. Will not be inherited by additionally injected containers | `{runAsUser: 1000, runAsNonRoot: true}`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 
diff --git a/charts/keycloak/templates/statefulset.yaml b/charts/keycloak/templates/statefulset.yaml
index f5df66c2..3c371276 100644
--- a/charts/keycloak/templates/statefulset.yaml
+++ b/charts/keycloak/templates/statefulset.yaml
@@ -51,6 +51,8 @@ spec:
         - name: wait-for-postgresql
           image: "{{ .Values.init.image.repository }}:{{ .Values.init.image.tag }}"
           imagePullPolicy: {{ .Values.init.image.pullPolicy }}
+          securityContext:
+{{ toYaml .Values.keycloak.containerSecurityContext | indent 12 }}
           command:
             - sh
             - -c
@@ -69,6 +71,8 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.keycloak.image.repository }}:{{ .Values.keycloak.image.tag }}"
           imagePullPolicy: {{ .Values.keycloak.image.pullPolicy }}
+          securityContext:
+{{ toYaml .Values.keycloak.containerSecurityContext | indent 12 }}
           command:
             - /scripts/keycloak.sh
         {{- if .Values.keycloak.lifecycleHooks }}
diff --git a/charts/keycloak/templates/test/test-pod.yaml b/charts/keycloak/templates/test/test-pod.yaml
index c240f711..f4f75588 100644
--- a/charts/keycloak/templates/test/test-pod.yaml
+++ b/charts/keycloak/templates/test/test-pod.yaml
@@ -13,11 +13,13 @@ metadata:
     "helm.sh/hook": test-success
 spec:
   securityContext:
-{{ toYaml .Values.test.securityContext | indent 8 }}
+{{ toYaml .Values.test.securityContext | indent 4 }}
   containers:
     - name: {{ .Chart.Name }}-test
       image: "{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}"
       imagePullPolicy: {{ .Values.test.image.pullPolicy }}
+      securityContext:  
+{{ toYaml .Values.test.containerSecurityContext | indent 8 }}
       command:
         - python3
         - /tests/test.py
diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml
index b439f28f..96db0f40 100644
--- a/charts/keycloak/values.yaml
+++ b/charts/keycloak/values.yaml
@@ -29,8 +29,10 @@ keycloak:
   enableServiceLinks: false
 
   securityContext:
-    runAsUser: 1000
     fsGroup: 1000
+
+  containerSecurityContext:
+    runAsUser: 1000
     runAsNonRoot: true
 
   ## The path keycloak will be served from. To serve keycloak from the root path, use two quotes (e.g. "").
@@ -288,6 +290,7 @@ test:
     tag: v1
     pullPolicy: IfNotPresent
   securityContext:
-    runAsUser: 1000
     fsGroup: 1000
+  containerSecurityContext:
+    runAsUser: 1000
     runAsNonRoot: true