diff --git a/.gitignore b/.gitignore
index 7ca66bc..8b13789 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-keys*.yaml
+
diff --git a/.helmignore b/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/Chart.yaml b/Chart.yaml
new file mode 100644
index 0000000..c7da5c3
--- /dev/null
+++ b/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+name: dssh
+description: Keep your authorized keys up to date on a Kubernetes cluster.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 1.16.0
diff --git a/README.md b/README.md
index bb8bb3a..5c7c99c 100644
--- a/README.md
+++ b/README.md
@@ -10,31 +10,18 @@ while you are working on it.
 ### Deploying Your Public Keys
 
 ```
-cp keys.yaml.example keys.yaml
-
-# Edit keys.yaml to include your public keys
-
-kubectl apply -f daemonset.yaml
-kubectl apply -f keys.yaml
+helm install dssh . --set "keys={ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQWiTqUTFVUMASTPpWLd+tYqQD1BW3AKCZfaczsQvP5 user2@hostname,$(cat ~/.ssh/id_rsa.pub)}"
 ```
 
 ### Updating Your Public Keys
 
 ```
-# Edit keys.yaml to update your public keys
-
-kubectl apply -f keys.yaml
-```
-
-### Updating dssh
-
-```
-kubectl apply -f daemonset.yaml
+helm upgrade dssh . --set "keys={ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQWiTqUTFVUMASTPpWLd+tYqQD1BW3AKCZfaczsQvP5 user2@hostname,$(cat ~/.ssh/id_rsa.pub)}"
 ```
 
 ### Removing dssh
 ```
-kubectl delete daemonset -n kube-system root-ssh-manager
+helm delete dssh
 ```
 
 ### Notes
diff --git a/charts/.gitkeep b/charts/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/keys.yaml.example b/keys.yaml.example
deleted file mode 100644
index 0ae9438..0000000
--- a/keys.yaml.example
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: root-ssh-pubkeys
-  namespace: kube-system
-data:
-  mykey1: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCagK9ZjexjQrxmCvQpPm4Da7qM9tQ/ldqAHqbORTqkZbARRm8ASkBYFP8de4+y+K/BxV2iNDo/A/0Jkaw7uJSrH645vWzCbeX2S+qQMaQp2C7HE4aua8pwjL5d1q/YnU/tiznq2Lf74BTp4/mrl4pcmOTZdlUOa/tTN0ZZlZas0+KW9dr9cn4X78HT6n7vN0TOuQQMWTsw1aFxgdNMUDf6as7Z+RzILdG5J7G7QjFBbRzcj/yaRZGpmpaPvP+KV8J+8KsnjvoMNJuvBYQapWqZqv1yUqN45J2UQ9vvJ7H/p2u8+lYvGZ0wVbRB7PTHnsR8bOSW1f0BPoMDWkW+9ZCN user1@hostname"
-  mykey2: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQWiTqUTFVUMASTPpWLd+tYqQD1BW3AKCZfaczsQvP5 user2@hostname"
diff --git a/templates/NOTES.txt b/templates/NOTES.txt
new file mode 100644
index 0000000..e69de29
diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
new file mode 100644
index 0000000..e69de29
diff --git a/daemonset.yaml b/templates/daemonset.yaml
similarity index 100%
rename from daemonset.yaml
rename to templates/daemonset.yaml
diff --git a/templates/keys.yaml b/templates/keys.yaml
new file mode 100644
index 0000000..7d7828c
--- /dev/null
+++ b/templates/keys.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: root-ssh-pubkeys
+  namespace: kube-system
+data:
+  {{- range $index, $key := .Values.keys }}
+  mykey{{ $index }}: {{ $key | quote }}
+  {{- end }}
diff --git a/values.yaml b/values.yaml
new file mode 100644
index 0000000..2b1ed48
--- /dev/null
+++ b/values.yaml
@@ -0,0 +1 @@
+keys: []