diff --git a/templates/configmap-env.yaml b/templates/configmap-env.yaml
index 8cd7e5d..3f36359 100644
--- a/templates/configmap-env.yaml
+++ b/templates/configmap-env.yaml
@@ -344,3 +344,22 @@ data:
   {{- if .Values.mastodon.deepl.enabled }}
   DEEPL_PLAN: {{ .Values.mastodon.deepl.plan }}
   {{- end }}
+
+  {{- if .Values.mastodon.hcaptcha.enabled }}
+  HCAPTCHA_SITE_KEY: {{ .Values.mastodon.hcaptcha.siteId }}
+  {{- end }}
+
+  {{- if .Values.mastodon.cacheBuster.enabled }}
+  CACHE_BUSTER_ENABLED: "true"
+  {{- else }}
+  CACHE_BUSTER_ENABLED: "false"
+  {{- end }}
+  {{- if .Values.mastodon.cacheBuster.httpMethod }}
+  CACHE_BUSTER_HTTP_METHOD: {{ .Values.mastodon.cacheBuster.httpMethod }}
+  {{- end }}
+  {{- if .Values.mastodon.cacheBuster.authHeader }}
+  CACHE_BUSTER_SECRET_HEADER: {{ .Values.mastodon.cacheBuster.authHeader }}
+  {{- end }}
+  {{- range $k, $v := .Values.mastodon.extraEnvVars }}
+  {{ $k }}: {{ quote $v }}
+  {{- end }}
diff --git a/templates/deployment-sidekiq.yaml b/templates/deployment-sidekiq.yaml
index 401bcea..5a189ae 100644
--- a/templates/deployment-sidekiq.yaml
+++ b/templates/deployment-sidekiq.yaml
@@ -135,6 +135,13 @@ spec:
                   name: {{ $context.Values.mastodon.deepl.apiKeySecretRef.name }}
                   key: {{ $context.Values.mastodon.deepl.apiKeySecretRef.key }}
             {{- end }}
+            {{- if $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
+            - name: CACHE_BUSTER_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $context.Values.mastodon.cacheBuster.authToken.existingSecret }}
+                  key: password
+            {{- end }}
           {{- if (not $context.Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
diff --git a/templates/deployment-web.yaml b/templates/deployment-web.yaml
index db46120..2e4e25d 100644
--- a/templates/deployment-web.yaml
+++ b/templates/deployment-web.yaml
@@ -123,6 +123,20 @@ spec:
                   name: {{ .Values.mastodon.deepl.apiKeySecretRef.name }}
                   key: {{ .Values.mastodon.deepl.apiKeySecretRef.key }}
             {{- end }}
+            {{- if .Values.mastodon.hcaptcha.enabled }}
+            - name: "HCAPTCHA_SECRET_KEY"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.name }}
+                  key: {{ .Values.mastodon.hcaptcha.secretKeySecretRef.key }}
+            {{- end }}
+            {{- if .Values.mastodon.cacheBuster.authToken.existingSecret }}
+            - name: CACHE_BUSTER_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.mastodon.cacheBuster.authToken.existingSecret }}
+                  key: password
+            {{- end }}
           {{- if (not .Values.mastodon.s3.enabled) }}
           volumeMounts:
             - name: assets
diff --git a/values.yaml b/values.yaml
index 6827e54..8a2a71a 100644
--- a/values.yaml
+++ b/values.yaml
@@ -81,6 +81,12 @@ mastodon:
     apiKeySecretRef:
       name:
       key:
+  hcaptcha:
+    enabled: false
+    siteId:
+    secretKeySecretRef:
+      name:
+      key:
   # these must be set manually; autogenerated keys are rotated on each upgrade
   secrets:
     secret_key_base: ""
@@ -211,6 +217,16 @@ mastodon:
     workers: "2"
     persistentTimeout: "20"
 
+  # Additional settings for the cache buster.
+  cacheBuster:
+    enabled: false
+    httpMethod: "GET"
+    # If the cache service requires authentication, specify the header name and
+    # secret/token here.
+    authHeader:
+    authToken:
+      existingSecret:
+
   metrics:
     statsd:
       # -- Enable statsd publishing via STATSD_ADDR environment variable