diff --git a/changelog.d/2-features/chart-brig-geoip b/changelog.d/2-features/chart-brig-geoip
new file mode 100644
index 0000000000..e53e7fb52f
--- /dev/null
+++ b/changelog.d/2-features/chart-brig-geoip
@@ -0,0 +1 @@
+* Support running brig with GeoIP database when using helm charts
\ No newline at end of file
diff --git a/charts/brig/templates/configmap.yaml b/charts/brig/templates/configmap.yaml
index 21a67cff69..7b06eb9b55 100644
--- a/charts/brig/templates/configmap.yaml
+++ b/charts/brig/templates/configmap.yaml
@@ -202,6 +202,11 @@ data:
     {{- end }}
     {{- end }}
 
+    {{- if .geoip.enabled }}
+    # Shared emptyDir with geoipupdate container
+    geoDb: /usr/share/GeoIP/GeoIP2-City.mmdb
+    {{- end }}
+
     {{- with .optSettings }}
     optSettings:
       setActivationTimeout: {{ .setActivationTimeout }}
diff --git a/charts/brig/templates/deployment.yaml b/charts/brig/templates/deployment.yaml
index 050d2456c4..531f816948 100644
--- a/charts/brig/templates/deployment.yaml
+++ b/charts/brig/templates/deployment.yaml
@@ -42,6 +42,40 @@ spec:
         - name: "brig-secrets"
           secret:
             secretName: "brig"
+        {{- if .Values.config.geoip.enabled }}
+        - name: "geoip"
+          emptyDir: {}
+        {{- end }}
+      {{- if .Values.config.geoip.enabled }}
+      # Brig needs GeoIP database to be downloaded before it can start.
+      initContainers:
+        - name: geoipdownload
+          image: "{{ .Values.config.geoip.image.repository }}:{{ .Values.config.geoip.image.tag }}"
+          imagePullPolicy: {{ default "" .Values.config.geoip.imagePullPolicy | quote }}
+          volumeMounts:
+          - name: "geoip"
+            mountPath: "/usr/share/GeoIP"
+          # The environment variables are documented at:
+          # https://github.com/maxmind/geoipupdate/blob/62b34e648a842dc03ccf4ad3f61e2d85eaec98fc/doc/docker.md
+          env:
+          - name: GEOIPUPDATE_ACCOUNT_ID
+            valueFrom:
+              secretKeyRef:
+                name: brig-geoip
+                key: accountId
+          - name: GEOIPUPDATE_LICENSE_KEY
+            valueFrom:
+              secretKeyRef:
+                name: brig-geoip
+                key: licenseKey
+          - name: GEOIPUPDATE_EDITION_IDS
+            valueFrom:
+              secretKeyRef:
+                name: brig-geoip
+                key: editionIds
+          - name: GEOIPUPDATE_FREQUENCY
+            value: "0" # Setting this to 0 makes the script only run geoipupdate once.
+      {{- end }}
       containers:
         - name: brig
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -55,6 +89,10 @@ spec:
           - name: "turn-servers"
             mountPath: "/etc/wire/brig/turn"
           {{- end }}
+          {{- if .Values.config.geoip.enabled }}
+          - name: "geoip"
+            mountPath: "/usr/share/GeoIP"
+          {{- end }}
           env:
           - name: LOG_LEVEL
             value: {{ .Values.config.logLevel }}
@@ -107,3 +145,31 @@ spec:
               port: {{ .Values.service.internalPort }}
           resources:
 {{ toYaml .Values.resources | indent 12 }}
+        {{- if .Values.config.geoip.enabled }}
+        - name: geoipupdate
+          image: "{{ .Values.config.geoip.image.repository }}:{{ .Values.config.geoip.image.tag }}"
+          imagePullPolicy: {{ default "" .Values.config.geoip.imagePullPolicy | quote }}
+          volumeMounts:
+          - name: "geoip"
+            mountPath: "/usr/share/GeoIP"
+          # The environment variables are documented at:
