maykinmedia · SilviaAmAm · Feb 13, 2026 · Feb 13, 2026
diff --git a/charts/openzaak/CHANGELOG.md b/charts/openzaak/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## 1.14.0 (XXXX-XX-XX)
+
+- Bumped the application version to 1.27.0.
+- Added support for the environment variables to configure Azure Blob Storage and S3 storage for the Documenten API.
+- Added support for the environment variables `ENABLE_CLOUD_EVENTS` and `NOTIFICATIONS_SOURCE` to configure cloud events.
+- Removed leftover variables `NOTIF_OPENZAAK_SECRET` and `OPENZAAK_NOTIF_SECRET` which were no longer used in Open Zaak.
+
 ## 1.13.1 (2026-02-06)
 
 - Updated the Readme.

diff --git a/charts/openzaak/Chart.yaml b/charts/openzaak/Chart.yaml
@@ -3,8 +3,8 @@ name: openzaak
 description: Productiewaardige API's voor Zaakgericht Werken
 
 type: application
-version: 1.13.1
-appVersion: 1.26.0
+version: 1.14.0-rc.0
+appVersion: 1.27.0
 
 dependencies:
   - name: redis

diff --git a/charts/openzaak/README.md b/charts/openzaak/README.md
@@ -2,7 +2,7 @@
 
 Productiewaardige API's voor Zaakgericht Werken
 
-![Version: 1.13.1](https://img.shields.io/badge/Version-1.13.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.26.0](https://img.shields.io/badge/AppVersion-1.26.0-informational?style=flat-square)
+![Version: 1.14.0-rc.0](https://img.shields.io/badge/Version-1.14.0--rc.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.27.0](https://img.shields.io/badge/AppVersion-1.27.0-informational?style=flat-square)
 
 ## Introduction
 
@@ -53,6 +53,18 @@ configuration:
 The yaml data needed to configure the application should be provided in the value `configuration.data`. To see
 how to configure, see the Open Zaak [documentation](https://open-zaak.readthedocs.io/en/stable/installation/config/openzaak_config_cli.html).
 
+## Documenten API backend
+
+Open Zaak supports using three different backends for the Documenten API: the file system, Azure Blob Storage and S3 storage.
+
+In order to configure the backend, use the `settings.documentApiBackend` value and if using the Azure Blob Storage or the S3 storage,
+configure the values under `settings.azureBlobStorage` and `settings.s3storage`.
+
+You can find more information about how to specify each value in the [Open Zaak documentation](https://open-zaak.readthedocs.io/en/1.27.0/installation/config/env_config.html#documenten-api).
+
+Note that for Azure Blob storage, your cluster needs to have the Blob storage CSI driver enabled. For S3 storage, your cluster needs to have the Amazon S3 CSI driver enabled.
+You can find more information in the Open Zaak documentation for both the [Azure Blob Storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/azure_blob_storage.html) and the [S3 storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/s3_storage.html).
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -202,6 +214,15 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `""` |  |
 | settings.allowedHosts | string | `""` |  |
+| settings.azureBlobStorage.accountName | string | `""` |  |
+| settings.azureBlobStorage.apiStorageVersion | string | `""` |  |
+| settings.azureBlobStorage.clientId | string | `""` |  |
+| settings.azureBlobStorage.clientSecret | string | `""` |  |
+| settings.azureBlobStorage.connectionTimeout | int | `5` |  |
+| settings.azureBlobStorage.container | string | `"openzaak"` |  |
+| settings.azureBlobStorage.location | string | `"documenten"` |  |
+| settings.azureBlobStorage.tenantId | string | `""` |  |
+| settings.azureBlobStorage.urlExpirationTime | int | `60` |  |
 | settings.cache.axes | string | `""` |  |
 | settings.cache.default | string | `""` |  |
 | settings.cache.portalLocker | string | `""` |  |
@@ -231,6 +252,7 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc
 | settings.debug | bool | `false` |  |
 | settings.disable2fa | bool | `false` | Disable two factor authentication |
 | settings.djangoSettingsModule | string | `"openzaak.conf.docker"` |  |
+| settings.documentApiBackend | string | `"filesystem"` | Backend to use for the Documenten API. Supported values: filesystem | azure_blob_storage | s3_storage |
 | settings.elasticapm.serviceName | string | `""` |  |
 | settings.elasticapm.token | string | `""` |  |
 | settings.elasticapm.url | string | `""` |  |
@@ -240,12 +262,14 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc
 | settings.email.port | int | `25` |  |
 | settings.email.useTLS | bool | `false` |  |
 | settings.email.username | string | `""` |  |
+| settings.enableCloudEvents | bool | `false` |  |
 | settings.environment | string | `""` |  |
 | settings.flower.basicAuth | string | `""` |  |
 | settings.flower.urlPrefix | string | `""` |  |
 | settings.isHttps | bool | `true` |  |
 | settings.jwtExpiry | int | `3600` |  |
 | settings.notificationsDisabled | bool | `false` |  |
+| settings.notificationsSource | string | `"openzaak"` |  |
 | settings.numProxies | int | `1` | use 2 if enabling ingress |
 | settings.otel.disabled | bool | `true` | If the OpenTelemetrySDK should be disabled. Opentelemtry is enabled by default, Set this values to 'true' to disable openTelemetry.  |
 | settings.otel.exporterOtlpEndpoint | string | `""` | Network address where to send the metrics to. Examples are: https://otel.example.com:4318 or http://otel-collector.namespace.cluster.svc:4317. |
@@ -255,6 +279,16 @@ how to configure, see the Open Zaak [documentation](https://open-zaak.readthedoc
 | settings.otel.metricExportInterval | int | `60000` | How often (in milliseconds) the metrics are exported. Exports run in a background thread.  |
 | settings.otel.metricExportTimeout | int | `10000` | Timeout of the requests to the collector (in milliseconds) |
 | settings.otel.resourceAttributes | list | `[]` | Resource attributes can be used to specify additional information about the instance. These are collected by the Kubernetes attributes processor. |
+| settings.s3storage.accessKeyId | string | `""` |  |
+| settings.s3storage.customDomain | string | `""` |  |
+| settings.s3storage.endpointUrl | string | `""` |  |
+| settings.s3storage.fileOverwrite | bool | `false` |  |
+| settings.s3storage.location | string | `"documenten/"` |  |
+| settings.s3storage.maxMemorySize | int | `0` |  |
+| settings.s3storage.querystringExpire | int | `60` |  |
+| settings.s3storage.regionName | string | `""` |  |
+| settings.s3storage.secretAccessKey | string | `""` |  |
+| settings.s3storage.storageBucketName | string | `"openzaak"` |  |
 | settings.secretKey | string | `""` | Generate secret key at https://djecrety.ir/ |
 | settings.sentry.dsn | string | `""` |  |
 | settings.siteDomain | string | `""` | Defines the primary domain where the application is hosted. Defaults to "" |

