diff --git a/cmd/werf/common/helm.go b/cmd/werf/common/helm.go
index 9f254e7e51..28d7bc4846 100644
--- a/cmd/werf/common/helm.go
+++ b/cmd/werf/common/helm.go
@@ -12,6 +12,7 @@ import (
 	"github.com/werf/logboek"
 	bundles_registry "github.com/werf/werf/pkg/deploy/bundles/registry"
 	"github.com/werf/werf/pkg/deploy/helm"
+	"github.com/werf/werf/pkg/util"
 )
 
 func NewHelmRegistryClientHandle(ctx context.Context, commonCmdData *CmdData) (*registry.Client, error) {
@@ -24,12 +25,14 @@ func NewHelmRegistryClientHandle(ctx context.Context, commonCmdData *CmdData) (*
 
 func NewBundlesRegistryClient(ctx context.Context, commonCmdData *CmdData) (*bundles_registry.Client, error) {
 	debug := logboek.Context(ctx).Debug().IsAccepted()
-	insecure := *commonCmdData.InsecureHelmDependencies
+	insecure := util.GetBoolEnvironmentDefaultFalse("WERF_BUNDLE_INSECURE_REGISTRY")
+	skipTlsVerify := util.GetBoolEnvironmentDefaultFalse("WERF_BUNDLE_SKIP_TLS_VERIFY_REGISTRY")
 	out := logboek.Context(ctx).OutStream()
 
 	return bundles_registry.NewClient(
 		bundles_registry.ClientOptDebug(debug),
 		bundles_registry.ClientOptInsecure(insecure),
+		bundles_registry.ClientOptSkipTlsVerify(skipTlsVerify),
 		bundles_registry.ClientOptWriter(out),
 	)
 }
diff --git a/pkg/deploy/bundles/registry/client.go b/pkg/deploy/bundles/registry/client.go
index 1279bb1a3a..b3b7390406 100644
--- a/pkg/deploy/bundles/registry/client.go
+++ b/pkg/deploy/bundles/registry/client.go
@@ -48,8 +48,9 @@ const (
 type (
 	// Client works with OCI-compliant registries and local Helm chart cache
 	Client struct {
-		debug    bool
-		insecure bool
+		debug         bool
+		insecure      bool
+		skipTlsVerify bool
 		// path to repository config file e.g. ~/.docker/config.json
 		credentialsFile string
 		out             io.Writer
@@ -91,7 +92,7 @@ func NewClient(opts ...ClientOption) (*Client, error) {
 	}
 	if client.resolver == nil {
 		httpClient := http.DefaultClient
-		if client.insecure {
+		if client.skipTlsVerify {
 			httpClient.Transport = &http.Transport{
 				TLSClientConfig: &tls.Config{
 					InsecureSkipVerify: true,
diff --git a/pkg/deploy/bundles/registry/client_opts.go b/pkg/deploy/bundles/registry/client_opts.go
index 2251daadfd..fc5ec4e523 100644
--- a/pkg/deploy/bundles/registry/client_opts.go
+++ b/pkg/deploy/bundles/registry/client_opts.go
@@ -73,3 +73,9 @@ func ClientOptInsecure(insecure bool) ClientOption {
 		client.insecure = insecure
 	}
 }
+
+func ClientOptSkipTlsVerify(skipTlsVerify bool) ClientOption {
+	return func(client *Client) {
+		client.skipTlsVerify = skipTlsVerify
+	}
+}