diff --git a/charts/postgres-operator/crds/operatorconfigurations.yaml b/charts/postgres-operator/crds/operatorconfigurations.yaml
index 67cdfb4e8..9ae7b1c91 100644
--- a/charts/postgres-operator/crds/operatorconfigurations.yaml
+++ b/charts/postgres-operator/crds/operatorconfigurations.yaml
@@ -72,9 +72,6 @@ spec:
               enable_lazy_spilo_upgrade:
                 type: boolean
                 default: false
-              enable_cross_namespace_secret:
-                type: boolean
-                default: false
               enable_pgversion_env_var:
                 type: boolean
                 default: true
@@ -176,6 +173,9 @@ spec:
                   enable_init_containers:
                     type: boolean
                     default: true
+                  enable_cross_namespace_secret:
+                    type: boolean
+                    default: false
                   enable_pod_antiaffinity:
                     type: boolean
                     default: false
diff --git a/charts/postgres-operator/values.yaml b/charts/postgres-operator/values.yaml
index 16c000e9c..c961cbc3d 100644
--- a/charts/postgres-operator/values.yaml
+++ b/charts/postgres-operator/values.yaml
@@ -151,7 +151,7 @@ configKubernetes:
   # template for database user secrets generated by the operator,
   # here username contains the namespace in the format namespace.username
   # if the user is in different namespace than cluster and cross namespace secrets
-  # are enabled via EnableCrossNamespaceSecret flag in configmap.
+  # are enabled via enable_cross_namespace_secret flag in configmap.
   secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
   # set user and group for the spilo container (required to run Spilo as non-root process)
   # spilo_runasuser: 101
diff --git a/docs/reference/operator_parameters.md b/docs/reference/operator_parameters.md
index 9e8ac6df8..373e08ce1 100644
--- a/docs/reference/operator_parameters.md
+++ b/docs/reference/operator_parameters.md
@@ -275,13 +275,12 @@ configuration they are grouped under the `kubernetes` key.
 
 * **secret_name_template**
   a template for the name of the database user secrets generated by the
-  operator. `{namespace}` is replaced with name of the namespace (if cross
-  namespace secrets are enabled via EnableCrossNamespaceSecret flag, otherwise the
-  secret is in cluster's namespace and in that case it is not present in secret
-  name), `{username}` is replaced with name of the secret, `{cluster}` with the
-  name of the cluster, `{tprkind}` with the kind of CRD (formerly known as TPR)
-  and `{tprgroup}` with the group of the CRD. No other placeholders are allowed.
-  The default is
+  operator. `{namespace}` is replaced with name of the namespace if
+  enable_cross_namespace_secret is set, otherwise the
+  secret is in cluster's namespace. `{username}` is replaced with name of the
+  secret, `{cluster}` with the name of the cluster, `{tprkind}` with the kind
+  of CRD (formerly known as TPR) and `{tprgroup}` with the group of the CRD.
+  No other placeholders are allowed. The default is
   `{namespace}.{username}.{cluster}.credentials.{tprkind}.{tprgroup}`.
 
 * **cluster_domain**
diff --git a/docs/user.md b/docs/user.md
index 3a60f1281..47d10e7e0 100644
--- a/docs/user.md
+++ b/docs/user.md
@@ -140,7 +140,7 @@ At the moment it is not possible to define membership of the manifest role in
 other roles.
 
 To define the secrets for the users in a different namespace than that of the cluster,
-one can use the flag `EnableCrossNamespaceSecret` and declare the namespace for the
+one can set `enable_cross_namespace_secret` and declare the namespace for the
 secrets in the manifest in the following manner,
 
 ```yaml
diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml
index 8a83a6c60..972e4fa3b 100644
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@@ -36,12 +36,12 @@ data:
   # downscaler_annotations: "deployment-time,downscaler/*"
   # enable_admin_role_for_users: "true"
   # enable_crd_validation: "true"
+  # enable_cross_namespace_secret: "true"
   # enable_database_access: "true"
   enable_ebs_gp3_migration: "false"
   # enable_ebs_gp3_migration_max_size: "1000"
   # enable_init_containers: "true"
   # enable_lazy_spilo_upgrade: "false"
-  # enable_cross_namespace_secret: "false"
   enable_master_load_balancer: "false"
   enable_pgversion_env_var: "true"
   # enable_pod_antiaffinity: "false"
diff --git a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
index 3d95d65f0..8023864cf 100644
--- a/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
+++ b/pkg/apis/acid.zalan.do/v1/operator_configuration_type.go
@@ -91,6 +91,7 @@ type KubernetesMetaConfiguration struct {
 	EnablePodAntiAffinity      bool                `json:"enable_pod_antiaffinity,omitempty"`
 	PodAntiAffinityTopologyKey string              `json:"pod_antiaffinity_topology_key,omitempty"`
 	PodManagementPolicy        string              `json:"pod_management_policy,omitempty"`
+	EnableCrossNamespaceSecret bool                `json:"enable_cross_namespace_secret,omitempty"`
 }
 
 // PostgresPodResourcesDefaults defines the spec of default resources
@@ -214,7 +215,6 @@ type OperatorLogicalBackupConfiguration struct {
 type OperatorConfigurationData struct {
 	EnableCRDValidation        *bool                              `json:"enable_crd_validation,omitempty"`
 	EnableLazySpiloUpgrade     bool                               `json:"enable_lazy_spilo_upgrade,omitempty"`
-	EnableCrossNamespaceSecret bool                               `json:"enable_cross_namespace_secret,omitempty"`
 	EnablePgVersionEnvVar      bool                               `json:"enable_pgversion_env_var,omitempty"`
 	EnableSpiloWalPathCompat   bool                               `json:"enable_spilo_wal_path_compat,omitempty"`
 	EtcdHost                   string                             `json:"etcd_host,omitempty"`