diff --git a/charts/core-dump-handler/README.md b/charts/core-dump-handler/README.md
index 54aa6be..2f6c9ec 100644
--- a/charts/core-dump-handler/README.md
+++ b/charts/core-dump-handler/README.md
@@ -326,3 +326,7 @@ Daemonset
 * envFrom: Array of [EnvFromSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#envfromsource-v1-core) to inject into main container.
 * sidecarContainers: Array of [Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core) to define as part of the pod.
 * updateStrategy: [DaemonsetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#daemonsetupdatestrategy-v1-apps) is a struct used to control the update strategy for the DaemonSet.
+
+Service account:
+* useToken: automatically create a service account token secret
+* tokenSecretName: name of the service account token secret to create if `serviceAccount.useToken` is `true` (Default: "core-dump-service-account-token")
diff --git a/charts/core-dump-handler/templates/sa-token-secret.yaml b/charts/core-dump-handler/templates/sa-token-secret.yaml
new file mode 100644
index 0000000..eadb4a2
--- /dev/null
+++ b/charts/core-dump-handler/templates/sa-token-secret.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.serviceAccount.useToken }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "core-dump-service-account-token" .Values.serviceAccount.tokenSecretName }}
+  annotations:
+    kubernetes.io/service-account.name: {{ include "core-dump-handler.serviceAccountName" . }}
+type: kubernetes.io/service-account-token
+{{- end }}
diff --git a/charts/core-dump-handler/values.aws.yaml b/charts/core-dump-handler/values.aws.yaml
index 2f045f3..f46d529 100644
--- a/charts/core-dump-handler/values.aws.yaml
+++ b/charts/core-dump-handler/values.aws.yaml
@@ -2,3 +2,6 @@
 daemonset:
   includeCrioExe: true
   vendor: rhel7 # EKS EC2 images have an old libc=2.26
+
+serviceAccount:
+  useToken: true
diff --git a/charts/core-dump-handler/values.yaml b/charts/core-dump-handler/values.yaml
index d508266..f453a43 100644
--- a/charts/core-dump-handler/values.yaml
+++ b/charts/core-dump-handler/values.yaml
@@ -64,6 +64,8 @@ serviceAccount:
   name: "core-dump-admin"
   # annotations:
   #   eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
+  useToken: false
+  tokenSecretName: core-dump-service-account-token
 
 # OpenShift specific for SecurityContextConstraints
 scc: