diff --git a/CHANGELOG.md b/CHANGELOG.md
index 90d4c33..d5288ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ Features:
 Improvements:
 * Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
 * Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
 
 ## 0.18.0 (November 17th, 2021)
 
diff --git a/templates/server-route.yaml b/templates/server-route.yaml
index 72b8752..e122d93 100644
--- a/templates/server-route.yaml
+++ b/templates/server-route.yaml
@@ -28,7 +28,7 @@ spec:
   port:
     targetPort: 8200
   tls:
-    termination: passthrough
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
 {{- end }}
 {{- end }}
 {{- end }}
diff --git a/test/unit/server-route.bats b/test/unit/server-route.bats
index d141fb6..53e1e61 100755
--- a/test/unit/server-route.bats
+++ b/test/unit/server-route.bats
@@ -141,3 +141,41 @@ load _helpers
       yq -r '.spec.to.name' | tee /dev/stderr)
   [ "${actual}" = "RELEASE-NAME-vault" ]
 }
+
+@test "server/route: OpenShift - route termination mode set to default passthrough" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-route.yaml \
+      --set 'global.openshift=true' \
+      --set 'server.route.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.spec.tls.termination' | tee /dev/stderr)
+  [ "${actual}" = "passthrough" ]
+}
+
+@test "server/route: OpenShift - route termination mode set to edge" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-route.yaml \
+      --set 'global.openshift=true' \
+      --set 'server.route.enabled=true' \
+      --set 'server.route.tls.termination=edge' \
+      . | tee /dev/stderr |
+      yq -r '.spec.tls.termination' | tee /dev/stderr)
+  [ "${actual}" = "edge" ]
+}
+
+@test "server/route: OpenShift - route custom tls entry" {
+  cd `chart_dir`
+
+  local actual=$(helm template \
+      --show-only templates/server-route.yaml \
+      --set 'global.openshift=true' \
+      --set 'server.route.enabled=true' \
+      --set 'server.route.tls.insecureEdgeTerminationPolicy=Redirect' \
+      . | tee /dev/stderr |
+      yq -r '.spec.tls.insecureEdgeTerminationPolicy' | tee /dev/stderr)
+  [ "${actual}" = "Redirect" ]
+}
diff --git a/values.yaml b/values.yaml
index f4f5e9d..8169411 100644
--- a/values.yaml
+++ b/values.yaml
@@ -305,7 +305,7 @@ server:
     #      - chart-example.local
 
   # OpenShift only - create a route to expose the service
-  # The created route will be of type passthrough
+  # By default the created route will be of type passthrough
   route:
     enabled: false
 
@@ -316,6 +316,11 @@ server:
     labels: {}
     annotations: {}
     host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
 
   # authDelegator enables a cluster role binding to be attached to the service
   # account.  This cluster role binding can be used to setup Kubernetes auth