diff --git a/moon/templates/moon.yaml b/moon/templates/moon.yaml
index d8f9305..38de8d4 100644
--- a/moon/templates/moon.yaml
+++ b/moon/templates/moon.yaml
@@ -4,6 +4,12 @@ kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}
   namespace: {{ .Release.Namespace }}
+  {{- if and .Values.moon.serviceaccount .Values.moon.serviceaccount.annotations }}
+  annotations:
+  {{- range $key, $value := .Values.moon.serviceaccount.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/moon/values.yaml b/moon/values.yaml
index f2a3af8..ec36865 100644
--- a/moon/values.yaml
+++ b/moon/values.yaml
@@ -6,6 +6,14 @@ moon:
   enabled:
     resources: true
 
+  ##
+  ## Optionally add annotations to the service account generated byt the chart
+  ## This is necessary if you intend to use the moon service account for
+  ## Workload Identity or want to tag it for any security monitoring tools
+  ##
+  serviceaccount:
+    annotations: {}
+      # iam.gke.io/gcp-service-account: moon-sa-on-gcp@gcp-project.iam.gserviceaccount.com
 #  ##
 #  ## Global timeouts.
 #  ##