diff --git a/update-trust-anchors.sh b/update-trust-anchors.sh
index 0b5e095..eaafd67 100755
--- a/update-trust-anchors.sh
+++ b/update-trust-anchors.sh
@@ -40,7 +40,16 @@ fi
 
 if [ -n "${CA_BUNDLE_SECRET_TARGET}" ]; then
   echo "Copying ca bundle to ${CA_BUNDLE_SECRET_TARGET}"
-  kubectl create secret generic ca-secret --from-file=ca.crt=$DEST/pem/tls-ca-bundle-all.pem --dry-run=client -o yaml | kubectl apply -f -
+
+  if kubectl get secret "$CA_BUNDLE_SECRET_TARGET" 2>/dev/null; then
+    kubectl create secret generic "$CA_BUNDLE_SECRET_TARGET" --from-file=ca.crt=$DEST/pem/tls-ca-bundle-all.pem --dry-run=client -o yaml | kubectl re
+place -f -
+    echo "Secret '$CA_BUNDLE_SECRET_TARGET' updated."
+  else
+    kubectl create secret generic "$CA_BUNDLE_SECRET_TARGET" --from-file=ca.crt=$DEST/pem/tls-ca-bundle-all.pem
+    echo "Secret '$CA_BUNDLE_SECRET_TARGET' created."
+  fi
+
 fi
 
 if [ $# -gt 0 ]; then