diff --git a/charts/openzaak/README.md.gotmpl b/charts/openzaak/README.md.gotmpl
@@ -48,4 +48,16 @@ configuration:
 The yaml data needed to configure the application should be provided in the value `configuration.data`. To see
 how to configure, see the Open Zaak [documentation](https://open-zaak.readthedocs.io/en/stable/installation/config/openzaak_config_cli.html).
 
+## Documenten API backend
+
+Open Zaak supports using three different backends for the Documenten API: the file system, Azure Blob Storage and S3 storage.
+
+In order to configure the backend, use the `settings.documentApiBackend` value and if using the Azure Blob Storage or the S3 storage,
+configure the values under `settings.azureBlobStorage` and `settings.s3storage`.
+
+You can find more information about how to specify each value in the [Open Zaak documentation](https://open-zaak.readthedocs.io/en/1.27.0/installation/config/env_config.html#documenten-api).
+
+Note that for Azure Blob storage, your cluster needs to have the Blob storage CSI driver enabled. For S3 storage, your cluster needs to have the Amazon S3 CSI driver enabled.
+You can find more information in the Open Zaak documentation for both the [Azure Blob Storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/azure_blob_storage.html) and the [S3 storage](https://open-zaak.readthedocs.io/en/1.27.0/installation/reference/s3_storage.html).
+
 {{ template "chart.valuesSection" . }}
diff --git a/charts/openzaak/charts/redis-17.3.14.tgz b/charts/openzaak/charts/redis-17.3.14.tgz
diff --git a/charts/openzaak/templates/configmap.yaml b/charts/openzaak/templates/configmap.yaml
@@ -142,3 +142,29 @@ data:
   OTEL_METRIC_EXPORT_INTERVAL: {{ .Values.settings.otel.metricExportInterval | toString | quote }}
   OTEL_METRIC_EXPORT_TIMEOUT: {{ .Values.settings.otel.metricExportTimeout | toString | quote }}
   {{- end }}
+  DOCUMENTEN_API_BACKEND: {{ .Values.settings.documentApiBackend | toString | quote }}
+  {{- if eq .Values.settings.documentApiBackend "azure_blob_storage" }}
+  AZURE_ACCOUNT_NAME: {{ .Values.settings.azureBlobStorage.accountName | toString | quote }}
+  AZURE_CLIENT_ID: {{ .Values.settings.azureBlobStorage.clientId | toString | quote }}
+  AZURE_TENANT_ID: {{ .Values.settings.azureBlobStorage.tenantId | toString | quote }}
+  AZURE_CONTAINER: {{ .Values.settings.azureBlobStorage.container | toString | quote }}
+  AZURE_LOCATION: {{ .Values.settings.azureBlobStorage.location | toString | quote }}
+  AZURE_CONNECTION_TIMEOUT_SECS: {{ int .Values.settings.azureBlobStorage.connectionTimeout | quote }}
+  AZURE_STORAGE_API_VERSION: {{ .Values.settings.azureBlobStorage.apiStorageVersion | toString | quote }}
+  AZURE_URL_EXPIRATION_SECS: {{ int .Values.settings.azureBlobStorage.urlExpirationTime | quote }}
+  {{- end }}
+  {{- if eq .Values.settings.documentApiBackend "s3_storage" }}
+  S3_ACCESS_KEY_ID: {{ .Values.settings.s3storage.accessKeyId | toString | quote }}
+  S3_STORAGE_BUCKET_NAME: {{ .Values.settings.s3storage.storageBucketName | toString | quote }}
+  S3_MAX_MEMORY_SIZE: {{ .Values.settings.s3storage.maxMemorySize | toString | quote }}
+  S3_QUERYSTRING_EXPIRE: {{ .Values.settings.s3storage.querystringExpire | toString | quote }}