+          # https://github.com/maxmind/geoipupdate/blob/62b34e648a842dc03ccf4ad3f61e2d85eaec98fc/doc/docker.md
+          env:
+          - name: GEOIPUPDATE_ACCOUNT_ID
+            valueFrom:
+              secretKeyRef:
+                name: brig-geoip
+                key: accountId
+          - name: GEOIPUPDATE_LICENSE_KEY
+            valueFrom:
+              secretKeyRef:
+                name: brig-geoip
+                key: licenseKey
+          - name: GEOIPUPDATE_EDITION_IDS
+            valueFrom:
+              secretKeyRef:
+                name: brig-geoip
+                key: editionIds
+          - name: GEOIPUPDATE_FREQUENCY
+            value: "24" # hours
+        {{- end }}
diff --git a/charts/brig/templates/geoip-secret.yaml b/charts/brig/templates/geoip-secret.yaml
new file mode 100644
index 0000000000..db6df8a1ee
--- /dev/null
+++ b/charts/brig/templates/geoip-secret.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.config.geoip.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: brig-geoip
+  labels:
+    wireService: brig
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  {{- with .Values.secrets.geoip }}
+  accountId: {{ required ".secrets.geoip.accountId must be provided when .Values.config.geoip.enabled is True" .accountId | b64enc | quote }}
+  licenseKey: {{ required ".secrets.geoip.licenseKey must be provided when .Values.config.geoip.enabled is True" .licenseKey | b64enc | quote }}
+  editionIds: {{ required ".secrets.geoip.editionIds must be provided when .Values.config.geoip.enabled is True" .editionIds | b64enc | quote }}
+  {{- end }}
+{{- end }}
diff --git a/charts/brig/values.yaml b/charts/brig/values.yaml
index 0ffd06f651..0106d38620 100644
--- a/charts/brig/values.yaml
+++ b/charts/brig/values.yaml
@@ -84,6 +84,14 @@ config:
   smtp:
     passwordFile: /etc/wire/brig/secrets/smtp-password.txt
   proxy: {}
+
+  geoip:
+    # When enabling this, .secrets.geoip.accountId, .secrets.geoip.licenseKey and
+    # .secret.geoip.editionIds must be provided.
+    enabled: false
+    image:
+      repository: docker.io/maxmindinc/geoipupdate
+      tag: v4.9
 turnStatic:
   v1:
   - turn:localhost:3478
diff --git a/hack/bin/set-chart-image-version.sh b/hack/bin/set-chart-image-version.sh
index 966a96c7c9..d133007e4a 100755
--- a/hack/bin/set-chart-image-version.sh
+++ b/hack/bin/set-chart-image-version.sh
@@ -11,8 +11,8 @@ for chart in $charts
 do
 if [[ "$chart" == "nginz" ]]; then
     # nginz has a different docker tag indentation
-    sed -i "s/   tag: .*/   tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
+    sed -i "s/^    tag: .*/    tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
 else
-    sed -i "s/  tag: .*/  tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
+    sed -i "s/^  tag: .*/  tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
 fi
 done
diff --git a/hack/bin/set-wire-server-image-version.sh b/hack/bin/set-wire-server-image-version.sh
index 3c92e5fd3e..d3438814e9 100755
--- a/hack/bin/set-wire-server-image-version.sh
+++ b/hack/bin/set-wire-server-image-version.sh
@@ -9,8 +9,8 @@ CHARTS_DIR="$TOP_LEVEL/.local/charts"
 charts=(brig cannon galley gundeck spar cargohold proxy cassandra-migrations elasticsearch-index federator)
 
 for chart in "${charts[@]}"; do
-    sed -i "s/  tag: .*/  tag: $target_version/g" "$CHARTS_DIR/$chart/values.yaml"
+    sed -i "s/^  tag: .*/  tag: $target_version/g" "$CHARTS_DIR/$chart/values.yaml"
 done
 
 #special case nginz
-sed -i "s/   tag: .*/   tag: $target_version/g" "$CHARTS_DIR/nginz/values.yaml"
+sed -i "s/^    tag: .*/    tag: $target_version/g" "$CHARTS_DIR/nginz/values.yaml"