diff --git a/osf/templates/_helpers.tpl b/osf/templates/_helpers.tpl
index 65d3584a..b31d0ac5 100644
--- a/osf/templates/_helpers.tpl
+++ b/osf/templates/_helpers.tpl
@@ -277,6 +277,13 @@ pod.beta.kubernetes.io/init-containers: null
       name: {{ $fullname }}-purge
       key: {{ $key }}
 {{- end }}
+{{- range $key, $value := .Values.purge.secretEnvs }}
+- name: {{ $key }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $fullname }}-purge
+      key: {{ $key }}
+{{- end }}
 {{- end -}}
 
 {{- define "osf.certificates.initContainer" -}}
diff --git a/osf/templates/purge-cronjob.yaml b/osf/templates/purge-cronjob.yaml
index 3980f11a..a7c2706d 100644
--- a/osf/templates/purge-cronjob.yaml
+++ b/osf/templates/purge-cronjob.yaml
@@ -11,7 +11,7 @@ metadata:
     release: {{ .Release.Name }}
 spec:
   schedule: {{ default "0 22 * * 6" .Values.purge.schedule | quote }}
-  startingDeadlineSeconds: 900
+  startingDeadlineSeconds: {{ default 900 .Values.purge.startingDeadlineSeconds }}
   activeDeadlineSeconds: {{ default 14400 .Values.purge.activeDeadlineSeconds }}
   concurrencyPolicy: Forbid
   jobTemplate:
@@ -53,7 +53,7 @@ spec:
               command:
                 - /bin/sh
                 - -c
-                - python3 -m scripts.purge_trashed_files {{- if .Values.purge.num_records }} --num {{ .Values.purge.num_records }} {{- end }}
+                - su-exec www-data python3 -m scripts.purge_trashed_files {{- if .Values.purge.num_records }} --num {{ .Values.purge.num_records }} {{- end }}
               env:
                 - name: DJANGO_SETTINGS_MODULE
                   value: api.base.settings
@@ -73,6 +73,9 @@ spec:
               {{- end }}
           volumes:
             {{- include "osf.volumes" . | nindent 12 }}
+            - name: purge-secret
+              secret:
+                secretName: {{ include "osf.purge.fullname" .}}
             - name: log
               {{- if .Values.purge.persistence.enabled }}
               persistentVolumeClaim: