diff --git a/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml b/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
index 4f76be00..de3b871d 100644
--- a/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
+++ b/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
@@ -43,6 +43,13 @@
   path: "/spec/containers/6/env/10/value"
   value: none
 
+# The following relate to secret regeneration
+# Set this to "true" in production environment to prevent secret generation
+# and secret show
+- op: replace
+  path: "/spec/containers/6/env/11/value"
+  value: "false"
+
 # The following relate to authorization for pulling the airshipctl repository
 # This is the type of authorization to use. Currently supported types are
 # [none http-basic ssh-key]
diff --git a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
index 525e7d3a..c1e3ae0c 100644
--- a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
+++ b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
@@ -332,6 +332,8 @@ spec:
         value:
       - name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE
         value: "none"
+      - name: SKIP_REGENERATE
+        value:
 
     volumeMounts:
       - name: cache
diff --git a/tools/airship-in-a-pod/runner/assets/entrypoint.sh b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
index 435fb7db..3afb7469 100755
--- a/tools/airship-in-a-pod/runner/assets/entrypoint.sh
+++ b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
@@ -76,7 +76,10 @@ else
   export NO_CHECKOUT="true"
 fi
 ./tools/deployment/23_pull_documents.sh
-./tools/deployment/23_generate_secrets.sh
+
+if [[ "$SKIP_REGENERATE" = "false"  ]]; then
+  ./tools/deployment/23_generate_secrets.sh
+fi
 
 repo_url=$(yq -r .manifests.dummy_manifest.repositories.primary.url /root/.airship/config)
 repo_name=$(basename ${repo_url})