diff --git a/roles/product_install/defaults/main.yml b/roles/product_install/defaults/main.yml
index d768e62..2b2c614 100644
--- a/roles/product_install/defaults/main.yml
+++ b/roles/product_install/defaults/main.yml
@@ -3,6 +3,9 @@
 # Empty values to simplify logic (no undefineds)
 atl_latest_version: ''
 atl_cached_version: ''
+# if basic_auth is required for download of atlassian installable artifact, provide the name of an AWS Secrets Manager secret
+#  with values for both password and username
+atl_download_secret_name: ''
 
 atl_product_latest_version_url: "https://marketplace.atlassian.com/rest/2/products/key/{{ atl_product_family }}/versions"
 atl_product_version_cache_dir: "{{ atl_product_home_shared }}"
@@ -14,6 +17,7 @@ atl_download_format_suffix_map:
   tarball: '.tar.gz'
 atl_download_suffix: "{{ atl_download_format_suffix_map[atl_download_format] }}"
 
+
 atl_release_base_url: "https://product-downloads.atlassian.com/software"
 atl_product_base_url: "{{ atl_release_base_url }}/{{ atl_product_family }}/downloads"
 atl_product_download_url: "{{ atl_product_base_url }}/atlassian-{{ atl_download_edition | default(atl_product_edition) }}-{{ atl_product_version }}{{ atl_download_suffix }}"
diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml
index c7ac160..e8f8feb 100644
--- a/roles/product_install/tasks/main.yml
+++ b/roles/product_install/tasks/main.yml
@@ -180,11 +180,13 @@
     # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian'
     - name: set basic_auth facts if the secret exists
       ansible.builtin.set_fact:
-        download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
-        download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', 'download_atlassian.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+        download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+        download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
       failed_when: false
       no_log: true
-      when: ansible_ec2_placement_region is defined
+      when: 
+        - ansible_ec2_placement_region is defined
+        - atl_download_secret_name is defined
       tags:
         - runtime_pkg