+  S3_FILE_OVERWRITE: {{ if .Values.settings.s3storage.fileOverwrite }}"True"{{ else }}"False"{{ end }}
+  S3_LOCATION: {{ .Values.settings.s3storage.location | toString | quote }}
+  S3_REGION_NAME: {{ .Values.settings.s3storage.regionName | toString | quote }}
+  S3_ENDPOINT_URL: {{ .Values.settings.s3storage.endpointUrl | toString | quote }}
+  S3_CUSTOM_DOMAIN: {{ .Values.settings.s3storage.customDomain | toString | quote }}
+  {{- end }}
+  ENABLE_CLOUD_EVENTS: {{ if .Values.settings.enableCloudEvents }}"True"{{ else }}"False"{{ end }}
+  {{- if .Values.settings.notificationsSource }}
+  NOTIFICATIONS_SOURCE: {{ .Values.settings.notificationsSource | toString | quote }}
+  {{- end }}
diff --git a/charts/openzaak/templates/secret.yaml b/charts/openzaak/templates/secret.yaml
@@ -19,18 +19,16 @@ stringData:
   {{- if .Values.settings.email.password }}
   EMAIL_HOST_PASSWORD: {{ .Values.settings.email.password | toString | quote }}
   {{- end }}
-  {{ if and .Values.global.configuration.enabled .Values.configuration.enabled -}}
-  {{ if .Values.configuration.notificatiesAuthorization.enabled }}
-  NOTIF_OPENZAAK_SECRET: {{ .Values.global.configuration.notificatiesOpenzaakSecret | default .Values.configuration.notificatiesAuthorization.notifcationOpenzaakSecret  | toString | quote }}
-  {{- end }}
-  {{ if .Values.configuration.notificaties.enabled }}
-  OPENZAAK_NOTIF_SECRET: {{ .Values.global.configuration.openzaakNotificatiesSecret | default .Values.configuration.notificaties.openzaakNotificationSecret | toString | quote }}
-  {{- end }}
-  {{- end }}
   {{ if .Values.configuration.superuser.username }}
   DJANGO_SUPERUSER_PASSWORD: {{ .Values.configuration.superuser.password | toString | quote }}
   {{- end }}
   {{- if not .Values.settings.otel.disabled }}
   OTEL_EXPORTER_OTLP_HEADERS: "{{ range $index, $item := .Values.settings.otel.exporterOtlpHeaders }}{{ if $index }},{{ end }}{{ .key }}={{ .value }}{{ end }}"
   {{- end }}
+  {{- if eq .Values.settings.documentApiBackend "azure_blob_storage" }}
+  AZURE_CLIENT_SECRET: {{ .Values.settings.azureBlobStorage.clientSecret | toString | quote }}
+  {{- end }}
+  {{- if eq .Values.settings.documentApiBackend "s3_storage" }}
+  S3_SECRET_ACCESS_KEY: {{ .Values.settings.s3storage.secretAccessKey | toString | quote }}
+  {{- end }}
 {{- end }}
diff --git a/charts/openzaak/values.yaml b/charts/openzaak/values.yaml
@@ -445,6 +445,34 @@ settings:
     # -- Timeout of the requests to the collector (in milliseconds)
     metricExportTimeout: 10000
 
+  # -- Backend to use for the Documenten API. Supported values: filesystem | azure_blob_storage | s3_storage
+  documentApiBackend: filesystem
+  azureBlobStorage:
+    accountName: ""
+    clientSecret: ""
+    clientId: ""
+    tenantId: ""
+    container: "openzaak"
+    location: "documenten"
+    connectionTimeout: 5
+    apiStorageVersion: ""
+    urlExpirationTime: 60
+  s3storage:
+    accessKeyId: ""
+    secretAccessKey: ""
+    storageBucketName: "openzaak"
+    maxMemorySize: 0
+    querystringExpire: 60
+    fileOverwrite: false
+    location: "documenten/"
+    regionName: ""
+    endpointUrl: ""
+    customDomain: ""
+
+  enableCloudEvents: false
+  notificationsSource: "openzaak"
+
+
 worker:
   replicaCount: 2
   concurrency: 4