diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7078fbf13c06415fcb91610e8cdb2ba57c775758..64d2ce6535d79d748cb9129d6cf50da36aff71a2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,9 +4,9 @@ variables:
   TRIVY_CACHE_DIR: ".trivycache/"
   DOCKER_HOST: "unix:///var/run/dind/docker.sock"
   TESTCONTAINERS_RYUK_DISABLED: "false"
-  DOC_VERSIONS: "latest,1.4.2,1.4.1,1.4.0,1.3.0"
-  APP_VERSION: "1.4.3-rc.0"
-  CHART_VERSION: "1.4.3-rc.0"
+  DOC_VERSIONS: "latest,1.4.3,1.4.2,1.4.1,1.4.0"
+  APP_VERSION: "1.4.3"
+  CHART_VERSION: "1.4.3"
 
 image: debian:12-slim
 
@@ -545,8 +545,9 @@ docs-registry:
   only:
     refs:
       - /^release-.*/
+  before_script:
+    - "apt-get update && apt-get install -y sed"
   script:
-    - apt-get update && apt-get install -y sed
     - pip install -r ./requirements.txt
     - find .docs -type f -exec sed -i -e "s/__APP_VERSION__/${APP_VERSION}/g" {} \;
     - python3 .docs/docker/release.py
@@ -564,9 +565,9 @@ release-images:
   before_script:
     - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin $CI_REGISTRY_URL"
     - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
-  script:
     - "ifconfig eth0 mtu 1450 up"
     - "apk add make bash"
+  script:
     - "make release"
 
 release-images-unstable:
@@ -581,11 +582,11 @@ release-images-unstable:
       - master
       - dev
   before_script:
-    - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
-    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
-  script:
+    - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin $CI_REGISTRY_URL"
+    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
     - "ifconfig eth0 mtu 1450 up"
     - "apk add make bash"
+  script:
     - "CI_COMMIT_BRANCH=release-unstable make release-images"
 
 release-chart:
@@ -595,11 +596,14 @@ release-chart:
     refs:
       - /^release-.*/
   before_script:
-    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+    - "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin $CI_REGISTRY2_URL"
+    - "echo ${CI_GPG_KEYRING} | base64 -d > ~/keyring.gpg"
+    - "apk add sed helm curl"
+    - "helm plugin install https://github.com/sigstore/helm-sigstore"
   script:
-    - apk add sed helm curl
-    - helm package ./helm/dbrepo --destination ./build
-    - helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
+    - "helm package --sign --key 'Martin Weise' ./helm/dbrepo --keyring ~/keyring.gpg --destination ./build"
+    - "helm push ./build/dbrepo-${CHART_VERSION}.tgz oci://${CI_REGISTRY2_URL}/helm"
+    - "helm sigstore upload ./build/dbrepo-${CHART_VERSION}.tgz"
 
 release-docs:
   stage: release
@@ -607,8 +611,9 @@ release-docs:
   only:
     refs:
       - /^release-.*/
+  before_script:
+    - "apt-get update && apt-get install -y git make sed wget ssh"
   script:
-    - apt-get update && apt-get install -y git make sed wget ssh
     - make docs
     - eval $(ssh-agent -s)
     - echo "$CI_KEY_PRIVATE" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
@@ -626,9 +631,10 @@ release-libs:
       - /^release-.*/
   variables:
     PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
+  before_script:
+    - "apk add sed bash"
+    - "pip install pipenv twine build"
+    - "pipenv install gunicorn && pipenv install --dev --system --deploy"
   script:
-    - apk add sed bash
-    - pip install pipenv twine build
-    - pipenv install gunicorn && pipenv install --dev --system --deploy
     - bash ./lib/python/package.sh
     - bash ./lib/python/release.sh
\ No newline at end of file
diff --git a/helm/dbrepo/.gitignore b/helm/dbrepo/.gitignore
index e7b18ebe6d6b5e6ea7cba8a40b9ee60db844f169..613d851d27fbfa390c201b7ed8591da3e04bec35 100644
--- a/helm/dbrepo/.gitignore
+++ b/helm/dbrepo/.gitignore
@@ -2,4 +2,5 @@
 *.crt
 *.key
 *.srl
-*.csr
\ No newline at end of file
+*.csr
+build/*
\ No newline at end of file
diff --git a/helm/dbrepo/.helmignore b/helm/dbrepo/.helmignore
index a831b5462153e1330fb4b7c210892f85304a1779..62d87df84fcf8a1c6cdd3918d35280bfbd07f336 100644
--- a/helm/dbrepo/.helmignore
+++ b/helm/dbrepo/.helmignore
@@ -12,6 +12,8 @@ hack/
 .hg/
 .hgignore
 .svn/
+# Generated
+build/
 # Common backup files
 *.swp
 *.bak
diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml
index 587a7b3b09c2a5421fd961fad34ff59cb185be82..d61aa8701a34e5a6f890bf101f1b9775e63bcb03 100644
--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -12,7 +12,7 @@ maintainers:
   - name: Martin Weise
     email: martin.weise@tuwien.ac.at
 home: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/
-icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/.docs/images/signet_white.png
+icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/dbrepo-ui/public/favicon.png
 dependencies:
   - name: opensearch
     alias: searchdb
diff --git a/helm/dbrepo/Makefile b/helm/dbrepo/Makefile
index 07c03a280630491a4ddf6369341b0bee73c78f08..c1e8e02d8f00a08ec29330ed2afd04ff7aff17b1 100644
--- a/helm/dbrepo/Makefile
+++ b/helm/dbrepo/Makefile
@@ -3,5 +3,6 @@ all:
 
 .PHONY: build
 build: ## Generate Helm values schema JSON
+	helm package --sign --key 'Martin Weise' . --keyring ~/.gnupg/mweise.gpg --destination ./build
 	helm schema -input ./values.yaml
-	readme-generator-for-helm --readme README.md --values values.yaml
\ No newline at end of file
+	readme-generator-for-helm --readme README.md --values values.yaml