diff --git a/step-certificates/README.md b/step-certificates/README.md
index 58918e9..b72fb0d 100644
--- a/step-certificates/README.md
+++ b/step-certificates/README.md
@@ -276,6 +276,7 @@ chart and their default values.
 | `service.targetPort`          | Internal port where Step CA runs                                                                            | `9000`                                   |
 | `service.annotations`         | Service annotations (YAML)                                                                                  | `{}`                                     |
 | `service.externalIPs`         | Service externalIPs                                                                                         | `[]`                                     |
+| `service.labels`              | Custom labels to add to the service resource (YAML)                                                          | `{}`                                     |
 | `replicaCount`                | Number of Step CA replicas. Only one replica is currently supported.                                        | `1`                                      |
 | `image.repository`            | Repository of the Step CA image                                                                             | `cr.step.sm/smallstep/step-ca`           |
 | `image.initContainerRepository` | Repository of the Step CA Init Container image.                                                           | `busybox:latest`                         |
@@ -350,6 +351,29 @@ helm install --set ca.dns="ca.example.com\,my-release-step-certificates.default.
   my-release smallstep/step-certificates
 ```
 
+### Service Customization
+
+You can add custom labels to the service resource for integration with service meshes, monitoring systems, or compliance requirements:
+
+```console
+helm install step-certificates smallstep/step-certificates \
+  --set service.labels.environment=production \
+  --set service.labels.team=platform
+```
+
+Or using a values file:
+
+```yaml
+service:
+  labels:
+    environment: production
+    team: platform
+    cost-center: engineering
+    compliance: nis2
+```
+
+**Note**: Custom labels are merged with standard Helm labels. Avoid using reserved Kubernetes label prefixes like `app.kubernetes.io/`, `helm.sh/`, or `kubernetes.io/`.
+
 Alternatively, a YAML file that specifies the values for the parameters can be
 provided while installing the chart. For example,
 
diff --git a/step-certificates/templates/service.yaml b/step-certificates/templates/service.yaml
index 4d29852..ab11643 100644
--- a/step-certificates/templates/service.yaml
+++ b/step-certificates/templates/service.yaml
@@ -5,6 +5,9 @@ metadata:
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "step-certificates.labels" . | nindent 4 }}
+    {{- with .Values.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
   {{- with .Values.service.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
diff --git a/step-certificates/values.yaml b/step-certificates/values.yaml
index dde6b45..c6182c9 100644
--- a/step-certificates/values.yaml
+++ b/step-certificates/values.yaml
@@ -235,6 +235,14 @@ service:
   nodePort: ""
   annotations: {}
   externalIPs: []
+  # labels is a map of custom labels to add to the service resource.
+  # These labels are merged with the standard Helm labels.
+  # Example:
+  #   labels:
+  #     environment: production
+  #     team: platform
+  #     cost-center: engineering
+  labels: {}
 
 # linkedca contains the token to configure step-ca using the linkedca mode.
 #