diff --git a/src/main/helm/templates/ozg_operator_secrets_read_role.yaml b/src/main/helm/templates/ozg_operator_secrets_read_role.yaml
index 503dd3338712895ca525daa38160e77512562b78..b5a916f111aaeb068d669110df19f0862025bcb1 100644
--- a/src/main/helm/templates/ozg_operator_secrets_read_role.yaml
+++ b/src/main/helm/templates/ozg_operator_secrets_read_role.yaml
@@ -9,7 +9,7 @@ rules:
       - "*"
     resourceNames:
     {{ range $user := .Values.sso.keycloak_users }}
-      - {{ $user.name }}-credentials    
+      - {{ regexReplaceAll "[^a-zA-Z0-9]" $user.name "" }}-credentials    
     {{ end }} 
     resources:
       - secrets
diff --git a/src/test/helm/ozg_operator_secrets_read_role_test.yaml b/src/test/helm/ozg_operator_secrets_read_role_test.yaml
index 5455390320537d4d2abdf26ae7878d4e36dc66e4..fec3055af209c2096e1c34b3fe5478a1ac3f4a24 100644
--- a/src/test/helm/ozg_operator_secrets_read_role_test.yaml
+++ b/src/test/helm/ozg_operator_secrets_read_role_test.yaml
@@ -33,6 +33,8 @@ tests:
         keycloak_users:
           - name: peter
           - name: sabine
+          - name: _with_underscore_
+          - name: .with.dot.
     asserts:
       - contains:
           path: rules
@@ -42,6 +44,8 @@ tests:
             resourceNames:
                - peter-credentials
                - sabine-credentials
+               - withunderscore-credentials
+               - withdot-credentials
             resources:
                - secrets
             verbs: