diff --git a/.gitignore b/.gitignore
index 4785a0ee84c0ef772980a177e57eed473c4eeca7..d8df088d814c603259804ff7b011a2d2b8d7f13c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,8 @@ target/
 # generated
 ready
 schema.xsd
+final/
+build/
 
 # docs
 .docs/.swagger/dist/
@@ -68,7 +70,7 @@ debug.txt
 .DS_Store
 
 # IDE
-fda-analyse-service/venv
+venv/
 .git.bfg-*
 
 # Docs
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 37e12b8af9eea4695e45c3b0c1c6cdfd331b89d9..2f22b6da1e7a7855cd2db630826006eedf39786f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,7 +5,7 @@ variables:
   TRIVY_CACHE_DIR: ".trivycache/"
   DOCKER_HOST: "unix:///var/run/dind/docker.sock"
   TESTCONTAINERS_RYUK_DISABLED: "false"
-  VERSION: "1.4.0"
+  VERSION: "1.4.1"
 
 image: debian:12-slim
 
@@ -502,6 +502,37 @@ release-1.4:
     - "apk add make"
     - "TAG=${VERSION} make release"
 
+release-helm-latest:
+  stage: release
+  image: docker:24-dind
+  only:
+    refs:
+      - dev
+      - master
+  before_script:
+    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+  script:
+    - apk add sed helm
+    - 'sed -i -e "s/^version:.*/version: \"${VERSION}-0.git.${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+    - 'sed -i -e "s/^appVersion:.*/appVersion: \"${VERSION}-0.git.${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+    - helm package ./helm-charts/dbrepo --destination ./build
+    - helm push "./build/dbrepo-${VERSION}-0.git.${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
+
+release-helm-1.4:
+  stage: release
+  image: docker:24-dind
+  only:
+    refs:
+      - release-v1.4
+  before_script:
+    - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+  script:
+    - apk add sed helm
+    - 'sed -i -e "s/^version:.*/version: \"${VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+    - 'sed -i -e "s/^appVersion:.*/appVersion: \"${VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+    - helm package ./helm-charts/dbrepo --destination ./build
+    - helm push "./build/dbrepo-${VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
+
 build-api-latest:
   stage: build
   image: docker.io/alpine:3.18
diff --git a/Makefile b/Makefile
index 79f8d5e1041aee04e0b0af36fe1097030cc62f07..5883ac2b049372147baecbd9f4aae522e7ab4eb3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,6 @@
 .PHONY: all
 
 TAG ?= latest
-TRIVY_VERSION ?= v0.41.0
 REPOSITORY_1_URL ?= docker.io/dbrepo
 REPOSITORY_2_URL ?= s210.dl.hpc.tuwien.ac.at/dbrepo
 
@@ -37,6 +36,11 @@ build-frontend:
 build-swagger:
 	bash ./.docs/generate.sh
 
+build-helm-chart:
+	sed -i -e "s/^version:.*/version: \"${TAG}-dev\"/g" ./helm-charts/dbrepo/Chart.yaml
+	sed -i -e "s/^appVersion:.*/appVersion: \"${TAG}-dev\"/g" ./helm-charts/dbrepo/Chart.yaml
+	helm package ./helm-charts/dbrepo --destination ./build
+
 tag: tag-analyse-service tag-authentication-service tag-metadata-db tag-ui tag-metadata-service tag-data-service tag-search-db tag-search-db-init tag-search-service tag-data-db-sidecar
 
 tag-analyse-service:
@@ -129,6 +133,10 @@ release-storage-service-init: tag-storage-service-init
 	docker push "${REPOSITORY_1_URL}/storage-service-init:${TAG}"
 	docker push "${REPOSITORY_2_URL}/storage-service-init:${TAG}"
 
+release-helm-chart: build-helm-chart
+	helm package ./helm-charts/dbrepo --destination ./build
+	helm push ./build/dbrepo-${TAG}-dev.tgz "oci://${REPOSITORY_2_URL}/helm"
+
 test-backend: test-metadata-service test-analyse-service test-data-service
 
 test-data-service: build-data-service
diff --git a/helm-charts/README.md b/helm-charts/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..02cc2b39549865a2aa012ec8b604481d54440157
--- /dev/null
+++ b/helm-charts/README.md
@@ -0,0 +1 @@
+# DBRepo
\ No newline at end of file
diff --git a/helm-charts/artifacthub-repo.yml b/helm-charts/artifacthub-repo.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1e94306eeb88aa7e2c63ba8762f9261c335005b7
--- /dev/null
+++ b/helm-charts/artifacthub-repo.yml
@@ -0,0 +1,6 @@
+repositoryID: c3dd3e89-e742-4a55-99e3-9681a521fb3e
+owners:
+  - name: dbrepo
+    email: martinweiseat@gmail.com
+  - name: mweise
+    email: martin.weise@tuwien.ac.at
diff --git a/helm-charts/dbrepo/.helmignore b/helm-charts/dbrepo/.helmignore
new file mode 100644
index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778
--- /dev/null
+++ b/helm-charts/dbrepo/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/helm-charts/dbrepo/Chart.lock b/helm-charts/dbrepo/Chart.lock
new file mode 100644
index 0000000000000000000000000000000000000000..b43e0b5c27822775766bc80de1ce275d7f9ca934
--- /dev/null
+++ b/helm-charts/dbrepo/Chart.lock
@@ -0,0 +1,30 @@
+dependencies:
+- name: opensearch
+  repository: https://opensearch-project.github.io/helm-charts/
+  version: 2.15.0
+- name: opensearch-dashboards
+  repository: https://opensearch-project.github.io/helm-charts/
+  version: 2.13.0
+- name: keycloak
+  repository: https://charts.bitnami.com/bitnami
+  version: 17.3.3
+- name: mariadb-galera
+  repository: https://charts.bitnami.com/bitnami
+  version: 11.0.1
+- name: mariadb-galera
+  repository: https://charts.bitnami.com/bitnami
+  version: 11.0.1
+- name: postgresql-ha
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.1.7
+- name: rabbitmq
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.5.1
+- name: fluent-bit
+  repository: https://fluent.github.io/helm-charts
+  version: 0.40.0
+- name: seaweedfs
+  repository: https://seaweedfs.github.io/seaweedfs/helm
+  version: 3.59.4
+digest: sha256:408d622f6f8b819434771021ba4144bd3d58aef6b1302f323f0acba672b0e7ec
+generated: "2024-01-07T22:24:18.122775309+01:00"
diff --git a/helm-charts/dbrepo/Chart.yaml b/helm-charts/dbrepo/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3096cea821e7475ecc7be52bf94623543b78ef1b
--- /dev/null
+++ b/helm-charts/dbrepo/Chart.yaml
@@ -0,0 +1,55 @@
+apiVersion: v2
+name: dbrepo
+description: |
+  We present a database repository system that allows researchers to ingest data into a central, versioned repository 
+  through common interfaces, provides efficient access to arbitrary subsets of data even when the underlying data store
+  is evolving, allows reproducing of query results and supports findable-, accessible-, interoperable- and reusable
+  data.
+type: application
+version: "1.4.0-dev.667653b51"
+appVersion: "1.4.0-dev.667653b51"
+keywords:
+  - dbrepo
+maintainers:
+  - name: Martin Weise
+    email: martin.weise@tuwien.ac.at
+home: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/
+icon:
+  https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/master/dbrepo-ui/static/favicon.png
+dependencies:
+  - name: opensearch
+    alias: search-db
+    version: 2.15.0 # app version 2.10.0
+    repository: https://opensearch-project.github.io/helm-charts/
+  - name: opensearch-dashboards
+    alias: search-db-dashboard
+    version: 2.13.0 # app version 2.10.0
+    repository: https://opensearch-project.github.io/helm-charts/
+  - name: keycloak
+    alias: auth-service
+    version: 17.3.3
+    repository: https://charts.bitnami.com/bitnami
+  - name: mariadb-galera
+    alias: data-db
+    version: 11.0.1
+    repository: https://charts.bitnami.com/bitnami
+  - name: mariadb-galera
+    alias: metadata-db
+    version: 11.0.1
+    repository: https://charts.bitnami.com/bitnami
+  - name: postgresql-ha
+    alias: auth-db
+    version: 12.1.7
+    repository: https://charts.bitnami.com/bitnami
+  - name: rabbitmq
+    alias: broker-service
+    version: 12.5.1
+    repository: https://charts.bitnami.com/bitnami
+  - name: fluent-bit
+    alias: log-service
+    version: 0.40.0
+    repository: https://fluent.github.io/helm-charts
+  - name: seaweedfs
+    alias: storage-service
+    version: 3.59.4
+    repository: https://seaweedfs.github.io/seaweedfs/helm
diff --git a/helm-charts/dbrepo/charts/fluent-bit-0.40.0.tgz b/helm-charts/dbrepo/charts/fluent-bit-0.40.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..e8057f452b586c22fa2bf9f645a74d2a64e613e2
Binary files /dev/null and b/helm-charts/dbrepo/charts/fluent-bit-0.40.0.tgz differ
diff --git a/helm-charts/dbrepo/charts/keycloak-17.3.3.tgz b/helm-charts/dbrepo/charts/keycloak-17.3.3.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..2a4298f589c5b38c7dca1c7ec3efaf011c450676
Binary files /dev/null and b/helm-charts/dbrepo/charts/keycloak-17.3.3.tgz differ
diff --git a/helm-charts/dbrepo/charts/mariadb-galera-11.0.1.tgz b/helm-charts/dbrepo/charts/mariadb-galera-11.0.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..75966763de12ffca164d475cccac327a338857df
Binary files /dev/null and b/helm-charts/dbrepo/charts/mariadb-galera-11.0.1.tgz differ
diff --git a/helm-charts/dbrepo/charts/opensearch-2.15.0.tgz b/helm-charts/dbrepo/charts/opensearch-2.15.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7d2f6efb43a2d44e8dfffde4e0265d302af2b2a6
Binary files /dev/null and b/helm-charts/dbrepo/charts/opensearch-2.15.0.tgz differ
diff --git a/helm-charts/dbrepo/charts/opensearch-dashboards-2.13.0.tgz b/helm-charts/dbrepo/charts/opensearch-dashboards-2.13.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4e7a499b8fcdca2600d3d2c2f69004f61d0295c5
Binary files /dev/null and b/helm-charts/dbrepo/charts/opensearch-dashboards-2.13.0.tgz differ
diff --git a/helm-charts/dbrepo/charts/postgresql-ha-12.1.7.tgz b/helm-charts/dbrepo/charts/postgresql-ha-12.1.7.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a534ebb28b1138ee626c4f8fab2a483cf9ae5504
Binary files /dev/null and b/helm-charts/dbrepo/charts/postgresql-ha-12.1.7.tgz differ
diff --git a/helm-charts/dbrepo/charts/rabbitmq-12.5.1.tgz b/helm-charts/dbrepo/charts/rabbitmq-12.5.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..cd252174f05f13e755c8049def5561b1e2f9a3ef
Binary files /dev/null and b/helm-charts/dbrepo/charts/rabbitmq-12.5.1.tgz differ
diff --git a/helm-charts/dbrepo/charts/seaweedfs-3.59.4.tgz b/helm-charts/dbrepo/charts/seaweedfs-3.59.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..61cb40d6deedbf5a4cc0efabd8dee6f13f7341de
Binary files /dev/null and b/helm-charts/dbrepo/charts/seaweedfs-3.59.4.tgz differ
diff --git a/helm-charts/dbrepo/templates/NOTES.txt b/helm-charts/dbrepo/templates/NOTES.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ce7c200186842631afb13f666f421a16677895b3
--- /dev/null
+++ b/helm-charts/dbrepo/templates/NOTES.txt
@@ -0,0 +1,10 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $ingress := .Values.ingress.data }}
+{{- range $host := $ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/_helpers.tpl b/helm-charts/dbrepo/templates/_helpers.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..b17e44d2dfa6f6e7a09c3ab58b35794c46791c71
--- /dev/null
+++ b/helm-charts/dbrepo/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubernetes.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubernetes.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubernetes.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubernetes.labels" -}}
+helm.sh/chart: {{ include "kubernetes.chart" . }}
+{{ include "kubernetes.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubernetes.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubernetes.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubernetes.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubernetes.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/analyse-service/deployment.yaml b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9063dd493cd20492cc3063ad58b74fab3a9700c4
--- /dev/null
+++ b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml
@@ -0,0 +1,73 @@
+{{- if .Values.analyseService.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: analyse-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: analyse-service
+    service: analyse-service
+spec:
+  replicas: {{ .Values.analyseService.replicaCount }}
+  strategy:
+    type: {{ $.Values.strategyType }}
+  selector:
+    matchLabels:
+      app: analyse-service
+      service: analyse-service
+  template:
+    metadata:
+      labels:
+        app: analyse-service
+        service: analyse-service
+    spec:
+      securityContext:
+        fsGroup: 0
+        runAsUser: 0
+        runAsGroup: 0
+      containers:
+        - name: analyse-service
+          image: {{ printf "%s/%s:%s" .Values.analyseService.image.registry .Values.analyseService.image.repository .Values.analyseService.image.tag }}
+          imagePullPolicy: {{ .Values.analyseService.image.pullPolicy | default "IfNotPresent" }}
+          ports:
+            - containerPort: 5000
+              protocol: TCP
+          env:
+            - name: LOG_LEVEL
+              valueFrom:
+                secretKeyRef:
+                  name: analyse-service-secret
+                  key: log-level
+            - name: S3_STORAGE_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: analyse-service-secret
+                  key: s3-storage-endpoint
+            - name: S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: analyse-service-secret
+                  key: s3-access-key-id
+            - name: S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: analyse-service-secret
+                  key: s3-secret-access-key
+          livenessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:5000/health | grep 'UP' || exit 1"
+            initialDelaySeconds: 120
+            periodSeconds: 30
+          readinessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:5000/health | grep 'UP' || exit 1"
+            initialDelaySeconds: 10
+            periodSeconds: 30
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/analyse-service/secret.yaml b/helm-charts/dbrepo/templates/analyse-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c7b4caf586b79e03b598ac76b63d35858f8d6379
--- /dev/null
+++ b/helm-charts/dbrepo/templates/analyse-service/secret.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.analyseService.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: analyse-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  log-level: "{{ ternary "DEBUG" "INFO" .Values.analyseService.image.debug }}"
+  s3-storage-endpoint: "http://storage-service-s3:9000"
+  s3-access-key-id: "seaweedfsadmin"
+  s3-secret-access-key: "seaweedfsadmin"
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/analyse-service/service.yaml b/helm-charts/dbrepo/templates/analyse-service/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cee31a50eb2b8e35179518f9aabc4308712ddbe9
--- /dev/null
+++ b/helm-charts/dbrepo/templates/analyse-service/service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.analyseService.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: analyse-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    service: analyse-service
+spec:
+  type: ClusterIP
+  ports:
+    - name: "flask"
+      port: 80
+      targetPort: 5000
+      protocol: TCP
+  selector:
+    service: analyse-service
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/auth-service/configmap.yaml b/helm-charts/dbrepo/templates/auth-service/configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..da7f14e0e3056fac5421b12911dd026dd782f1f7
--- /dev/null
+++ b/helm-charts/dbrepo/templates/auth-service/configmap.yaml
@@ -0,0 +1,2731 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: auth-service-setup
+  namespace: {{ $.Values.namespace }}
+data:
+  dbrepo-realm.json: |
+    {
+      "id" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+      "realm" : "dbrepo",
+      "notBefore" : 0,
+      "defaultSignatureAlgorithm" : "RS256",
+      "revokeRefreshToken" : false,
+      "refreshTokenMaxReuse" : 1,
+      "accessTokenLifespan" : 900,
+      "accessTokenLifespanForImplicitFlow" : 900,
+      "ssoSessionIdleTimeout" : 864000,
+      "ssoSessionMaxLifespan" : 2592000,
+      "ssoSessionIdleTimeoutRememberMe" : 0,
+      "ssoSessionMaxLifespanRememberMe" : 0,
+      "offlineSessionIdleTimeout" : 2592000,
+      "offlineSessionMaxLifespanEnabled" : false,
+      "offlineSessionMaxLifespan" : 5184000,
+      "clientSessionIdleTimeout" : 0,
+      "clientSessionMaxLifespan" : 0,
+      "clientOfflineSessionIdleTimeout" : 0,
+      "clientOfflineSessionMaxLifespan" : 0,
+      "accessCodeLifespan" : 60,
+      "accessCodeLifespanUserAction" : 300,
+      "accessCodeLifespanLogin" : 1800,
+      "actionTokenGeneratedByAdminLifespan" : 43200,
+      "actionTokenGeneratedByUserLifespan" : 1800,
+      "oauth2DeviceCodeLifespan" : 600,
+      "oauth2DevicePollingInterval" : 5,
+      "enabled" : true,
+      "sslRequired" : "none",
+      "registrationAllowed" : false,
+      "registrationEmailAsUsername" : false,
+      "rememberMe" : false,
+      "verifyEmail" : true,
+      "loginWithEmailAllowed" : false,
+      "duplicateEmailsAllowed" : false,
+      "resetPasswordAllowed" : false,
+      "editUsernameAllowed" : false,
+      "bruteForceProtected" : false,
+      "permanentLockout" : false,
+      "maxFailureWaitSeconds" : 900,
+      "minimumQuickLoginWaitSeconds" : 60,
+      "waitIncrementSeconds" : 60,
+      "quickLoginCheckMilliSeconds" : 1000,
+      "maxDeltaTimeSeconds" : 43200,
+      "failureFactor" : 30,
+      "roles" : {
+        "realm" : [ {
+          "id" : "48f38342-1e3f-427a-995d-c436eaee65cb",
+          "name" : "default-user-handling",
+          "description" : "${default-user-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "modify-user-theme", "modify-user-information" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "9bb4a8dc-28e0-4645-b62f-cc94425f0cb0",
+          "name" : "default-maintenance-handling",
+          "description" : "${default-maintenance-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "create-maintenance-message", "find-maintenance-message", "update-maintenance-message", "delete-maintenance-message", "list-maintenance-messages" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "143ba359-5fa2-451e-8296-43ecf20bb251",
+          "name" : "update-semantic-concept",
+          "description" : "${update-semantic-concept}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "5136d7a3-e3f0-4585-bacd-15cb8a56095c",
+          "name" : "escalated-container-handling",
+          "description" : "${escalated-container-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "create-container", "delete-container" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "b0bc8649-7d84-4dd3-84f0-7f174425babe",
+          "name" : "list-tables",
+          "description" : "${list-tables}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "bfd85d9c-2772-4660-a8f0-cdc0cd8252b3",
+          "name" : "default-database-handling",
+          "description" : "${default-database-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "modify-database-owner", "update-database-access", "create-database", "list-databases", "create-database-access", "find-database", "modify-database-visibility", "import-database-data", "delete-database-access", "check-database-access" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "22492b64-c633-48a0-9678-b28669f2885b",
+          "name" : "execute-semantic-query",
+          "description" : "${execute-semantic-query}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "4ed919fa-edc5-44e5-9411-607786e4a86d",
+          "name" : "view-table-history",
+          "description" : "${view-table-history}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "d89a2881-b642-4abb-b990-196e71372f6b",
+          "name" : "default-table-handling",
+          "description" : "${default-table-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "modify-table-column-semantics", "list-tables", "find-table", "create-table", "delete-table" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "b0d66d3d-59b4-4aae-aa66-e3d5a49f28e3",
+          "name" : "view-database-view-data",
+          "description" : "${view-database-view-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "f5ea431a-9b2c-4195-bcb4-9511f38e4b44",
+          "name" : "create-database-view",
+          "description" : "${create-database-view}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "a5ffc20e-8b11-498c-9f3b-b5740aec24c7",
+          "name" : "default-semantics-handling",
+          "description" : "${default-semantics-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "create-semantic-unit", "create-semantic-concept", "execute-semantic-query", "table-semantic-analyse" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "fe4a01f3-6590-4df6-9ade-5a9c1fae4736",
+          "name" : "create-semantic-unit",
+          "description" : "${create-semantic-unit}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e63e61a2-d852-4ad3-bfb5-92d9ceafef6a",
+          "name" : "escalated-user-handling",
+          "description" : "${escalated-user-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "find-user" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "be4e1aba-e276-4241-b6ea-01dce6c52f8b",
+          "name" : "find-container",
+          "description" : "${find-container}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "3a801b48-f3c2-4bc6-aa25-c7a91d5b32a7",
+          "name" : "default-researcher-roles",
+          "description" : "${default-researcher-roles}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "default-table-handling", "default-semantics-handling", "default-container-handling", "default-query-handling", "default-user-handling", "default-database-handling", "default-identifier-handling" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "3d8104fb-8307-40f0-b4b2-c3e518957110",
+          "name" : "view-table-data",
+          "description" : "${view-table-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "fe71b907-7020-44ab-9964-da2b87264582",
+          "name" : "create-database",
+          "description" : "${create-database}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e51b63c2-48dd-4bd6-95fb-d257d21b26ba",
+          "name" : "import-database-data",
+          "description" : "${import-database-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "a7ad038c-5c06-42fc-951c-15ac09d4df66",
+          "name" : "modify-database-owner",
+          "description" : "${modify-database-owner}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "c12c1f4e-186f-4153-a795-26e79fb623d6",
+          "name" : "create-ontology",
+          "description" : "${create-ontology}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "b60a5694-4099-4f7d-a7e9-4c433e0eb9c9",
+          "name" : "update-semantic-unit",
+          "description" : "${update-semantic-unit}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e9854bbb-4580-4757-b1ae-305934173249",
+          "name" : "create-database-access",
+          "description" : "${create-database-access}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "50c604c1-7c6e-43f3-9c43-2398f5eff66e",
+          "name" : "list-databases",
+          "description" : "${list-databases}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "535f1484-4514-4d24-8d97-e3f6c11a426b",
+          "name" : "create-container",
+          "description" : "${create-container}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "f4116230-8642-4bb7-bbc8-db9c5c07b558",
+          "name" : "create-maintenance-message",
+          "description" : "${create-maintenance-message}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "973f0999-cc70-4b28-9f43-979c470bea8e",
+          "name" : "default-data-steward-roles",
+          "description" : "${default-data-steward-roles}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "escalated-identifier-handling", "default-semantics-handling", "escalated-semantics-handling", "default-user-handling" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e1383fb7-d54c-4732-9146-93030eb2ca50",
+          "name" : "escalated-query-handling",
+          "description" : "${escalated-query-handling}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "993b5c69-9eb2-42af-ac28-b4a46c6b61f2",
+          "name" : "find-user",
+          "description" : "${find-user}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e4cfdc4d-2373-477b-a8df-161db99aba00",
+          "name" : "create-foreign-identifier",
+          "description" : "${create-foreign-identifier}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "6a5872a5-2b51-415d-ae2d-25a6db4a35df",
+          "name" : "escalated-semantics-handling",
+          "description" : "${escalated-semantics-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "update-semantic-unit", "create-ontology", "update-ontology", "list-ontologies", "delete-ontology", "modify-foreign-table-column-semantics", "update-semantic-concept" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "09147c48-273b-450b-8b11-7ef9b9245244",
+          "name" : "export-table-data",
+          "description" : "${export-table-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "d14af590-60a8-4d75-b864-40ee0165bd7f",
+          "name" : "delete-database-access",
+          "description" : "${delete-database-access}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "be051d45-cd74-4b13-8a45-f2d3351bd995",
+          "name" : "table-semantic-analyse",
+          "description" : "${table-semantic-analyse}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "272a79a7-e282-4261-8f7d-5d5d1364243a",
+          "name" : "update-maintenance-message",
+          "description" : "${update-maintenance-message}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "64c16bfb-2015-48ad-a23f-637ff24419cb",
+          "name" : "default-query-handling",
+          "description" : "${default-query-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "delete-database-view", "export-query-data", "execute-query", "delete-table-data", "export-table-data", "list-queries", "find-query", "list-database-views", "persist-query", "view-database-view-data", "view-table-data", "re-execute-query", "view-table-history", "create-database-view", "find-database-view", "insert-table-data" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "c047d521-cec3-4444-86c4-aef098489b7b",
+          "name" : "delete-maintenance-message",
+          "description" : "${delete-maintenance-message}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e14ab76b-1c24-484d-ae2d-478b8457edea",
+          "name" : "list-licenses",
+          "description" : "${list-licenses}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "d4f29937-3ca0-41e9-9786-2b7b921b6cdd",
+          "name" : "modify-foreign-table-column-semantics",
+          "description" : "${modify-foreign-table-column-semantics}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "8eda9f5c-938c-4915-bed5-6a81a1de15a8",
+          "name" : "list-database-views",
+          "description" : "${list-database-views}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "b372f8f7-d203-4293-b991-ad93fb505917",
+          "name" : "escalated-database-handling",
+          "description" : "${escalated-database-handling}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "abd2d9ee-ebc4-4d0a-839e-6b588a6d442a",
+          "name" : "default-roles-dbrepo",
+          "description" : "${role_default-roles}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "3293799a-82b9-4f47-8f25-1aad2e0222fd",
+          "name" : "find-identifier",
+          "description" : "${find-identifier}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "aaa3f804-38a0-4474-b8e9-f1020c4b3f62",
+          "name" : "list-queries",
+          "description" : "${list-queries}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "76e38f7b-99bf-4d12-8d74-1c7d8812f443",
+          "name" : "update-ontology",
+          "description" : "${update-ontology}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "11f7973e-d1eb-42cb-a35d-c59dfc122775",
+          "name" : "modify-user-theme",
+          "description" : "${modify-user-theme}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "f392bfcb-0be5-4fad-9ce4-8ac6396f176d",
+          "name" : "export-query-data",
+          "description" : "${export-query-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "da493b7e-fb9b-43ca-82a5-e274ad2e6b39",
+          "name" : "find-query",
+          "description" : "${find-query}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "a4d4a788-ebcf-4d32-baed-4a85616ca037",
+          "name" : "escalated-identifier-handling",
+          "description" : "${escalated-identifier-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "delete-identifier", "create-foreign-identifier", "modify-identifier-metadata" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "ea38d69d-17b8-4c65-95e8-1c3501b83618",
+          "name" : "default-container-handling",
+          "description" : "${default-container-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "find-container", "list-containers" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "71874bde-64a5-4a69-8685-d8998303a80c",
+          "name" : "delete-table-data",
+          "description" : "${delete-table-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "7c0306fc-3b03-4c64-87d1-9a34f2073977",
+          "name" : "modify-table-column-semantics",
+          "description" : "${modify-table-column-semantics}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "cd0ee04c-4a5e-4035-a11b-f6a1165f7829",
+          "name" : "delete-container",
+          "description" : "${delete-container}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "67ee39c0-d601-4a67-a0fe-c4f0021d557e",
+          "name" : "list-containers",
+          "description" : "${list-containers}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "795c7bb8-3502-414a-a97b-2ba1cfd6a79c",
+          "name" : "persist-query",
+          "description" : "${persist-query}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "d05e7698-ddf5-4f20-9027-771afb2cc3c7",
+          "name" : "list-identifiers",
+          "description" : "${list-identifiers}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e4bfaf36-9a5d-43e0-9fa3-0f4ea7bad8d0",
+          "name" : "default-developer-roles",
+          "description" : "${default-developer-roles}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "escalated-query-handling", "default-table-handling", "escalated-database-handling", "default-container-handling", "default-query-handling", "default-user-handling", "default-database-handling", "default-maintenance-handling", "escalated-container-handling", "escalated-table-handling", "default-identifier-handling" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "e2cb054e-ea41-4ab0-881b-e6f576f7424e",
+          "name" : "create-semantic-concept",
+          "description" : "${create-semantic-concept}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "feb612cc-96a6-4ed2-aaa5-01f39b25beb5",
+          "name" : "insert-table-data",
+          "description" : "${insert-table-data}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "a0942e33-441b-4343-9f02-4353d03f7bbb",
+          "name" : "find-database",
+          "description" : "${find-database}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "6a0bb740-4448-49be-aee8-6dd183325be5",
+          "name" : "delete-foreign-table",
+          "description" : "${delete-foreign-table}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "7f3652c7-3073-4566-ab63-25385495ebc3",
+          "name" : "modify-database-visibility",
+          "description" : "${modify-database-visibility}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "4a5df51d-f14d-41a2-ad70-6521df5a5b4f",
+          "name" : "offline_access",
+          "description" : "${role_offline-access}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "fd41c4c3-d2f8-4f49-84c7-dba84e9a5575",
+          "name" : "execute-query",
+          "description" : "${execute-query}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "2963c2bb-b129-4224-b98f-c8eeab8e72d1",
+          "name" : "create-table",
+          "description" : "${create-table}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "cf9735a9-fb70-4cc5-b5f4-75afc4e5654b",
+          "name" : "modify-identifier-metadata",
+          "description" : "${modify-identifier-metadata}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "64c2b8f2-1527-4928-81ea-b2651512d028",
+          "name" : "delete-ontology",
+          "description" : "${delete-ontology}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "d6e38368-b40f-423b-82e4-e8aa595237c9",
+          "name" : "find-maintenance-message",
+          "description" : "${find-maintenance-message}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "fd1cc463-3e67-49d9-81b8-2cd90c1daa9c",
+          "name" : "check-database-access",
+          "description" : "${check-database-access}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "74013867-e426-46cc-ab98-2f4a9225ad1e",
+          "name" : "find-table",
+          "description" : "${find-table}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "a2cc60df-d280-46c5-a539-92e2aa249b4a",
+          "name" : "modify-user-information",
+          "description" : "${modify-user-information}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "c367241f-b5b5-491f-84d5-07fe1bef3877",
+          "name" : "default-identifier-handling",
+          "description" : "${default-identifier-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "list-identifiers", "create-identifier", "find-identifier" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "ba1ad8f2-39aa-487d-987f-645e8a459559",
+          "name" : "delete-table",
+          "description" : "${delete-table}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "09f7bdb0-296f-46c8-a3a3-8f9254fb17e4",
+          "name" : "list-maintenance-messages",
+          "description" : "${list-maintenance-messages}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "fe3bc45c-61c2-4ece-bcaf-d410dc7de501",
+          "name" : "update-database-access",
+          "description" : "${update-database-access}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "916b1e65-f60c-42cd-96e4-5c98ffc1ba3c",
+          "name" : "uma_authorization",
+          "description" : "${role_uma_authorization}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "d1afa3ed-bf4f-469a-a061-ad7325fb8d9e",
+          "name" : "delete-database-view",
+          "description" : "${delete-database-view}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "6f044bad-6651-4408-bffa-20c2d8f92eee",
+          "name" : "create-identifier",
+          "description" : "${create-identifier}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "be91195a-e30a-4d15-a8da-0aca0a68782f",
+          "name" : "escalated-table-handling",
+          "description" : "${escalated-table-handling}",
+          "composite" : true,
+          "composites" : {
+            "realm" : [ "delete-foreign-table" ]
+          },
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "98bee7d6-d78c-4e7f-b6a3-3705968b248c",
+          "name" : "list-ontologies",
+          "description" : "${list-ontologies}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "15720c6b-027d-4d53-a0ff-0124bfab7c4c",
+          "name" : "re-execute-query",
+          "description" : "${re-execute-query}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "a9b5181a-8135-41d3-9862-ef80af42211d",
+          "name" : "delete-identifier",
+          "description" : "${delete-identifier}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        }, {
+          "id" : "469c2e63-cda6-48d4-ab8f-eb59a2c69798",
+          "name" : "find-database-view",
+          "description" : "${find-database-view}",
+          "composite" : false,
+          "clientRole" : false,
+          "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+          "attributes" : { }
+        } ],
+        "client" : {
+          "realm-management" : [ {
+            "id" : "4628f654-f8f3-483b-8f92-2a7fc5930b14",
+            "name" : "query-realms",
+            "description" : "${role_query-realms}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "95c2cc47-12f5-4d73-8b74-67e270c45ade",
+            "name" : "manage-authorization",
+            "description" : "${role_manage-authorization}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "824791f3-c345-42f8-b103-b7e6d7e40114",
+            "name" : "manage-identity-providers",
+            "description" : "${role_manage-identity-providers}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "1f840202-b7e2-4195-bac9-64e64dad2037",
+            "name" : "view-identity-providers",
+            "description" : "${role_view-identity-providers}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "3c32c096-bb13-44c9-a080-d756a48a9ea3",
+            "name" : "query-clients",
+            "description" : "${role_query-clients}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "e4b85a68-7f31-4fcf-89a2-f10d7df358e9",
+            "name" : "view-authorization",
+            "description" : "${role_view-authorization}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "7d317752-ae56-46f2-a2ce-67c64d1b35f6",
+            "name" : "view-users",
+            "description" : "${role_view-users}",
+            "composite" : true,
+            "composites" : {
+              "client" : {
+                "realm-management" : [ "query-users", "query-groups" ]
+              }
+            },
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "28824208-976e-4622-b4d7-3d18efbb46fa",
+            "name" : "realm-admin",
+            "description" : "${role_realm-admin}",
+            "composite" : true,
+            "composites" : {
+              "client" : {
+                "realm-management" : [ "query-realms", "view-identity-providers", "manage-identity-providers", "manage-authorization", "query-clients", "view-authorization", "view-users", "manage-users", "view-realm", "query-users", "view-clients", "query-groups", "create-client", "manage-clients", "manage-events", "impersonation", "view-events", "manage-realm" ]
+              }
+            },
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "57e846a2-930d-4621-819d-c35086507146",
+            "name" : "manage-users",
+            "description" : "${role_manage-users}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "7fad9cde-bf96-475a-9174-14a87da51f95",
+            "name" : "view-realm",
+            "description" : "${role_view-realm}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "bbcac294-d78a-4ea1-a4bf-0384266d2fe1",
+            "name" : "query-users",
+            "description" : "${role_query-users}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "480e1437-ab9e-47de-b47a-edc6b6e285de",
+            "name" : "view-clients",
+            "description" : "${role_view-clients}",
+            "composite" : true,
+            "composites" : {
+              "client" : {
+                "realm-management" : [ "query-clients" ]
+              }
+            },
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "b9a9a8f5-f91e-4e73-9e88-1cdf42bd49f9",
+            "name" : "create-client",
+            "description" : "${role_create-client}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "4d1397fb-247c-436f-b26f-124cd89afb08",
+            "name" : "query-groups",
+            "description" : "${role_query-groups}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "e31f522b-b283-4ae1-b875-52afcd98b1d2",
+            "name" : "impersonation",
+            "description" : "${role_impersonation}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "51822d02-fa28-4a49-89da-bc534719d8a8",
+            "name" : "manage-clients",
+            "description" : "${role_manage-clients}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "b2743ce5-0ce8-4157-ae00-f693560f0b39",
+            "name" : "manage-events",
+            "description" : "${role_manage-events}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "7ea3d7e0-9bf4-438a-b773-243daf622aaa",
+            "name" : "view-events",
+            "description" : "${role_view-events}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          }, {
+            "id" : "fb73f6f5-0ed5-41d0-852c-0eb3b195b15a",
+            "name" : "manage-realm",
+            "description" : "${role_manage-realm}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+            "attributes" : { }
+          } ],
+          "security-admin-console" : [ ],
+          "dbrepo-client" : [ ],
+          "admin-cli" : [ ],
+          "rabbitmq-client" : [ ],
+          "account-console" : [ ],
+          "broker" : [ {
+            "id" : "de0cfd5e-c2fe-4082-ac39-e3b092139a0f",
+            "name" : "read-token",
+            "description" : "${role_read-token}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "88694c91-753d-4c44-9740-ec9ac06bba45",
+            "attributes" : { }
+          } ],
+          "account" : [ {
+            "id" : "acd78c04-eefc-4344-a5b4-3fc83d848936",
+            "name" : "delete-account",
+            "description" : "${role_delete-account}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "939be844-8c49-45b3-9ca1-4b10a454b346",
+            "name" : "view-profile",
+            "description" : "${role_view-profile}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "e52fdf00-3e73-4c17-bc1c-643493710a6b",
+            "name" : "view-applications",
+            "description" : "${role_view-applications}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "b02a822e-a708-420a-bddc-1a315033fd7c",
+            "name" : "view-consent",
+            "description" : "${role_view-consent}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "c590e5f5-2cbf-4151-b1dc-96c454f1f654",
+            "name" : "view-groups",
+            "description" : "${role_view-groups}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "15974151-6c13-426b-8cc3-7683dd1311e1",
+            "name" : "manage-account-links",
+            "description" : "${role_manage-account-links}",
+            "composite" : false,
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "c12d8d94-c2df-498e-bbe4-2f934a83ae92",
+            "name" : "manage-consent",
+            "description" : "${role_manage-consent}",
+            "composite" : true,
+            "composites" : {
+              "client" : {
+                "account" : [ "view-consent" ]
+              }
+            },
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          }, {
+            "id" : "55f85811-bded-4d6b-8f7b-45844b963875",
+            "name" : "manage-account",
+            "description" : "${role_manage-account}",
+            "composite" : true,
+            "composites" : {
+              "client" : {
+                "account" : [ "manage-account-links" ]
+              }
+            },
+            "clientRole" : true,
+            "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+            "attributes" : { }
+          } ]
+        }
+      },
+      "groups" : [ {
+        "id" : "f2ce17fe-7b15-47a4-bbf8-86f415298fa9",
+        "name" : "data-stewards",
+        "path" : "/data-stewards",
+        "attributes" : { },
+        "realmRoles" : [ "default-data-steward-roles" ],
+        "clientRoles" : { },
+        "subGroups" : [ ]
+      }, {
+        "id" : "124d9888-0b6e-46aa-8225-077dcedaf16e",
+        "name" : "developers",
+        "path" : "/developers",
+        "attributes" : { },
+        "realmRoles" : [ "default-developer-roles" ],
+        "clientRoles" : { },
+        "subGroups" : [ ]
+      }, {
+        "id" : "f467c38e-9041-4faa-ae0b-39cec65ff4db",
+        "name" : "researchers",
+        "path" : "/researchers",
+        "attributes" : { },
+        "realmRoles" : [ "default-researcher-roles" ],
+        "clientRoles" : { },
+        "subGroups" : [ ]
+      } ],
+      "defaultRole" : {
+        "id" : "abd2d9ee-ebc4-4d0a-839e-6b588a6d442a",
+        "name" : "default-roles-dbrepo",
+        "description" : "${role_default-roles}",
+        "composite" : false,
+        "clientRole" : false,
+        "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0"
+      },
+      "defaultGroups" : [ "/researchers" ],
+      "requiredCredentials" : [ "password" ],
+      "otpPolicyType" : "totp",
+      "otpPolicyAlgorithm" : "HmacSHA1",
+      "otpPolicyInitialCounter" : 0,
+      "otpPolicyDigits" : 6,
+      "otpPolicyLookAheadWindow" : 1,
+      "otpPolicyPeriod" : 30,
+      "otpPolicyCodeReusable" : false,
+      "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName", "totpAppGoogleName", "totpAppFreeOTPName" ],
+      "webAuthnPolicyRpEntityName" : "keycloak",
+      "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+      "webAuthnPolicyRpId" : "",
+      "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+      "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+      "webAuthnPolicyRequireResidentKey" : "not specified",
+      "webAuthnPolicyUserVerificationRequirement" : "not specified",
+      "webAuthnPolicyCreateTimeout" : 0,
+      "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+      "webAuthnPolicyAcceptableAaguids" : [ ],
+      "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+      "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+      "webAuthnPolicyPasswordlessRpId" : "",
+      "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+      "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+      "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+      "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+      "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+      "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+      "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+      "clientScopeMappings" : {
+        "account" : [ {
+          "client" : "account-console",
+          "roles" : [ "manage-account", "view-groups" ]
+        } ]
+      },
+      "clients" : [ {
+        "id" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+        "clientId" : "account",
+        "name" : "${client_account}",
+        "rootUrl" : "${authBaseUrl}",
+        "baseUrl" : "/realms/dbrepo/account/",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "redirectUris" : [ "/realms/dbrepo/account/*" ],
+        "webOrigins" : [ ],
+        "notBefore" : 0,
+        "bearerOnly" : false,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : false,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : true,
+        "frontchannelLogout" : false,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "post.logout.redirect.uris" : "+"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : 0,
+        "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+      }, {
+        "id" : "d3c4a04e-39ce-4549-a34a-11e25774cd96",
+        "clientId" : "account-console",
+        "name" : "${client_account-console}",
+        "rootUrl" : "${authBaseUrl}",
+        "baseUrl" : "/realms/dbrepo/account/",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "redirectUris" : [ "/realms/dbrepo/account/*" ],
+        "webOrigins" : [ ],
+        "notBefore" : 0,
+        "bearerOnly" : false,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : false,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : true,
+        "frontchannelLogout" : false,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "post.logout.redirect.uris" : "+",
+          "pkce.code.challenge.method" : "S256"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : 0,
+        "protocolMappers" : [ {
+          "id" : "22d90d9c-9881-474c-8dfd-a62c808a9f1c",
+          "name" : "audience resolve",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-audience-resolve-mapper",
+          "consentRequired" : false,
+          "config" : { }
+        } ],
+        "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+      }, {
+        "id" : "81ef0f59-a5ca-4be4-a1d1-0c32edf1cfd6",
+        "clientId" : "admin-cli",
+        "name" : "${client_admin-cli}",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "redirectUris" : [ ],
+        "webOrigins" : [ ],
+        "notBefore" : 0,
+        "bearerOnly" : false,
+        "consentRequired" : false,
+        "standardFlowEnabled" : false,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : true,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : true,
+        "frontchannelLogout" : false,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "post.logout.redirect.uris" : "+"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : 0,
+        "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+      }, {
+        "id" : "88694c91-753d-4c44-9740-ec9ac06bba45",
+        "clientId" : "broker",
+        "name" : "${client_broker}",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "redirectUris" : [ ],
+        "webOrigins" : [ ],
+        "notBefore" : 0,
+        "bearerOnly" : true,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : false,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : false,
+        "frontchannelLogout" : false,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "post.logout.redirect.uris" : "+"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : 0,
+        "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+      }, {
+        "id" : "6b7ef364-4132-4831-b4e2-b6e9e9dc63ee",
+        "clientId" : "dbrepo-client",
+        "name" : "${dbrepo-client}",
+        "description" : "",
+        "rootUrl" : "",
+        "adminUrl" : "",
+        "baseUrl" : "",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : true,
+        "clientAuthenticatorType" : "client-secret",
+        "secret" : "MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG",
+        "redirectUris" : [ "*" ],
+        "webOrigins" : [ "*" ],
+        "notBefore" : 0,
+        "bearerOnly" : false,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : true,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : false,
+        "frontchannelLogout" : true,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "oidc.ciba.grant.enabled" : "false",
+          "client.secret.creation.time" : "1680085365",
+          "backchannel.logout.session.required" : "true",
+          "post.logout.redirect.uris" : "*",
+          "oauth2.device.authorization.grant.enabled" : "false",
+          "backchannel.logout.revoke.offline.tokens" : "false"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : true,
+        "nodeReRegistrationTimeout" : -1,
+        "protocolMappers" : [ {
+          "id" : "6a8cae99-294f-4fc2-9561-5a52f3f6a1ba",
+          "name" : "Audience",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-hardcoded-claim-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "claim.value" : "spring",
+            "userinfo.token.claim" : "false",
+            "id.token.claim" : "false",
+            "access.token.claim" : "true",
+            "claim.name" : "aud",
+            "access.tokenResponse.claim" : "false"
+          }
+        }, {
+          "id" : "8ae79e43-b2b7-4bb9-a420-b498690dd8c3",
+          "name" : "given name",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "false",
+            "user.attribute" : "firstName",
+            "id.token.claim" : "false",
+            "access.token.claim" : "true",
+            "claim.name" : "user.firstname",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "ef081a47-f023-4056-958c-4194d3878d8c",
+          "name" : "username",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "false",
+            "user.attribute" : "username",
+            "id.token.claim" : "false",
+            "access.token.claim" : "true",
+            "claim.name" : "client_id",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "99e3b48b-86ff-4e5b-8652-fcd2738b0ad1",
+          "name" : "family name",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "lastName",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "user.lastname",
+            "jsonType.label" : "String"
+          }
+        } ],
+        "defaultClientScopes" : [ "roles", "attributes" ],
+        "optionalClientScopes" : [ "rabbitmq.read:*/*", "web-origins", "acr", "rabbitmq.write:*/*", "address", "phone", "offline_access", "profile", "microprofile-jwt", "email", "rabbitmq.configure:*/*" ]
+      }, {
+        "id" : "25741f6b-4867-4138-8238-6345c6ba8702",
+        "clientId" : "rabbitmq-client",
+        "name" : "${rabbitmq-client}",
+        "description" : "",
+        "rootUrl" : "",
+        "adminUrl" : "",
+        "baseUrl" : "",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "secret" : "JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u",
+        "redirectUris" : [ "*" ],
+        "webOrigins" : [ ],
+        "notBefore" : 0,
+        "bearerOnly" : false,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : true,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : false,
+        "frontchannelLogout" : true,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "oidc.ciba.grant.enabled" : "false",
+          "client.secret.creation.time" : "1680000860",
+          "backchannel.logout.session.required" : "true",
+          "post.logout.redirect.uris" : "*",
+          "oauth2.device.authorization.grant.enabled" : "false",
+          "backchannel.logout.revoke.offline.tokens" : "false"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : -1,
+        "protocolMappers" : [ {
+          "id" : "01a937ed-f0e8-4137-80f3-3be3c447f7fb",
+          "name" : "username",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "false",
+            "user.attribute" : "username",
+            "id.token.claim" : "false",
+            "access.token.claim" : "true",
+            "claim.name" : "client_id",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "f1afc22d-f595-403b-ba2e-6ab19d98205e",
+          "name" : "Audience",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-hardcoded-claim-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "claim.value" : "rabbitmq",
+            "userinfo.token.claim" : "false",
+            "id.token.claim" : "false",
+            "access.token.claim" : "true",
+            "claim.name" : "aud",
+            "access.tokenResponse.claim" : "false"
+          }
+        } ],
+        "defaultClientScopes" : [ "rabbitmq.read:*/*", "web-origins", "acr", "rabbitmq.write:*/*", "rabbitmq.configure:*/*" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "profile", "roles", "microprofile-jwt", "email" ]
+      }, {
+        "id" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+        "clientId" : "realm-management",
+        "name" : "${client_realm-management}",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "redirectUris" : [ ],
+        "webOrigins" : [ ],
+        "notBefore" : 0,
+        "bearerOnly" : true,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : false,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : false,
+        "frontchannelLogout" : false,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "post.logout.redirect.uris" : "+"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : 0,
+        "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+      }, {
+        "id" : "f205c451-9524-4380-acc3-947f7ecb6b7c",
+        "clientId" : "security-admin-console",
+        "name" : "${client_security-admin-console}",
+        "rootUrl" : "${authAdminUrl}",
+        "baseUrl" : "/admin/dbrepo/console/",
+        "surrogateAuthRequired" : false,
+        "enabled" : true,
+        "alwaysDisplayInConsole" : false,
+        "clientAuthenticatorType" : "client-secret",
+        "redirectUris" : [ "/admin/dbrepo/console/*" ],
+        "webOrigins" : [ "+" ],
+        "notBefore" : 0,
+        "bearerOnly" : false,
+        "consentRequired" : false,
+        "standardFlowEnabled" : true,
+        "implicitFlowEnabled" : false,
+        "directAccessGrantsEnabled" : false,
+        "serviceAccountsEnabled" : false,
+        "publicClient" : true,
+        "frontchannelLogout" : false,
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "post.logout.redirect.uris" : "+",
+          "pkce.code.challenge.method" : "S256"
+        },
+        "authenticationFlowBindingOverrides" : { },
+        "fullScopeAllowed" : false,
+        "nodeReRegistrationTimeout" : 0,
+        "protocolMappers" : [ {
+          "id" : "c4d54410-3f22-4259-9571-94da2c43b752",
+          "name" : "locale",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "locale",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "locale",
+            "jsonType.label" : "String"
+          }
+        } ],
+        "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+        "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+      } ],
+      "clientScopes" : [ {
+        "id" : "7f6e9b44-e2eb-417d-b0fe-db820c9a6564",
+        "name" : "email",
+        "description" : "OpenID Connect built-in scope: email",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "true",
+          "consent.screen.text" : "${emailScopeConsentText}"
+        },
+        "protocolMappers" : [ {
+          "id" : "782819fe-ba5d-4ddb-9f95-cabb69d79c8d",
+          "name" : "email verified",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "emailVerified",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "email_verified",
+            "jsonType.label" : "boolean"
+          }
+        }, {
+          "id" : "ca613fc8-bbf2-4240-8b33-a1874f1559f3",
+          "name" : "email",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "email",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "email",
+            "jsonType.label" : "String"
+          }
+        } ]
+      }, {
+        "id" : "b9da268f-6745-49dc-a764-3c54e385accc",
+        "name" : "profile",
+        "description" : "OpenID Connect built-in scope: profile",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "true",
+          "consent.screen.text" : "${profileScopeConsentText}"
+        },
+        "protocolMappers" : [ {
+          "id" : "84f0487a-1d7d-470c-9b8e-5835294ae235",
+          "name" : "username",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "username",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "preferred_username",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "bbdcdb36-3ec0-443d-b1af-9993d40f0567",
+          "name" : "gender",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "gender",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "gender",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "9faa870b-5491-4ce9-b27d-c9ce07d6a95e",
+          "name" : "birthdate",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "birthdate",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "birthdate",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "f0e3c012-9523-4076-83ae-e466e2d08220",
+          "name" : "full name",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-full-name-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "userinfo.token.claim" : "true"
+          }
+        }, {
+          "id" : "f757d8ec-e181-429c-9287-9ad0600b061f",
+          "name" : "profile",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "profile",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "profile",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "18cfbf4b-0a8e-45c7-a832-c0f72c92f3f3",
+          "name" : "updated at",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "updatedAt",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "updated_at",
+            "jsonType.label" : "long"
+          }
+        }, {
+          "id" : "841ea785-26ab-429a-a420-09ce3948924d",
+          "name" : "family name",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "lastName",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "family_name",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "bfba13ff-f952-4e89-bbb1-a693fdebfae8",
+          "name" : "website",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "website",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "website",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "475f071d-5149-4379-b928-76482f5f519c",
+          "name" : "zoneinfo",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "zoneinfo",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "zoneinfo",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "b8bebfed-b5e9-4604-a0ee-9817f7d439ac",
+          "name" : "middle name",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "middleName",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "middle_name",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "445232c8-6830-476c-a6f1-8bbef167595a",
+          "name" : "picture",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "picture",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "picture",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "65f2e474-6ede-4872-86e4-e49504dd0f2a",
+          "name" : "locale",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "locale",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "locale",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "16cd5a27-ccf3-453c-ae1e-8621813ab73c",
+          "name" : "given name",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "firstName",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "given_name",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "f9efedfc-3388-457c-b10a-1dff4525ff9b",
+          "name" : "nickname",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "nickname",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "nickname",
+            "jsonType.label" : "String"
+          }
+        } ]
+      }, {
+        "id" : "627fa054-08eb-4206-af71-9e838e984b8b",
+        "name" : "microprofile-jwt",
+        "description" : "Microprofile - JWT built-in scope",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "false"
+        },
+        "protocolMappers" : [ {
+          "id" : "e6cc53e5-5d7e-468e-88c8-0737dd3dc759",
+          "name" : "groups",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "multivalued" : "true",
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "foo",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "groups",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "83b4444c-10fc-44e8-a0c0-0c1da1f9bba3",
+          "name" : "upn",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-property-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "username",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "upn",
+            "jsonType.label" : "String"
+          }
+        } ]
+      }, {
+        "id" : "4122ff9e-ad3c-4142-afc6-9aefdecfc86d",
+        "name" : "role_list",
+        "description" : "SAML role list",
+        "protocol" : "saml",
+        "attributes" : {
+          "consent.screen.text" : "${samlRoleListScopeConsentText}",
+          "display.on.consent.screen" : "true"
+        },
+        "protocolMappers" : [ {
+          "id" : "bb0747fa-c008-4af3-93be-e7739650ebd5",
+          "name" : "role list",
+          "protocol" : "saml",
+          "protocolMapper" : "saml-role-list-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "single" : "false",
+            "attribute.nameformat" : "Basic",
+            "attribute.name" : "Role"
+          }
+        } ]
+      }, {
+        "id" : "2e76447d-fbe7-4fa7-a16c-54a381b960ae",
+        "name" : "rabbitmq.configure:*/*",
+        "description" : "",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "false",
+          "gui.order" : "",
+          "consent.screen.text" : ""
+        }
+      }, {
+        "id" : "52aad832-c6c4-49df-8a04-6ad4a406fdfa",
+        "name" : "phone",
+        "description" : "OpenID Connect built-in scope: phone",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "true",
+          "consent.screen.text" : "${phoneScopeConsentText}"
+        },
+        "protocolMappers" : [ {
+          "id" : "dae802fb-9138-408a-b80e-a40eb0f56814",
+          "name" : "phone number",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "phoneNumber",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "phone_number",
+            "jsonType.label" : "String"
+          }
+        }, {
+          "id" : "feb06a8d-b0eb-4911-8464-368d93f566fa",
+          "name" : "phone number verified",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "phoneNumberVerified",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "phone_number_verified",
+            "jsonType.label" : "boolean"
+          }
+        } ]
+      }, {
+        "id" : "f64d64e8-57ce-4eb2-b99e-9f02fdbd99f9",
+        "name" : "web-origins",
+        "description" : "OpenID Connect scope for add allowed web origins to the access token",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "false",
+          "display.on.consent.screen" : "false",
+          "consent.screen.text" : ""
+        },
+        "protocolMappers" : [ {
+          "id" : "c6411e3b-6478-453d-b530-5fe175a4d786",
+          "name" : "allowed web origins",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-allowed-origins-mapper",
+          "consentRequired" : false,
+          "config" : { }
+        } ]
+      }, {
+        "id" : "55341d34-0086-4173-ae61-d9b175b179d8",
+        "name" : "acr",
+        "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "false",
+          "display.on.consent.screen" : "false"
+        },
+        "protocolMappers" : [ {
+          "id" : "58ea3217-0fff-4207-9d08-919f5493b629",
+          "name" : "acr loa level",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-acr-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "userinfo.token.claim" : "true"
+          }
+        } ]
+      }, {
+        "id" : "a02c2c38-923c-46ec-9899-321412b388e5",
+        "name" : "attributes",
+        "description" : "User Attributes",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "false",
+          "display.on.consent.screen" : "false",
+          "gui.order" : "",
+          "consent.screen.text" : ""
+        },
+        "protocolMappers" : [ {
+          "id" : "78c461c1-f3f9-4d10-8835-097f13bdcd60",
+          "name" : "Theme",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-attribute-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "aggregate.attrs" : "false",
+            "multivalued" : "false",
+            "userinfo.token.claim" : "true",
+            "user.attribute" : "theme_dark",
+            "id.token.claim" : "true",
+            "access.token.claim" : "true",
+            "claim.name" : "attributes.theme_dark"
+          }
+        } ]
+      }, {
+        "id" : "06062e22-89c0-4e1d-a25b-2483903b02d5",
+        "name" : "rabbitmq.write:*/*",
+        "description" : "",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "false",
+          "gui.order" : "",
+          "consent.screen.text" : ""
+        }
+      }, {
+        "id" : "210cc792-6c07-45a6-a77e-827cdf3b41ba",
+        "name" : "offline_access",
+        "description" : "OpenID Connect built-in scope: offline_access",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "consent.screen.text" : "${offlineAccessScopeConsentText}",
+          "display.on.consent.screen" : "true"
+        }
+      }, {
+        "id" : "425abf4a-2ee2-431d-aa92-e373a36fe556",
+        "name" : "address",
+        "description" : "OpenID Connect built-in scope: address",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "true",
+          "consent.screen.text" : "${addressScopeConsentText}"
+        },
+        "protocolMappers" : [ {
+          "id" : "8d4ffe4d-1d01-4ca1-8ff4-44eacca61b30",
+          "name" : "address",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-address-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "user.attribute.formatted" : "formatted",
+            "user.attribute.country" : "country",
+            "user.attribute.postal_code" : "postal_code",
+            "userinfo.token.claim" : "true",
+            "user.attribute.street" : "street",
+            "id.token.claim" : "true",
+            "user.attribute.region" : "region",
+            "access.token.claim" : "true",
+            "user.attribute.locality" : "locality"
+          }
+        } ]
+      }, {
+        "id" : "c96f0b73-ea79-4b46-93ef-d1092297f855",
+        "name" : "rabbitmq.read:*/*",
+        "description" : "",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "true",
+          "display.on.consent.screen" : "false",
+          "gui.order" : "",
+          "consent.screen.text" : ""
+        }
+      }, {
+        "id" : "37f61543-dad7-4a82-8e10-77acdd1eefdc",
+        "name" : "roles",
+        "description" : "OpenID Connect scope for add user roles to the access token",
+        "protocol" : "openid-connect",
+        "attributes" : {
+          "include.in.token.scope" : "false",
+          "display.on.consent.screen" : "true",
+          "consent.screen.text" : "${rolesScopeConsentText}"
+        },
+        "protocolMappers" : [ {
+          "id" : "3b6b6914-8ad1-4a71-88ec-444f754aaacb",
+          "name" : "audience resolve",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-audience-resolve-mapper",
+          "consentRequired" : false,
+          "config" : { }
+        }, {
+          "id" : "2defedf5-9af3-4531-822c-a879dedcd29d",
+          "name" : "realm roles",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "user.attribute" : "foo",
+            "access.token.claim" : "true",
+            "claim.name" : "realm_access.roles",
+            "jsonType.label" : "String",
+            "multivalued" : "true"
+          }
+        }, {
+          "id" : "a7bd6723-e58e-47f7-95c0-2925ce99283d",
+          "name" : "client roles",
+          "protocol" : "openid-connect",
+          "protocolMapper" : "oidc-usermodel-client-role-mapper",
+          "consentRequired" : false,
+          "config" : {
+            "user.attribute" : "foo",
+            "access.token.claim" : "true",
+            "claim.name" : "resource_access.${client_id}.roles",
+            "jsonType.label" : "String",
+            "multivalued" : "true"
+          }
+        } ]
+      } ],
+      "defaultDefaultClientScopes" : [ ],
+      "defaultOptionalClientScopes" : [ "rabbitmq.write:*/*", "offline_access", "rabbitmq.configure:*/*", "roles", "role_list", "address", "phone", "acr", "microprofile-jwt", "email", "attributes", "profile", "rabbitmq.read:*/*", "web-origins" ],
+      "browserSecurityHeaders" : {
+        "contentSecurityPolicyReportOnly" : "",
+        "xContentTypeOptions" : "nosniff",
+        "xRobotsTag" : "none",
+        "xFrameOptions" : "SAMEORIGIN",
+        "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+        "xXSSProtection" : "1; mode=block",
+        "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+      },
+      "smtpServer" : { },
+      "eventsEnabled" : false,
+      "eventsListeners" : [ "jboss-logging" ],
+      "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
+      "adminEventsEnabled" : false,
+      "adminEventsDetailsEnabled" : false,
+      "identityProviders" : [ ],
+      "identityProviderMappers" : [ ],
+      "components" : {
+        "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+          "id" : "4d3f9f14-f5d2-4b0c-8ea7-e6d078aa2191",
+          "name" : "Max Clients Limit",
+          "providerId" : "max-clients",
+          "subType" : "anonymous",
+          "subComponents" : { },
+          "config" : {
+            "max-clients" : [ "200" ]
+          }
+        }, {
+          "id" : "f35bce67-1e75-408b-b065-52183368d4fd",
+          "name" : "Allowed Client Scopes",
+          "providerId" : "allowed-client-templates",
+          "subType" : "anonymous",
+          "subComponents" : { },
+          "config" : {
+            "allow-default-scopes" : [ "true" ]
+          }
+        }, {
+          "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
+          "name" : "Trusted Hosts",
+          "providerId" : "trusted-hosts",
+          "subType" : "anonymous",
+          "subComponents" : { },
+          "config" : {
+            "host-sending-registration-request-must-match" : [ "true" ],
+            "client-uris-must-match" : [ "true" ]
+          }
+        }, {
+          "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
+          "name" : "Full Scope Disabled",
+          "providerId" : "scope",
+          "subType" : "anonymous",
+          "subComponents" : { },
+          "config" : { }
+        }, {
+          "id" : "0efa669d-1017-4b4a-82e1-c2eaf72de2c9",
+          "name" : "Allowed Client Scopes",
+          "providerId" : "allowed-client-templates",
+          "subType" : "authenticated",
+          "subComponents" : { },
+          "config" : {
+            "allow-default-scopes" : [ "true" ]
+          }
+        }, {
+          "id" : "528fb423-d66e-472e-9120-1f03ba9e0f18",
+          "name" : "Consent Required",
+          "providerId" : "consent-required",
+          "subType" : "anonymous",
+          "subComponents" : { },
+          "config" : { }
+        }, {
+          "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
+          "name" : "Allowed Protocol Mapper Types",
+          "providerId" : "allowed-protocol-mappers",
+          "subType" : "authenticated",
+          "subComponents" : { },
+          "config" : {
+            "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ]
+          }
+        }, {
+          "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
+          "name" : "Allowed Protocol Mapper Types",
+          "providerId" : "allowed-protocol-mappers",
+          "subType" : "anonymous",
+          "subComponents" : { },
+          "config" : {
+            "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper" ]
+          }
+        } ],
+        "org.keycloak.keys.KeyProvider" : [ {
+          "id" : "28ca0b6d-b2e2-4785-b04b-2391e6344e30",
+          "name" : "aes-generated",
+          "providerId" : "aes-generated",
+          "subComponents" : { },
+          "config" : {
+            "kid" : [ "6dc4834f-a1de-4cfe-a29d-e84ac8e9b1a8" ],
+            "secret" : [ "HpuzG_jWYKwypLeoPEMC4A" ],
+            "priority" : [ "100" ]
+          }
+        }, {
+          "id" : "bd7945cf-6d35-4e03-9c3a-197f2dc76973",
+          "name" : "hmac-generated",
+          "providerId" : "hmac-generated",
+          "subComponents" : { },
+          "config" : {
+            "kid" : [ "c8500166-5cc4-4085-ad0f-853c3b0b0233" ],
+            "secret" : [ "TI3xg__G2Qy8C47DracpYir2X4ItQZSrhgr5KSlwRNISDbBqZ-ky3OcAyokSXMcpweSOaCPvbivpvzJNklUBvw" ],
+            "priority" : [ "100" ],
+            "algorithm" : [ "HS256" ]
+          }
+        }, {
+          "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
+          "name" : "rsa-enc-generated",
+          "providerId" : "rsa-enc-generated",
+          "subComponents" : { },
+          "config" : {
+            "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
+            "keyUse" : [ "ENC" ],
+            "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
+            "priority" : [ "100" ],
+            "algorithm" : [ "RSA-OAEP" ]
+          }
+        }, {
+          "id" : "2293ff99-3c6d-46d1-8635-5e679d5b134a",
+          "name" : "rsa-generated",
+          "providerId" : "rsa-generated",
+          "subComponents" : { },
+          "config" : {
+            "privateKey" : [ "MIIEpAIBAAKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQABAoIBADNcMt6hAHub4JTAYS6Mra0EPRBO2XhWmACBrv3+8ETClXd5475KPLDewgRVtlmtbwU8G8awUXESQgPS9lfiqvQhPreA3cHlm6oP2WMKOEtakr2s8I+frsTBLCo0Ini9RaSzjoVVgS0zofyhASKi+T970MafSj5P3XNb8YBFdXgoYDiA7FXLH6a/+m7LScL+wGcFMAAeYESxZbMQLfH3v8L+4EcTraiwjLG17ZdlF3dpybMyUSse6ZQ/PdlyvBuzzLXhN6Ce2gd9ATfS+YWTzo7Yf+GU+ex5bIpVOfHqtuM/hyq7YGKENClsXwNZIAoFnvGCbvECAfgyapVrD30IfykCgYEA0rgsSZ82pxT40NxwgBD1g9lbNVBKXphRB/3S078qusUzJjT7AldEj4imGPhAbI7bI8gAeWJsp1XJWkjM8ktaVrh+NQl7p8e9OPh0pQF/5Bdg8ajbjXESpjnaU66pVYRQy/d+jNli/YRAHX5RUfsBl+6W4+WSVMGmKBiqJsur+ecCgYEAz1YVXClcmUnyZem5B+2E9noIzjF6ROE+jIb6rawM85P3Xd0lXtECQavtxw+Qk7I32qOwrxl1UpK2foVel3pazi+4OpMfmqtYGenRP1Zk1cZwrDo0cIemTDGjj3kJ8tYn12CGolFQpJZgK6OHzvG0tOxI5VZgjIViWNPe1PGWXtUCgYEAxXGNDe8BZs1f11S2lUlOw5yGug3hoYFXbAWJ5p7Ziuf8ZXB/QlJDC7se54a11wKEk6Jzz0lKRgE8CjzszJuOqnN0zn10QGIIC7nCklo1W6QMUmPGVWH994N976tZP6gbjQL6sT+AYcvpx7j0ubxYYeRNvnz+ACzzY964kGGHY0ECgYEAumlwPPNnMN7+VEjGNm2D7UMdJZ3wi3tkjF5ThdA5uMohTsAk+FG80KSu3RmOaGyEsUwY7+VYyYvlDm4E9PZqLBVVczyR3rMNPAcwPd0EPfvzk7WlLkOX7ct3fehaXH3VRlyfz9KCSeh1wOZ/lT1VtpD2nVOC7PSDzs92+kfXZZ0CgYAnrD1y4skgXkdwolZ3unn3EFyGm2d+X5aMTHwQPdWxqoNIAl/9wdghlzihwnPhhsxq1WzlxuC3V2IMrNPtRx70Mi+FbSmR5m4Xx5RptgMtMlwno+L40PzNJgMjHGjt0wcx3Vel8wuohDtnqMyS7P5nG1/TQx0Cyzwn7QOXlNpgbQ==" ],
+            "keyUse" : [ "SIG" ],
+            "certificate" : [ "MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=" ],
+            "priority" : [ "100" ]
+          }
+        } ]
+      },
+      "internationalizationEnabled" : false,
+      "supportedLocales" : [ ],
+      "authenticationFlows" : [ {
+        "id" : "b8378805-a082-46a0-9e28-a1e5d4db7e41",
+        "alias" : "Account verification options",
+        "description" : "Method with which to verity the existing account",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "idp-email-verification",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Verify Existing Account by Re-authentication",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "2652bbd9-bd49-465c-8595-690099333bf7",
+        "alias" : "Authentication Options",
+        "description" : "Authentication options.",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "basic-auth",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "basic-auth-otp",
+          "authenticatorFlow" : false,
+          "requirement" : "DISABLED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "auth-spnego",
+          "authenticatorFlow" : false,
+          "requirement" : "DISABLED",
+          "priority" : 30,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "967c3248-c2e9-45a9-b770-b02e965b958a",
+        "alias" : "Browser - Conditional OTP",
+        "description" : "Flow to determine if the OTP is required for the authentication",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "conditional-user-configured",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "auth-otp-form",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "f78ad348-c3e1-476e-a916-fce0c383376a",
+        "alias" : "Direct Grant - Conditional OTP",
+        "description" : "Flow to determine if the OTP is required for the authentication",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "conditional-user-configured",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "direct-grant-validate-otp",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "788cf02b-5744-4ea6-940a-96bc762da4bd",
+        "alias" : "First broker login - Conditional OTP",
+        "description" : "Flow to determine if the OTP is required for the authentication",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "conditional-user-configured",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "auth-otp-form",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "273e61b7-9cc3-464e-a7b8-27c71aca4014",
+        "alias" : "Handle Existing Account",
+        "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "idp-confirm-link",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Account verification options",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "00f41bfc-8513-466d-8c6a-366b7f2f36ca",
+        "alias" : "Reset - Conditional OTP",
+        "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "conditional-user-configured",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "reset-otp",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "980ebf01-fe0a-4cfa-880e-dd86ce8e190e",
+        "alias" : "User creation or linking",
+        "description" : "Flow for the existing/non-existing user alternatives",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticatorConfig" : "create unique user config",
+          "authenticator" : "idp-create-user-if-unique",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Handle Existing Account",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "5e6a7a10-4be8-4038-8fc5-0588b452328d",
+        "alias" : "Verify Existing Account by Re-authentication",
+        "description" : "Reauthentication of existing account",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "idp-username-password-form",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "CONDITIONAL",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "First broker login - Conditional OTP",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "024e07f8-f975-41ef-b755-d2b089b5567c",
+        "alias" : "browser",
+        "description" : "browser based authentication",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "auth-cookie",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "auth-spnego",
+          "authenticatorFlow" : false,
+          "requirement" : "DISABLED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "identity-provider-redirector",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 25,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 30,
+          "autheticatorFlow" : true,
+          "flowAlias" : "forms",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "324da9be-755e-4556-a1d3-58569b9df47c",
+        "alias" : "clients",
+        "description" : "Base authentication for clients",
+        "providerId" : "client-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "client-secret",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "client-jwt",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "client-secret-jwt",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 30,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "client-x509",
+          "authenticatorFlow" : false,
+          "requirement" : "ALTERNATIVE",
+          "priority" : 40,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "bced47d4-5d04-4bb9-8605-94041185c0f3",
+        "alias" : "direct grant",
+        "description" : "OpenID Connect Resource Owner Grant",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "direct-grant-validate-username",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "direct-grant-validate-password",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "CONDITIONAL",
+          "priority" : 30,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Direct Grant - Conditional OTP",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "6b301d9d-68c0-44c3-9a57-92669d08b2f3",
+        "alias" : "docker auth",
+        "description" : "Used by Docker clients to authenticate against the IDP",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "docker-http-basic-authenticator",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "9c9ddfeb-37a2-4186-a58f-cf90dca8e191",
+        "alias" : "first broker login",
+        "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticatorConfig" : "review profile config",
+          "authenticator" : "idp-review-profile",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "User creation or linking",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "a9ef5094-93bf-49fc-9d0f-dcfc551cac5a",
+        "alias" : "forms",
+        "description" : "Username, password, otp and other auth forms.",
+        "providerId" : "basic-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "auth-username-password-form",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "CONDITIONAL",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Browser - Conditional OTP",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "fae6e2e4-a071-458b-ac03-41dda3456f5a",
+        "alias" : "http challenge",
+        "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "no-cookie-redirect",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Authentication Options",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "ae5bcac5-8867-42e1-887f-fc67418b0c4b",
+        "alias" : "registration",
+        "description" : "registration flow",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "registration-page-form",
+          "authenticatorFlow" : true,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : true,
+          "flowAlias" : "registration form",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "72524b5d-1cfc-41b0-b29b-6f6890d2dc7f",
+        "alias" : "registration form",
+        "description" : "registration form",
+        "providerId" : "form-flow",
+        "topLevel" : false,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "registration-user-creation",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "registration-profile-action",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 40,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "registration-password-action",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 50,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "registration-recaptcha-action",
+          "authenticatorFlow" : false,
+          "requirement" : "DISABLED",
+          "priority" : 60,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "834c96b8-790d-4869-8c66-d42cd35e4873",
+        "alias" : "reset credentials",
+        "description" : "Reset credentials for a user if they forgot their password or something",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "reset-credentials-choose-user",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "reset-credential-email",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 20,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticator" : "reset-password",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 30,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        }, {
+          "authenticatorFlow" : true,
+          "requirement" : "CONDITIONAL",
+          "priority" : 40,
+          "autheticatorFlow" : true,
+          "flowAlias" : "Reset - Conditional OTP",
+          "userSetupAllowed" : false
+        } ]
+      }, {
+        "id" : "7f131501-e3ff-48f2-98e6-e34e4c5d6f9e",
+        "alias" : "saml ecp",
+        "description" : "SAML ECP Profile Authentication Flow",
+        "providerId" : "basic-flow",
+        "topLevel" : true,
+        "builtIn" : true,
+        "authenticationExecutions" : [ {
+          "authenticator" : "http-basic-authenticator",
+          "authenticatorFlow" : false,
+          "requirement" : "REQUIRED",
+          "priority" : 10,
+          "autheticatorFlow" : false,
+          "userSetupAllowed" : false
+        } ]
+      } ],
+      "authenticatorConfig" : [ {
+        "id" : "638341f1-94ba-4042-a3ee-41a0f41718f6",
+        "alias" : "create unique user config",
+        "config" : {
+          "require.password.update.after.registration" : "false"
+        }
+      }, {
+        "id" : "3c355b8c-8a51-4346-88f2-1ff81856b55c",
+        "alias" : "review profile config",
+        "config" : {
+          "update.profile.on.first.login" : "missing"
+        }
+      } ],
+      "requiredActions" : [ {
+        "alias" : "CONFIGURE_TOTP",
+        "name" : "Configure OTP",
+        "providerId" : "CONFIGURE_TOTP",
+        "enabled" : true,
+        "defaultAction" : false,
+        "priority" : 10,
+        "config" : { }
+      }, {
+        "alias" : "TERMS_AND_CONDITIONS",
+        "name" : "Terms and Conditions",
+        "providerId" : "TERMS_AND_CONDITIONS",
+        "enabled" : false,
+        "defaultAction" : false,
+        "priority" : 20,
+        "config" : { }
+      }, {
+        "alias" : "UPDATE_PASSWORD",
+        "name" : "Update Password",
+        "providerId" : "UPDATE_PASSWORD",
+        "enabled" : false,
+        "defaultAction" : false,
+        "priority" : 30,
+        "config" : { }
+      }, {
+        "alias" : "UPDATE_PROFILE",
+        "name" : "Update Profile",
+        "providerId" : "UPDATE_PROFILE",
+        "enabled" : true,
+        "defaultAction" : false,
+        "priority" : 40,
+        "config" : { }
+      }, {
+        "alias" : "VERIFY_EMAIL",
+        "name" : "Verify Email",
+        "providerId" : "VERIFY_EMAIL",
+        "enabled" : false,
+        "defaultAction" : false,
+        "priority" : 50,
+        "config" : { }
+      }, {
+        "alias" : "delete_account",
+        "name" : "Delete Account",
+        "providerId" : "delete_account",
+        "enabled" : false,
+        "defaultAction" : false,
+        "priority" : 60,
+        "config" : { }
+      }, {
+        "alias" : "webauthn-register",
+        "name" : "Webauthn Register",
+        "providerId" : "webauthn-register",
+        "enabled" : true,
+        "defaultAction" : false,
+        "priority" : 70,
+        "config" : { }
+      }, {
+        "alias" : "webauthn-register-passwordless",
+        "name" : "Webauthn Register Passwordless",
+        "providerId" : "webauthn-register-passwordless",
+        "enabled" : true,
+        "defaultAction" : false,
+        "priority" : 80,
+        "config" : { }
+      }, {
+        "alias" : "update_user_locale",
+        "name" : "Update User Locale",
+        "providerId" : "update_user_locale",
+        "enabled" : true,
+        "defaultAction" : false,
+        "priority" : 1000,
+        "config" : { }
+      } ],
+      "browserFlow" : "browser",
+      "registrationFlow" : "registration",
+      "directGrantFlow" : "direct grant",
+      "resetCredentialsFlow" : "reset credentials",
+      "clientAuthenticationFlow" : "clients",
+      "dockerAuthenticationFlow" : "docker auth",
+      "attributes" : {
+        "cibaBackchannelTokenDeliveryMode" : "poll",
+        "cibaAuthRequestedUserHint" : "login_hint",
+        "clientOfflineSessionMaxLifespan" : "0",
+        "oauth2DevicePollingInterval" : "5",
+        "clientSessionIdleTimeout" : "0",
+        "actionTokenGeneratedByUserLifespan-execute-actions" : "",
+        "actionTokenGeneratedByUserLifespan-verify-email" : "",
+        "clientOfflineSessionIdleTimeout" : "0",
+        "actionTokenGeneratedByUserLifespan-reset-credentials" : "",
+        "cibaInterval" : "5",
+        "realmReusableOtpCode" : "false",
+        "cibaExpiresIn" : "120",
+        "oauth2DeviceCodeLifespan" : "600",
+        "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
+        "parRequestUriLifespan" : "60",
+        "clientSessionMaxLifespan" : "0",
+        "shortVerificationUri" : ""
+      },
+      "keycloakVersion" : "21.0.2",
+      "userManagedAccessAllowed" : false,
+      "clientProfiles" : {
+        "profiles" : [ ]
+      },
+      "clientPolicies" : {
+        "policies" : [ ]
+      }
+    }
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/auth-service/env-configmap.yaml b/helm-charts/dbrepo/templates/auth-service/env-configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9de9a96419b24e91e219f5f131b14f610135a823
--- /dev/null
+++ b/helm-charts/dbrepo/templates/auth-service/env-configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: auth-service-config
+  namespace: {{ $.Values.namespace }}
+data:
+  KC_HOSTNAME_PATH: "/api/auth"
+  KC_HOSTNAME_ADMIN_URL: "https://{{ .Values.hostname }}/api/auth"
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/auth-service/secret.yaml b/helm-charts/dbrepo/templates/auth-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c6cc5911d9418808623fdce9608181fcecbece2a
--- /dev/null
+++ b/helm-charts/dbrepo/templates/auth-service/secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: auth-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  db-host: "{{ index .Values "auth-db" "host" }}"
+  db-port: "{{ index .Values "auth-db" "port" }}"
+  db-name: "{{ index .Values "auth-db" "postgresql" "database" }}"
+  db-username: "{{ index .Values "auth-db" "postgresql" "username" }}"
+  db-password: "{{ index .Values "auth-db" "postgresql" "password" }}"
diff --git a/helm-charts/dbrepo/templates/broker-service/secret.yaml b/helm-charts/dbrepo/templates/broker-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c1d158e5cf021e696ba28df000bf5afaa74c1985
--- /dev/null
+++ b/helm-charts/dbrepo/templates/broker-service/secret.yaml
@@ -0,0 +1,87 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: broker-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  definitions.json: |
+    {
+      "bindings": [
+        {
+          "arguments": {},
+          "destination": "dbrepo",
+          "destination_type": "queue",
+          "routing_key": "dbrepo.#",
+          "source": "dbrepo",
+          "vhost": "dbrepo"
+        }
+      ],
+      "exchanges": [
+        {
+          "arguments": {},
+          "auto_delete": false,
+          "durable": true,
+          "name": "dbrepo",
+          "type": "topic",
+          "vhost": "dbrepo"
+        }
+      ],
+      "global_parameters": [],
+      "parameters": [],
+      "permissions": [
+        {
+          "configure": ".*",
+          "read": ".*",
+          "user": "broker",
+          "vhost": "dbrepo",
+          "write": ".*"
+        }
+      ],
+      "policies": [],
+      "queues": [
+        {
+          "arguments": {
+            "x-queue-type": "quorum",
+            "quorum_cluster_size": "2"
+          },
+          "auto_delete": false,
+          "durable": true,
+          "name": "dbrepo",
+          "type": "quorum",
+          "vhost": "dbrepo"
+        }
+      ],
+      "rabbit_version": "3.10.25",
+      "rabbitmq_version": "3.10.25",
+      "topic_permissions": [],
+      "users": [
+        {
+          "hashing_algorithm": "rabbit_password_hashing_sha256",
+          "limits": {},
+          "name": "broker",
+          "password_hash": "Sek6WxpX2L6UhxlwRkD0cnYAH5GbtTcCFq1yY/SCc1mAa0gB",
+          "tags": [
+            "administrator"
+          ]
+        }
+      ],
+      "vhosts": [
+        {
+          "limits": [],
+          "metadata": {
+            "description": "Default virtual host",
+            "tags": []
+          },
+          "name": "dbrepo"
+        }
+      ]
+    }
+  cert.pem: |
+    -----BEGIN CERTIFICATE-----
+    MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
+    -----END CERTIFICATE-----
+  pubkey.pem: |
+    -----BEGIN RSA PUBLIC KEY-----
+    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
+    -----END RSA PUBLIC KEY-----
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/data-db/pvc.yaml b/helm-charts/dbrepo/templates/data-db/pvc.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0e55aa4a0a1d9fa1f69706aadae269d985401bdd
--- /dev/null
+++ b/helm-charts/dbrepo/templates/data-db/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data-db-shared
+spec:
+  storageClassName: {{ index .Values "data-db" "persistence" "sharedStorageClass" }}
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/data-service/deployment.yaml b/helm-charts/dbrepo/templates/data-service/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..429a4ccf93de64908b065812b179a6c1169e3aac
--- /dev/null
+++ b/helm-charts/dbrepo/templates/data-service/deployment.yaml
@@ -0,0 +1,165 @@
+{{- if .Values.dataService.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: data-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: data-service
+    service: data-service
+spec:
+  replicas: {{ .Values.metadataService.replicaCount }}
+  strategy:
+    type: {{ $.Values.strategyType }}
+  selector:
+    matchLabels:
+      app: data-service
+      service: data-service
+  template:
+    metadata:
+      labels:
+        app: data-service
+        service: data-service
+    spec:
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - name: data-service
+          image: {{ printf "%s/%s:%s" .Values.dataService.image.registry .Values.dataService.image.repository .Values.dataService.image.tag }}
+          imagePullPolicy: {{ .Values.dataService.image.pullPolicy | default "IfNotPresent" }}
+          ports:
+            - containerPort: 9093
+              protocol: TCP
+          env:
+            - name: METADATA_DB
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: metadata-db
+            - name: METADATA_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: metadata-host
+            - name: METADATA_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: metadata-username
+            - name: METADATA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: metadata-password
+            - name: METADATA_JDBC_EXTRA_ARGS
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: metadata-jdbc-extra-args
+            - name: SEARCH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: search-username
+            - name: SEARCH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: search-password
+            - name: JWT_ISSUER
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: jwt-issuer
+            - name: JWT_PUBKEY
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: jwt-pubkey
+            - name: BROKER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: broker-username
+            - name: BROKER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: broker-password
+            - name: MIN_CONCURRENT_CONSUMERS
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key:  min-concurrent-consumers
+            - name: MAX_CONCURRENT_CONSUMERS
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key:  max-concurrent-consumers
+            - name: REQUEUE_REJECTED
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: requeue-rejected
+            - name: BROKER_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: broker-host
+            - name: BROKER_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: broker-port
+            - name: BROKER_VIRTUALHOST
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: broker-virtualhost
+            - name: QUEUE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: queue-name
+            - name: EXCHANGE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: exchange-name
+            - name: ROUTING_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: routing-key
+            - name: CONNECTION_TIMEOUT
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: connection-timeout
+            - name: LOG_LEVEL
+              valueFrom:
+                secretKeyRef:
+                  name: data-service-secret
+                  key: log-level
+          livenessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:9093/actuator/health/readiness | grep 'UP' || exit 1"
+            initialDelaySeconds: 120
+            periodSeconds: 30
+          readinessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:9093/actuator/health/liveness | grep 'UP' || exit 1"
+            initialDelaySeconds: 30
+            periodSeconds: 30
+          volumeMounts: []
+      volumes: []
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/data-service/secret.yaml b/helm-charts/dbrepo/templates/data-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..52fbb2e3a9f70ab51a89be64639e8eb3c79fac94
--- /dev/null
+++ b/helm-charts/dbrepo/templates/data-service/secret.yaml
@@ -0,0 +1,31 @@
+{{ $pidBase := printf "https://%s/pid/" .Values.hostname }}
+{{ $jwtIssuer := printf "https://%s/api/auth/realms/dbrepo" .Values.hostname }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: data-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  metadata-db: "{{ index .Values "metadata-db" "db" "name" }}"
+  metadata-host: "{{ index .Values "metadata-db" "host" }}"
+  metadata-username: "{{ index .Values "metadata-db" "rootUser" "user" }}"
+  metadata-password: "{{ index .Values "metadata-db" "rootUser" "password" }}"
+  metadata-jdbc-extra-args: "{{ index .Values "metadata-db" "jdbcExtraArgs" }}"
+  search-username: "{{ index .Values "search-db" "username" }}"
+  search-password: "{{ index .Values "search-db" "password" }}"
+  jwt-issuer: "{{ $jwtIssuer }}"
+  jwt-pubkey: "{{ .Values.dataService.jwt.pubkey }}"
+  broker-username: "{{ index .Values "broker-service" "auth" "username" }}"
+  broker-password: "{{ index .Values "broker-service" "auth" "password" }}"
+  min-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMin }}"
+  max-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMax }}"
+  requeue-rejected: "{{ .Values.dataService.requeueRejected }}"
+  log-level: "{{ ternary "debug" "info" .Values.dataService.image.debug }}"
+  broker-host: "{{ index .Values "broker-service" "host" }}"
+  broker-port: "{{ index .Values "broker-service" "port" }}"
+  broker-virtualhost: "{{ index .Values "broker-service" "virtualHost" }}"
+  queue-name: "{{ index .Values "broker-service" "queueName" }}"
+  exchange-name: "{{ index .Values "broker-service" "exchangeName" }}"
+  routing-key: "{{ index .Values "broker-service" "routingKey" }}"
+  connection-timeout: "{{ index .Values "broker-service" "connectionTimeout" }}"
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/data-service/service.yaml b/helm-charts/dbrepo/templates/data-service/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..71a1f8f46fb98282fb06ae320ba645425e76bcff
--- /dev/null
+++ b/helm-charts/dbrepo/templates/data-service/service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.dataService.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: data-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    service: data-service
+spec:
+  type: ClusterIP
+  ports:
+    - name: "data-service"
+      port: 80
+      targetPort: 9093
+      protocol: TCP
+  selector:
+    service: data-service
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/ingress.yaml b/helm-charts/dbrepo/templates/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..20eeb071fa6e47a331609c7d4dae9ca6a93039a0
--- /dev/null
+++ b/helm-charts/dbrepo/templates/ingress.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.data }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dbrepo-{{ .name }}
+  {{- with .annotations }}
+  annotations:
+      {{- toYaml . | nindent 4 }}
+  {{- end }}
+  namespace: {{ $.Values.namespace }}
+spec:
+  ingressClassName: nginx
+  {{- if .tls }}
+  tls:
+    {{- range .tls }}
+    - hosts:
+        - "{{ $.Values.hostname }}"
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+  {{- range .hosts }}
+  - host: "{{ $.Values.hostname }}"
+    http:
+      paths:
+      {{- range .paths }}
+      - path: {{ .path }}
+        pathType: {{ .pathType }}
+        backend:
+          service:
+            name: {{ .serviceName }}
+            port:
+              number: {{ .portNumber }}
+      {{- end}}
+  {{- end}}
+{{- end}}
+{{- end}}
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/metadata-db/configmap.yaml b/helm-charts/dbrepo/templates/metadata-db/configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f6cf02b518d6b514be5c17ab4cdadfdfdd8cd562
--- /dev/null
+++ b/helm-charts/dbrepo/templates/metadata-db/configmap.yaml
@@ -0,0 +1,562 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: metadata-db-setup
+  namespace: {{ $.Values.namespace }}
+data:
+  02-setup-container.sql: |
+    BEGIN;
+    INSERT INTO `mdb_containers` (name, internal_name, image_id, host, port, sidecar_host, sidecar_port, privileged_username, privileged_password)
+    VALUES ('MariaDB Galera 11.1.3', 'mariadb_11_1_3', 1, 'data-db', 3306, 'data-db', 3305, 'root', 'dbrepo');
+    INSERT INTO `mdb_banner_messages` (type, message)
+    VALUES ('INFO', 'You are currently working on our test environment. Any data upload to this system may be deleted.');
+    COMMIT;
+  01-setup-schema.sql: |
+    BEGIN;
+    CREATE TABLE IF NOT EXISTS `mdb_users`
+    (
+        id               character varying(36)  NOT NULL,
+        username         character varying(255) NOT NULL,
+        firstname        character varying(255),
+        lastname         character varying(255),
+        email            character varying(255) NOT NULL,
+        orcid            character varying(255),
+        affiliation      character varying(255),
+        mariadb_password character varying(255) NOT NULL,
+        theme_dark       boolean,
+        PRIMARY KEY (id),
+        UNIQUE (username),
+        UNIQUE (email)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_images`
+    (
+        id            bigint                 NOT NULL AUTO_INCREMENT,
+        name          character varying(255) NOT NULL,
+        version       character varying(255) NOT NULL,
+        default_port  integer                NOT NULL,
+        dialect       character varying(255) NOT NULL,
+        driver_class  character varying(255) NOT NULL,
+        jdbc_method   character varying(255) NOT NULL,
+        created       timestamp              NOT NULL DEFAULT NOW(),
+        last_modified timestamp,
+        PRIMARY KEY (id),
+        UNIQUE (name, version)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_images_date`
+    (
+        id              bigint                 NOT NULL AUTO_INCREMENT,
+        iid             bigint                 NOT NULL,
+        database_format character varying(255) NOT NULL,
+        unix_format     character varying(255) NOT NULL,
+        example         character varying(255) NOT NULL,
+        has_time        boolean                NOT NULL,
+        created_at      timestamp              NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (id),
+        FOREIGN KEY (iid) REFERENCES mdb_images (id),
+        UNIQUE (database_format, unix_format, example)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_containers`
+    (
+        id                  bigint                 NOT NULL AUTO_INCREMENT,
+        internal_name       character varying(255) NOT NULL,
+        name                character varying(255) NOT NULL,
+        host                character varying(255) NOT NULL,
+        port                integer                NOT NULL default 3306,
+        ui_host             character varying(255) NOT NULL default host,
+        ui_port             integer                NOT NULL default port,
+        ui_additional_flags text,
+        sidecar_host        character varying(255) NOT NULL,
+        sidecar_port        integer                NOT NULL default 3305,
+        image_id            bigint                 NOT NULL,
+        created             timestamp              NOT NULL DEFAULT NOW(),
+        last_modified       timestamp,
+        privileged_username character varying(255) NOT NULL,
+        privileged_password character varying(255) NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY (image_id) REFERENCES mdb_images (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_data`
+    (
+        ID           bigint NOT NULL AUTO_INCREMENT,
+        PROVENANCE   text,
+        FileEncoding text,
+        FileType     character varying(100),
+        Version      text,
+        Seperator    text,
+        PRIMARY KEY (ID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_licenses`
+    (
+        identifier character varying(255) NOT NULL,
+        uri        text                   NOT NULL,
+        PRIMARY KEY (identifier),
+        UNIQUE (uri(200))
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_databases`
+    (
+        id             bigint                 NOT NULL AUTO_INCREMENT,
+        cid            bigint                 NOT NULL,
+        name           character varying(255) NOT NULL,
+        internal_name  character varying(255) NOT NULL,
+        exchange_name  character varying(255) NOT NULL,
+        description    text,
+        engine         character varying(20),
+        is_public      boolean                NOT NULL DEFAULT TRUE,
+        created_by     character varying(36),
+        owned_by       character varying(36),
+        contact_person character varying(36),
+        created        timestamp              NOT NULL DEFAULT NOW(),
+        last_modified  timestamp,
+        PRIMARY KEY (id),
+        FOREIGN KEY (cid) REFERENCES mdb_containers (id) /* currently we only support one-to-one */,
+        FOREIGN KEY (created_by) REFERENCES mdb_users (id),
+        FOREIGN KEY (owned_by) REFERENCES mdb_users (id),
+        FOREIGN KEY (contact_person) REFERENCES mdb_users (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_databases_subjects`
+    (
+        dbid     BIGINT                 NOT NULL,
+        subjects character varying(255) NOT NULL,
+        PRIMARY KEY (dbid, subjects)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_tables`
+    (
+        ID              bigint                 NOT NULL AUTO_INCREMENT,
+        tDBID           bigint                 NOT NULL,
+        internal_name   character varying(255) NOT NULL,
+        queue_name      character varying(255) NOT NULL,
+        routing_key     character varying(255) NOT NULL,
+        tName           VARCHAR(50),
+        tDescription    TEXT,
+        num_rows        BIGINT,
+        data_length     BIGINT,
+        max_data_length BIGINT,
+        avg_row_length  BIGINT,
+        `separator`     CHAR(1),
+        quote           CHAR(1),
+        element_null    VARCHAR(50),
+        skip_lines      BIGINT,
+        element_true    VARCHAR(50),
+        element_false   VARCHAR(50),
+        Version         TEXT,
+        created         timestamp              NOT NULL DEFAULT NOW(),
+        versioned       boolean                not null default true,
+        created_by      character varying(36)  NOT NULL,
+        owned_by        character varying(36)  NOT NULL,
+        last_modified   timestamp,
+        PRIMARY KEY (ID),
+        FOREIGN KEY (tDBID) REFERENCES mdb_databases (id),
+        FOREIGN KEY (created_by) REFERENCES mdb_users (id),
+        FOREIGN KEY (owned_by) REFERENCES mdb_users (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns`
+    (
+        ID               BIGINT       NOT NULL AUTO_INCREMENT,
+        tID              BIGINT       NOT NULL,
+        dfID             BIGINT,
+        cName            VARCHAR(100),
+        internal_name    VARCHAR(100) NOT NULL,
+        alias            VARCHAR(100),
+        Datatype         ENUM ('CHAR','VARCHAR','BINARY','VARBINARY','TINYBLOB','TINYTEXT','TEXT','BLOB','MEDIUMTEXT','MEDIUMBLOB','LONGTEXT','LONGBLOB','ENUM','SET','BIT','TINYINT','BOOL','SMALLINT','MEDIUMINT','INT','BIGINT','FLOAT','DOUBLE','DECIMAL','DATE','DATETIME','TIMESTAMP','TIME','YEAR'),
+        length           BIGINT       NULL,
+        ordinal_position INTEGER      NOT NULL,
+        is_primary_key   BOOLEAN      NOT NULL,
+        index_length     BIGINT       NULL,
+        size             BIGINT,
+        d                BIGINT,
+        auto_generated   BOOLEAN               DEFAULT false,
+        is_null_allowed  BOOLEAN      NOT NULL DEFAULT true,
+        val_min          NUMERIC      NULL,
+        val_max          NUMERIC      NULL,
+        mean             NUMERIC      NULL,
+        median           NUMERIC      NULL,
+        std_dev          Numeric      NULL,
+        created          timestamp    NOT NULL DEFAULT NOW(),
+        last_modified    timestamp,
+        FOREIGN KEY (tID) REFERENCES mdb_tables (ID) ON DELETE CASCADE,
+        PRIMARY KEY (ID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns_enums`
+    (
+        id        bigint                 NOT NULL AUTO_INCREMENT,
+        column_id bigint                 NOT NULL,
+        value     CHARACTER VARYING(255) NOT NULL,
+        FOREIGN KEY (column_id) REFERENCES mdb_columns (ID),
+        PRIMARY KEY (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns_sets`
+    (
+        id        bigint                 NOT NULL AUTO_INCREMENT,
+        column_id bigint                 NOT NULL,
+        value     CHARACTER VARYING(255) NOT NULL,
+        FOREIGN KEY (column_id) REFERENCES mdb_columns (ID),
+        PRIMARY KEY (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns_nom`
+    (
+        tID           bigint,
+        cID           bigint,
+        maxlength     INTEGER,
+        last_modified timestamp,
+        created       timestamp NOT NULL DEFAULT NOW(),
+        FOREIGN KEY (tID, cID) REFERENCES mdb_columns (tID, ID),
+        PRIMARY KEY (tID, cID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns_cat`
+    (
+        tID           bigint,
+        cID           bigint,
+        num_cat       INTEGER,
+        --    cat_array     TEXT[],
+        last_modified timestamp,
+        created       timestamp NOT NULL DEFAULT NOW(),
+        FOREIGN KEY (tID, cID) REFERENCES mdb_columns (tID, ID),
+        PRIMARY KEY (tID, cID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_constraints_foreign_key`
+    (
+        fkid      BIGINT      NOT NULL AUTO_INCREMENT,
+        tid       BIGINT      NOT NULL,
+        rtid      BIGINT      NOT NULL,
+        on_update VARCHAR(50) NULL,
+        on_delete VARCHAR(50) NULL,
+        position  INT         NULL,
+        PRIMARY KEY (fkid),
+        FOREIGN KEY (tid) REFERENCES mdb_tables (id) ON DELETE CASCADE,
+        FOREIGN KEY (rtid) REFERENCES mdb_tables (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_constraints_foreign_key_reference`
+    (
+        id   BIGINT NOT NULL AUTO_INCREMENT,
+        fkid BIGINT NOT NULL,
+        cid  BIGINT NOT NULL,
+        rcid BIGINT NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY (fkid) REFERENCES mdb_constraints_foreign_key (fkid) ON UPDATE CASCADE,
+        FOREIGN KEY (cid) REFERENCES mdb_columns (id),
+        FOREIGN KEY (rcid) REFERENCES mdb_columns (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_constraints_unique`
+    (
+        uid      BIGINT NOT NULL AUTO_INCREMENT,
+        tid      BIGINT NOT NULL,
+        position INT    NULL,
+        PRIMARY KEY (uid),
+        FOREIGN KEY (tid) REFERENCES mdb_tables (id) ON DELETE CASCADE
+    );
+
+    CREATE TABLE IF NOT EXISTS `mdb_constraints_unique_columns`
+    (
+        id  BIGINT NOT NULL AUTO_INCREMENT,
+        uid BIGINT NOT NULL,
+        cid BIGINT NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY (uid) REFERENCES mdb_constraints_unique (uid),
+        FOREIGN KEY (cid) REFERENCES mdb_columns (id) ON DELETE CASCADE
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_constraints_checks`
+    (
+        id     BIGINT       NOT NULL AUTO_INCREMENT,
+        tid    BIGINT       NOT NULL,
+        checks VARCHAR(255) NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY (tid) REFERENCES mdb_tables (id) ON DELETE CASCADE
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_concepts`
+    (
+        id          bigint       NOT NULL AUTO_INCREMENT,
+        uri         text         not null,
+        name        VARCHAR(255) null,
+        description TEXT         null,
+        created     timestamp    NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (id),
+        UNIQUE (uri(200))
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_units`
+    (
+        id          bigint       NOT NULL AUTO_INCREMENT,
+        uri         text         not null,
+        name        VARCHAR(255) null,
+        description TEXT         null,
+        created     timestamp    NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (id),
+        UNIQUE (uri(200))
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns_concepts`
+    (
+        id      bigint    NOT NULL,
+        cID     bigint    NOT NULL,
+        created timestamp NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (id, cid),
+        FOREIGN KEY (cID) REFERENCES mdb_columns (ID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_columns_units`
+    (
+        id      bigint    NOT NULL,
+        cID     bigint    NOT NULL,
+        created timestamp NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (id, cID),
+        FOREIGN KEY (cID) REFERENCES mdb_columns (ID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_view`
+    (
+        id            bigint                NOT NULL AUTO_INCREMENT,
+        vdbid         bigint                NOT NULL,
+        vName         VARCHAR(255)          NOT NULL,
+        internal_name VARCHAR(255)          NOT NULL,
+        Query         TEXT                  NOT NULL,
+        query_hash    VARCHAR(255)          NOT NULL,
+        Public        BOOLEAN               NOT NULL,
+        InitialView   BOOLEAN               NOT NULL,
+        created       timestamp             NOT NULL DEFAULT NOW(),
+        last_modified timestamp,
+        created_by    character varying(36) NOT NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY (vdbid) REFERENCES mdb_databases (id),
+        FOREIGN KEY (created_by) REFERENCES mdb_users (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_banner_messages`
+    (
+        id            bigint                            NOT NULL AUTO_INCREMENT,
+        type          ENUM ('ERROR', 'WARNING', 'INFO') NOT NULL default 'INFO',
+        message       TEXT                              NOT NULL,
+        link          TEXT                              NULL,
+        link_text     VARCHAR(255)                      NULL,
+        display_start timestamp                         NULL,
+        display_end   timestamp                         NULL,
+        PRIMARY KEY (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_ontologies`
+    (
+        id              bigint     NOT NULL AUTO_INCREMENT,
+        prefix          VARCHAR(8) NOT NULL,
+        uri             TEXT       NOT NULL,
+        uri_pattern     TEXT,
+        sparql_endpoint TEXT       NULL,
+        rdf_path        TEXT       NULL,
+        last_modified   timestamp,
+        created         timestamp  NOT NULL DEFAULT NOW(),
+        UNIQUE (prefix),
+        UNIQUE (uri(200)),
+        PRIMARY KEY (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_view_columns`
+    (
+        id       BIGINT  NOT NULL AUTO_INCREMENT,
+        cid      BIGINT  NOT NULL,
+        vid      BIGINT  NOT NULL,
+        position INTEGER NULL,
+        PRIMARY KEY (id),
+        FOREIGN KEY (vid) REFERENCES mdb_view (id),
+        FOREIGN KEY (cid) REFERENCES mdb_columns (ID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_identifiers`
+    (
+        id                BIGINT                                       NOT NULL AUTO_INCREMENT,
+        dbid              BIGINT,
+        qid               BIGINT,
+        vid               BIGINT,
+        tid               BIGINT,
+        publisher         VARCHAR(255)                                 NOT NULL,
+        language          VARCHAR(2),
+        publication_year  INTEGER                                      NOT NULL,
+        publication_month INTEGER,
+        publication_day   INTEGER,
+        identifier_type   ENUM ('DATABASE', 'SUBSET', 'VIEW', 'TABLE') NOT NULL,
+        query             TEXT,
+        query_normalized  TEXT,
+        query_hash        VARCHAR(255),
+        execution         TIMESTAMP,
+        result_hash       VARCHAR(255),
+        result_number     BIGINT,
+        doi               VARCHAR(255),
+        created           TIMESTAMP                                    NOT NULL DEFAULT NOW(),
+        created_by        VARCHAR(36)                                  NOT NULL,
+        last_modified     TIMESTAMP,
+        PRIMARY KEY (id), /* must be a single id from persistent identifier concept */
+        FOREIGN KEY (dbid) REFERENCES mdb_databases (id),
+        FOREIGN KEY (created_by) REFERENCES mdb_users (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_identifier_licenses`
+    (
+        pid        bigint       NOT NULL,
+        license_id VARCHAR(255) NOT NULL,
+        PRIMARY KEY (pid, license_id),
+        FOREIGN KEY (pid) REFERENCES mdb_identifiers (id),
+        FOREIGN KEY (license_id) REFERENCES mdb_licenses (identifier)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_identifier_titles`
+    (
+        id         bigint NOT NULL AUTO_INCREMENT,
+        pid        bigint NOT NULL,
+        title      text   NOT NULL,
+        title_type ENUM ('ALTERNATIVE_TITLE', 'SUBTITLE', 'TRANSLATED_TITLE', 'OTHER'),
+        language   VARCHAR(2),
+        PRIMARY KEY (id),
+        FOREIGN KEY (pid) REFERENCES mdb_identifiers (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_identifier_funders`
+    (
+        id                     bigint       NOT NULL AUTO_INCREMENT,
+        pid                    bigint       NOT NULL,
+        funder_name            VARCHAR(255) NOT NULL,
+        funder_identifier      TEXT,
+        funder_identifier_type ENUM ('CROSSREF_FUNDER_ID', 'GRID', 'ISNI', 'ROR', 'OTHER'),
+        scheme_uri             text,
+        award_number           VARCHAR(255),
+        award_title            text,
+        language               VARCHAR(255),
+        PRIMARY KEY (id),
+        FOREIGN KEY (pid) REFERENCES mdb_identifiers (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_identifier_descriptions`
+    (
+        id               bigint NOT NULL AUTO_INCREMENT,
+        pid              bigint NOT NULL,
+        description      text   NOT NULL,
+        description_type ENUM ('ABSTRACT', 'METHODS', 'SERIES_INFORMATION', 'TABLE_OF_CONTENTS', 'TECHNICAL_INFO', 'OTHER'),
+        language         VARCHAR(2),
+        PRIMARY KEY (id),
+        FOREIGN KEY (pid) REFERENCES mdb_identifiers (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_related_identifiers`
+    (
+        id       bigint       NOT NULL AUTO_INCREMENT,
+        pid      bigint       NOT NULL,
+        value    varchar(255) NOT NULL,
+        type     varchar(255),
+        relation varchar(255),
+        PRIMARY KEY (id), /* must be a single id from persistent identifier concept */
+        FOREIGN KEY (pid) REFERENCES mdb_identifiers (id),
+        UNIQUE (pid, value)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_identifier_creators`
+    (
+        id                                bigint       NOT NULL AUTO_INCREMENT,
+        pid                               bigint       NOT NULL,
+        given_names                       text,
+        family_name                       text,
+        creator_name                      VARCHAR(255) NOT NULL,
+        name_type                         ENUM ('PERSONAL', 'ORGANIZATIONAL') default 'PERSONAL',
+        name_identifier                   text,
+        name_identifier_scheme            ENUM ('ROR', 'GRID', 'ISNI', 'ORCID'),
+        name_identifier_scheme_uri        text,
+        affiliation                       VARCHAR(255),
+        affiliation_identifier            text,
+        affiliation_identifier_scheme     ENUM ('ROR', 'GRID', 'ISNI'),
+        affiliation_identifier_scheme_uri text,
+        PRIMARY KEY (id),
+        FOREIGN KEY (pid) REFERENCES mdb_identifiers (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_feed`
+    (
+        fDBID   bigint,
+        fID     bigint,
+        fUserId character varying(36) not null,
+        fDataID bigint REFERENCES mdb_data (ID),
+        created timestamp             NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (fDBID, fID, fUserId, fDataID),
+        FOREIGN KEY (fDBID, fID) REFERENCES mdb_tables (tDBID, ID),
+        FOREIGN KEY (fUserId) REFERENCES mdb_users (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_update`
+    (
+        uUserID character varying(255) NOT NULL,
+        uDBID   bigint                 NOT NULL,
+        created timestamp              NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (uUserID, uDBID),
+        FOREIGN KEY (uDBID) REFERENCES mdb_databases (id)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_access`
+    (
+        aUserID  character varying(255) NOT NULL,
+        aDBID    bigint REFERENCES mdb_databases (id),
+        attime   TIMESTAMP,
+        download BOOLEAN,
+        created  timestamp              NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (aUserID, aDBID)
+    ) WITH SYSTEM VERSIONING;
+
+    CREATE TABLE IF NOT EXISTS `mdb_have_access`
+    (
+        user_id     character varying(36)                   NOT NULL,
+        database_id bigint REFERENCES mdb_databases (id),
+        access_type ENUM ('READ', 'WRITE_OWN', 'WRITE_ALL') NOT NULL,
+        created     timestamp                               NOT NULL DEFAULT NOW(),
+        PRIMARY KEY (user_id, database_id),
+        FOREIGN KEY (user_id) REFERENCES mdb_users (id)
+    ) WITH SYSTEM VERSIONING;
+
+    COMMIT;
+    BEGIN;
+
+    INSERT INTO `mdb_licenses` (identifier, uri)
+    VALUES ('MIT', 'https://opensource.org/licenses/MIT'),
+           ('GPL-3.0-only', 'https://www.gnu.org/licenses/gpl-3.0-standalone.html'),
+           ('BSD-3-Clause', 'https://opensource.org/licenses/BSD-3-Clause'),
+           ('BSD-4-Clause', 'http://directory.fsf.org/wiki/License:BSD_4Clause'),
+           ('Apache-2.0', 'https://opensource.org/licenses/Apache-2.0'),
+           ('CC0-1.0', 'https://creativecommons.org/publicdomain/zero/1.0/legalcode'),
+           ('CC-BY-4.0', 'https://creativecommons.org/licenses/by/4.0/legalcode');
+
+    INSERT INTO `mdb_images` (name, version, default_port, dialect, driver_class, jdbc_method)
+    VALUES ('mariadb', '11.1.3', 3306, 'org.hibernate.dialect.MariaDBDialect', 'org.mariadb.jdbc.Driver', 'mariadb');
+
+    INSERT INTO `mdb_images_date` (iid, database_format, unix_format, example, has_time)
+    VALUES (1, '%Y-%c-%d %H:%i:%S.%f', 'yyyy-MM-dd HH:mm:ss.SSSSSS', '2022-01-30 13:44:25.499', true),
+           (1, '%Y-%c-%d %H:%i:%S', 'yyyy-MM-dd HH:mm:ss', '2022-01-30 13:44:25', true),
+           (1, '%Y-%c-%d', 'yyyy-MM-dd', '2022-01-30', false),
+           (1, '%H:%i:%S', 'HH:mm:ss', '13:44:25', true);
+
+    INSERT INTO `mdb_ontologies` (prefix, uri, uri_pattern, sparql_endpoint, rdf_path)
+    VALUES ('om', 'http://www.ontology-of-units-of-measure.org/resource/om-2/',
+            'http://www.ontology-of-units-of-measure.org/resource/om-2/.*', null, 'rdf/om-2.0.rdf'),
+           ('wd', 'http://www.wikidata.org/', 'http://www.wikidata.org/entity/.*', 'https://query.wikidata.org/sparql',
+            null),
+           ('mo', 'http://purl.org/ontology/mo/', 'http://purl.org/ontology/mo/.*', null, null),
+           ('dc', 'http://purl.org/dc/elements/1.1/', null, null, null),
+           ('xsd', 'http://www.w3.org/2001/XMLSchema#', null, null, null),
+           ('tl', 'http://purl.org/NET/c4dm/timeline.owl#', null, null, null),
+           ('foaf', 'http://xmlns.com/foaf/0.1/', null, null, null),
+           ('schema', 'http://schema.org/', null, null, null),
+           ('rdf', 'http://www.w3.org/1999/02/22-rdf-syntax-ns#', null, null, null),
+           ('rdfs', 'http://www.w3.org/2000/01/rdf-schema#', null, null, null),
+           ('owl', 'http://www.w3.org/2002/07/owl#', null, null, null),
+           ('prov', 'http://www.w3.org/ns/prov#', null, null, null),
+           ('db', 'http://dbpedia.org', 'http://dbpedia.org/ontology/.*', 'http://dbpedia.org/sparql', null);
+    COMMIT;
diff --git a/helm-charts/dbrepo/templates/metadata-service/deployment.yaml b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a74271436d67ec3c2e5c7c401a41fe80e606c5cf
--- /dev/null
+++ b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml
@@ -0,0 +1,277 @@
+{{- if .Values.metadataService.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metadata-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: metadata-service
+    service: metadata-service
+spec:
+  replicas: {{ .Values.metadataService.replicaCount }}
+  strategy:
+    type: {{ $.Values.strategyType }}
+  selector:
+    matchLabels:
+      app: metadata-service
+      service: metadata-service
+  template:
+    metadata:
+      labels:
+        app: metadata-service
+        service: metadata-service
+    spec:
+      securityContext:
+        fsGroup: 0
+        runAsUser: 0
+        runAsGroup: 0
+      containers:
+        - name: metadata-service
+          image: {{ printf "%s/%s:%s" .Values.metadataService.image.registry .Values.metadataService.image.repository .Values.metadataService.image.tag }}
+          imagePullPolicy: {{ .Values.metadataService.image.pullPolicy | default "IfNotPresent" }}
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+          ports:
+            - containerPort: 9099
+              protocol: TCP
+          env:
+            - name: ADMIN_MAIL
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: admin-email
+            - name: GATEWAY_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: gateway-endpoint
+            - name: WEBSITE
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: website
+            - name: SEARCH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: search-username
+            - name: SEARCH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: search-password
+            - name: BROKER_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: broker-host
+            - name: BROKER_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: broker-port
+            - name: BROKER_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: broker-endpoint
+            - name: BROKER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: broker-username
+            - name: BROKER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: broker-password
+            - name: SHARED_FILESYSTEM
+              value: /mnt/shared
+            - name: METADATA_DB
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: metadata-db
+            - name: METADATA_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: metadata-host
+            - name: METADATA_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: metadata-username
+            - name: METADATA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: metadata-password
+            - name: METADATA_JDBC_EXTRA_ARGS
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: metadata-jdbc-extra-args
+            - name: KEYCLOAK_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: keycloak-host
+            - name: KEYCLOAK_ADMIN
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: keycloak-admin
+            - name: KEYCLOAK_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: keycloak-admin-password
+            - name: JWT_ISSUER
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: jwt-issuer
+            - name: DATACITE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: datacite-url
+            - name: DATACITE_PREFIX
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: datacite-prefix
+            - name: DATACITE_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: datacite-username
+            - name: DATACITE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: datacite-password
+            - name: REPOSITORY_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: repository-name
+            - name: BASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: base-url
+            - name: PID_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: pid-base
+            - name: MIN_CONCURRENT_CONSUMERS
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: min-concurrent-consumers
+            - name: MAX_CONCURRENT_CONSUMERS
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: max-concurrent-consumers
+            - name: REQUEUE_REJECTED
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: requeue-rejected
+            - name: BROKER_VIRTUALHOST
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: broker-virtualhost
+            - name: QUEUE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: queue-name
+            - name: EXCHANGE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: exchange-name
+            - name: ROUTING_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: routing-key
+            - name: CONNECTION_TIMEOUT
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: connection-timeout
+            - name: LOG_LEVEL
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: log-level
+            - name: S3_STORAGE_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: s3-storage-endpoint
+            - name: S3_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: s3-access-key-id
+            - name: S3_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: s3-secret-access-key
+            - name: S3_IMPORT_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: s3-import-bucket
+            - name: S3_EXPORT_BUCKET
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: s3-export-bucket
+            - name: MIRROR_RATE
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: mirror-rate
+            - name: OBTAIN_METADATA_RATE
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: obtain-metadata-rate
+            - name: DELETE_STALE_QUERIES_RATE
+              valueFrom:
+                secretKeyRef:
+                  name: metadata-service-secret
+                  key: delete-stale-queries-rate
+            {{- if .Values.metadataService.datacite.enabled }}
+            - name: spring_profiles_active
+              value: doi
+            {{- end }}
+          livenessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:9099/actuator/health/readiness | grep 'UP' || exit 1"
+            initialDelaySeconds: 120
+            periodSeconds: 30
+          readinessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:9099/actuator/health/liveness | grep 'UP' || exit 1"
+            initialDelaySeconds: 30
+            periodSeconds: 30
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/metadata-service/secret.yaml b/helm-charts/dbrepo/templates/metadata-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a8ebcba53df13966383988c4a2fda4c6f22746e3
--- /dev/null
+++ b/helm-charts/dbrepo/templates/metadata-service/secret.yaml
@@ -0,0 +1,52 @@
+{{ $pidBase := printf "https://%s/pid/" .Values.hostname }}
+{{ $jwtIssuer := printf "https://%s/api/auth/realms/dbrepo" .Values.hostname }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: metadata-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  admin-email: "{{ .Values.metadataService.adminEmail }}"
+  base-url: "{{ .Values.hostname }}"
+  broker-endpoint: "{{ index .Values "broker-service" "url" }}"
+  broker-host: "{{ index .Values "broker-service" "host" }}"
+  broker-port: "{{ index .Values "broker-service" "port" }}"
+  gateway-endpoint: "{{ .Values.hostname }}"
+  website: "{{ .Values.metadataService.website }}"
+  search-username: "{{ index .Values "search-db" "username" }}"
+  search-password: "{{ index .Values "search-db" "password" }}"
+  broker-username: "{{ index .Values "broker-service" "auth" "username" }}"
+  broker-password: "{{ index .Values "broker-service" "auth" "password" }}"
+  log-level: "{{ ternary "trace" "info" .Values.metadataService.image.debug }}"
+  metadata-db: "{{ index .Values "metadata-db" "db" "name" }}"
+  metadata-host: "{{ index .Values "metadata-db" "host" }}"
+  metadata-username: "{{ index .Values "metadata-db" "rootUser" "user" }}"
+  metadata-password: "{{ index .Values "metadata-db" "rootUser" "password" }}"
+  metadata-jdbc-extra-args: "{{ index .Values "metadata-db" "jdbcExtraArgs" }}"
+  keycloak-host: "{{ .Values.metadataService.authService.url }}"
+  keycloak-admin: "{{ index .Values "auth-service" "auth" "adminUser" }}"
+  keycloak-admin-password: "{{ index .Values "auth-service" "auth" "adminPassword" }}"
+  datacite-url: "{{ .Values.metadataService.datacite.url }}"
+  datacite-prefix: "{{ .Values.metadataService.datacite.prefix | toString }}"
+  datacite-username: "{{ .Values.metadataService.datacite.username }}"
+  datacite-password: "{{ .Values.metadataService.datacite.password }}"
+  repository-name: "{{ .Values.metadataService.repositoryName }}"
+  pid-base: "{{ $pidBase }}"
+  jwt-issuer: "{{ $jwtIssuer }}"
+  broker-virtualhost: "{{ index .Values "broker-service" "virtualHost" }}"
+  queue-name: "{{ index .Values "broker-service" "queueName" }}"
+  exchange-name: "{{ index .Values "broker-service" "exchangeName" }}"
+  routing-key: "{{ index .Values "broker-service" "routingKey" }}"
+  connection-timeout: "{{ index .Values "broker-service" "connectionTimeout" }}"
+  min-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMin }}"
+  max-concurrent-consumers: "{{ .Values.dataService.consumerConcurrentMax }}"
+  requeue-rejected: "{{ .Values.dataService.requeueRejected }}"
+  s3-storage-endpoint: http://storage-service-s3:9000
+  s3-access-key-id: seaweedfsadmin
+  s3-secret-access-key: seaweedfsadmin
+  s3-import-bucket: dbrepo-upload
+  s3-export-bucket: dbrepo-download
+  mirror-rate: {{ .Values.metadataService.rates.mirror | quote }}
+  obtain-metadata-rate: {{ .Values.metadataService.rates.obtainMetadata | quote }}
+  delete-stale-queries-rate: {{ .Values.metadataService.rates.deleteStaleQueries | quote }}
diff --git a/helm-charts/dbrepo/templates/metadata-service/service.yaml b/helm-charts/dbrepo/templates/metadata-service/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..45646d7a7143de35291530580c7b1348d0ffd7d4
--- /dev/null
+++ b/helm-charts/dbrepo/templates/metadata-service/service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.metadataService.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metadata-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    service: metadata-service
+spec:
+  type: ClusterIP
+  ports:
+    - name: "metadata-service"
+      port: 80
+      targetPort: 9099
+      protocol: TCP
+  selector:
+    service: metadata-service
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/networkpolicy.yaml b/helm-charts/dbrepo/templates/networkpolicy.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f17ac6cd0d8f2fcd058a365be92b27bca998217b
--- /dev/null
+++ b/helm-charts/dbrepo/templates/networkpolicy.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: public
+spec:
+  podSelector:
+    matchLabels:
+      network: public
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              network: public
diff --git a/helm-charts/dbrepo/templates/search-db-dashboard/secret.yaml b/helm-charts/dbrepo/templates/search-db-dashboard/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c38c243c6c9b34b8aa01fc9ccf6a747e4066aa04
--- /dev/null
+++ b/helm-charts/dbrepo/templates/search-db-dashboard/secret.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: search-db-dashboard-secret
+  namespace: {{ $.Values.namespace }}
+stringData:
+  opensearch_dashboards.yml: |
+    server:
+      basePath: "/admin/dashboard"
+      rewriteBasePath: true
+      ssl:
+        enabled: true
+        certificate: /usr/share/opensearch-dashboards/tls/tls.crt
+        key: /usr/share/opensearch-dashboards/tls/tls.key
+      name: log-dashboard
+      host: 0.0.0.0
+    opensearch:
+      ssl:
+        verificationMode: none
+      username: {{ index .Values "search-db" "username" }}
+      password: {{ index .Values "search-db" "password" }}
diff --git a/helm-charts/dbrepo/templates/search-db/certificate.yaml b/helm-charts/dbrepo/templates/search-db/certificate.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0099f0afddaacddfe7fd45c7555c4a2b1cf22caa
--- /dev/null
+++ b/helm-charts/dbrepo/templates/search-db/certificate.yaml
@@ -0,0 +1,22 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: search-db
+  namespace: {{ .Values.namespace }}
+spec:
+  isCA: false
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  commonName: search-db
+  secretName: search-db-cert
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS8
+    size: 2048
+  usages:
+    - server auth
+    - client auth
+  issuerRef:
+    name: selfsigned-cluster-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/search-service/deployment.yaml b/helm-charts/dbrepo/templates/search-service/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..88297b59ebdc1d4fc99c0591836987d6a51347ba
--- /dev/null
+++ b/helm-charts/dbrepo/templates/search-service/deployment.yaml
@@ -0,0 +1,80 @@
+{{- if .Values.searchService.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: search-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: search-service
+    service: search-service
+spec:
+  replicas: {{ .Values.metadataService.replicaCount }}
+  strategy:
+    type: {{ $.Values.strategyType }}
+  selector:
+    matchLabels:
+      app: search-service
+      service: search-service
+  template:
+    metadata:
+      labels:
+        app: search-service
+        service: search-service
+    spec:
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - name: search-service
+          image: {{ printf "%s/%s:%s" .Values.searchService.image.registry .Values.searchService.image.repository .Values.searchService.image.tag }}
+          imagePullPolicy: {{ .Values.searchService.image.pullPolicy | default "IfNotPresent" }}
+          ports:
+            - containerPort: 4000
+              protocol: TCP
+          env:
+            - name: OPENSEARCH_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: search-service-secret
+                  key: opensearch-host
+            - name: OPENSEARCH_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: search-service-secret
+                  key: opensearch-port
+            - name: OPENSEARCH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: search-service-secret
+                  key: opensearch-username
+            - name: OPENSEARCH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: search-service-secret
+                  key: opensearch-password
+            - name: LOG_LEVEL
+              valueFrom:
+                secretKeyRef:
+                  name: search-service-secret
+                  key: log-level
+          livenessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:4000/health | grep 'UP' || exit 1"
+            initialDelaySeconds: 120
+            periodSeconds: 30
+          readinessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -ec
+                - "curl -sSL localhost:4000/health | grep 'UP' || exit 1"
+            initialDelaySeconds: 10
+            periodSeconds: 30
+          volumeMounts: []
+      volumes: []
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/search-service/secret.yaml b/helm-charts/dbrepo/templates/search-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ed2881fe17a0ec16c9d2875c6d3b9abab935ac0b
--- /dev/null
+++ b/helm-charts/dbrepo/templates/search-service/secret.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: search-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  opensearch-host: "{{ index .Values "search-db" "host" }}"
+  opensearch-port: "{{ index .Values "search-db" "port" }}"
+  opensearch-username: "{{ index .Values "search-db" "username" }}"
+  opensearch-password: "{{ index .Values "search-db" "password" }}"
+  log-level: "{{ ternary "DEBUG" "INFO" .Values.searchService.image.debug }}"
diff --git a/helm-charts/dbrepo/templates/search-service/service.yaml b/helm-charts/dbrepo/templates/search-service/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b31e0e19db70d620135d3933f18e2177740508da
--- /dev/null
+++ b/helm-charts/dbrepo/templates/search-service/service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.searchService.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: search-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    service: search-service
+spec:
+  type: ClusterIP
+  ports:
+    - name: "search-service"
+      port: 80
+      targetPort: 4000
+      protocol: TCP
+  selector:
+    service: search-service
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/storage-service/job.yaml b/helm-charts/dbrepo/templates/storage-service/job.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..fac9e0c6be32c9c04498a6ea5f1cb21dfad34a17
--- /dev/null
+++ b/helm-charts/dbrepo/templates/storage-service/job.yaml
@@ -0,0 +1,51 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: storage-service-create-buckets-job
+  namespace: {{ .Values.namespace }}
+spec:
+  template:
+    metadata:
+      name: storage-service-create-buckets-job
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: init
+          image: s210.dl.hpc.tuwien.ac.at/dbrepo/storage-service-init:latest
+          env:
+            - name: WEED_CLUSTER_DEFAULT
+              value: "sw"
+            - name: WEED_CLUSTER_SW_MASTER
+              value: "storage-service-master.{{ .Release.Name }}:9333"
+            - name: SEAWEEDFS_ENDPOINT
+              value: "storage-service-master.{{ .Release.Name }}:9333"
+            - name: WEED_CLUSTER_SW_FILER
+              value: "storage-service-filer-client.{{ .Release.Name }}:8888"
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: SEAWEEDFS_FULLNAME
+              value: "storage-service"
+          volumeMounts:
+            - name: config-users
+              mountPath: /etc/sw
+              readOnly: true
+          ports:
+            - containerPort: 9333
+              name: swfs-master
+            - containerPort: 19333
+              #name: swfs-master-grpc
+      volumes:
+        - name: config-users
+          secret:
+            defaultMode: 420
+            secretName: seaweedfs-s3-secret
diff --git a/helm-charts/dbrepo/templates/storage-service/secret.yaml b/helm-charts/dbrepo/templates/storage-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..525323c623e127e23957b5b74b9c83f8d9980f0b
--- /dev/null
+++ b/helm-charts/dbrepo/templates/storage-service/secret.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: seaweedfs-s3-secret
+  namespace: {{ .Values.namespace }}
+  labels:
+    app.kubernetes.io/name: seaweedfs
+    app.kubernetes.io/component: s3
+stringData:
+  seaweedfs_s3_config: |
+    {
+      "identities": [
+        {
+          "name": "admin",
+          "credentials": [
+            {
+              "accessKey": "{{ index .Values "storage-service" "s3" "auth" "username" }}",
+              "secretKey": "{{ index .Values "storage-service" "s3" "auth" "password" }}"
+            }
+          ],
+          "actions": [
+            "Read",
+            "Write",
+            "List",
+            "Tagging",
+            "Admin"
+          ]
+        }
+      ]
+    }
+
diff --git a/helm-charts/dbrepo/templates/ui/configmap.yaml b/helm-charts/dbrepo/templates/ui/configmap.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..932fcfac905f6921950198e6c9f0c3836d96f7bc
--- /dev/null
+++ b/helm-charts/dbrepo/templates/ui/configmap.yaml
@@ -0,0 +1,123 @@
+{{- if .Values.ui.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ui-setup
+  namespace: {{ $.Values.namespace }}
+data:
+  dbrepo.config.json: |
+    {
+      "title": "{{ .Values.ui.title }}",
+      "version": "{{ .Values.ui.version }}",
+      "ssl": {
+        "force": "{{ .Values.ui.forceSsl }}"
+      },
+      "logo": {
+        "path": "{{ .Values.ui.logo }}"
+      },
+      "icon": {
+        "path": "{{ .Values.ui.icon }}"
+      },
+      "appleTouchIcon": {
+        "path": "{{ .Values.ui.appleTouchIcon }}"
+      },
+      "api": {
+        "useSsl": "{{ .Values.ui.forceSsl }}"
+      },
+      "broker": {
+        "connection": {
+          "host": "{{ .Values.ui.broker.host }}",
+          "ports": {{ .Values.ui.broker.ports | toJson }},
+          "extraInfo": "{{ .Values.ui.broker.extraInfo}}"
+        }
+      },
+      "storage": {
+        "endpoint": "storage-service",
+        "port": 9000,
+        "useSsl": false,
+        "accessKey": {
+          "id": "seaweedfsadmin",
+          "secret": "seaweedfsadmin"
+        }
+      },
+      "database": {
+        "connection": {
+          "extraInfo": "128.130.0.0/15"
+        }
+      },
+      "keycloak": {
+        "client": {
+          "id": "dbrepo-client",
+          "secret": "MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG"
+        }
+      },
+      "opensearch": {
+        "username": "admin",
+        "password": "admin"
+      },
+      "pid": {
+        "default": {
+          "publisher": "TU Wien"
+        }
+      },
+      "doi": {
+        "url": "{{ .Values.ui.datacite.url }}"
+      },
+      "pages": {
+        "login": {
+          "links": [
+            {
+              "text": "OpenSearch Admin",
+              "blank": true,
+              "href": "{{ printf "https://%s/admin/dashboard" .Values.hostname }}"
+            },
+            {
+              "text": "RabbitMQ Admin",
+              "blank": true,
+              "href": "{{ printf "https://%s/admin/broker/" .Values.hostname }}"
+            },
+            {
+              "text": "Keycloak Admin",
+              "blank": true,
+              "href": "{{ printf "https://%s/api/auth/" .Values.hostname }}"
+            }
+          ]
+        },
+        "information": {
+          "links": [
+            {
+              "text": "Online Documentation",
+              "blank": true,
+              "href": "https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/latest/"
+            },
+            {
+              "text": "Sourcecode Documentation",
+              "blank": true,
+              "href": "https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services"
+            },
+            {
+              "text": "Docker Images",
+              "blank": true,
+              "href": "https://hub.docker.com/u/dbrepo"
+            },
+            {
+              "text": "Demo Instance (Kubernetes)",
+              "blank": true,
+              "href": "https://test.dbrepo.tuwien.ac.at/"
+            },
+            {
+              "text": "Demo Instance (Docker Compose)",
+              "blank": true,
+              "href": "https://dbrepo2.ec.tuwien.ac.at/"
+            },
+            {
+              "text": "Paper",
+              "blank": true,
+              "href": "https://doi.org/10.2218/ijdc.v17i1.825"
+            }
+          ]
+        }
+      }
+    }
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/ui/deployment.yaml b/helm-charts/dbrepo/templates/ui/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..295908ce65ab231d5cd546399befc57690bd6218
--- /dev/null
+++ b/helm-charts/dbrepo/templates/ui/deployment.yaml
@@ -0,0 +1,65 @@
+{{- if .Values.ui.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ui
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: ui
+    service: ui
+spec:
+  replicas: {{ .Values.ui.replicaCount }}
+  strategy:
+    type: {{ $.Values.strategyType }}
+  selector:
+    matchLabels:
+      app: ui
+      service: ui
+  template:
+    metadata:
+      labels:
+        app: ui
+        service: ui
+    spec:
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - name: ui
+          image: {{ printf "%s/%s:%s" .Values.ui.image.registry .Values.ui.image.repository .Values.ui.image.tag }}
+          imagePullPolicy: {{ .Values.ui.image.pullPolicy | default "IfNotPresent" }}
+          ports:
+            - containerPort: 3000
+              protocol: TCP
+          env:
+            - name: API
+              value: "https://{{ .Values.hostname }}"
+          volumeMounts:
+            - mountPath: /app/dbrepo.config.json
+              subPath: dbrepo.config.json
+              name: config
+            {{- if .Values.ui.extraVolumeMounts }}
+            {{- .Values.ui.extraVolumeMounts | toYaml | nindent 12 }}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 120
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 3000
+            initialDelaySeconds: 30
+            periodSeconds: 30
+      volumes:
+        - name: config
+          configMap:
+            name: ui-setup
+        {{- if .Values.ui.extraVolumes }}
+        {{- .Values.ui.extraVolumes | toYaml | nindent 8 }}
+        {{- end }}
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/ui/service.yaml b/helm-charts/dbrepo/templates/ui/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..676c28992501fbb21fbdcd560ec2a9be7b47e98e
--- /dev/null
+++ b/helm-charts/dbrepo/templates/ui/service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.ui.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui
+  namespace: {{ $.Values.namespace }}
+  labels:
+    service: ui
+spec:
+  type: ClusterIP
+  ports:
+    - name: "nuxt"
+      port: 80
+      targetPort: 3000
+      protocol: TCP
+  selector:
+    service: ui
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/upload-service/deployment.yaml b/helm-charts/dbrepo/templates/upload-service/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9123ede83eefe7b7dc03e9cfbb6f1334f17afd2a
--- /dev/null
+++ b/helm-charts/dbrepo/templates/upload-service/deployment.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.uploadService.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: upload-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: upload-service
+    service: upload-service
+spec:
+  replicas: {{ .Values.uploadService.replicaCount }}
+  strategy:
+    type: {{ $.Values.strategyType }}
+  selector:
+    matchLabels:
+      app: upload-service
+      service: upload-service
+  template:
+    metadata:
+      labels:
+        app: upload-service
+        service: upload-service
+    spec:
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsGroup: 1000
+      containers:
+        - name: upload-service
+          image: {{ printf "%s/%s:%s" .Values.uploadService.image.registry .Values.uploadService.image.repository .Values.uploadService.image.tag }}
+          imagePullPolicy: {{ .Values.uploadService.image.pullPolicy | default "IfNotPresent" }}
+          env:
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: upload-service-secret
+                  key: aws-access-key-id
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: upload-service-secret
+                  key: aws-secret-access-key
+            - name: AWS_REGION
+              valueFrom:
+                secretKeyRef:
+                  name: upload-service-secret
+                  key: aws-region
+          args:
+            - "--base-path=/api/upload/files/"
+            - "-s3-endpoint=http://storage-service-s3:9000"
+            - "-s3-bucket=dbrepo-upload"
+          ports:
+            - containerPort: 1080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              port: 1080
+          readinessProbe:
+            httpGet:
+              port: 1080
+            initialDelaySeconds: 10
+            periodSeconds: 30
+{{- end }}
diff --git a/helm-charts/dbrepo/templates/upload-service/secret.yaml b/helm-charts/dbrepo/templates/upload-service/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1d94dc2ebdcc8ecfda0b934fc6fb2849ba1ba535
--- /dev/null
+++ b/helm-charts/dbrepo/templates/upload-service/secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.uploadService.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: upload-service-secret
+  namespace: {{ .Values.namespace }}
+stringData:
+  aws-access-key-id: "{{ index .Values "storage-service" "s3" "auth" "username" }}"
+  aws-secret-access-key: "{{ index .Values "storage-service" "s3" "auth" "password" }}"
+  aws-region: "default"
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/dbrepo/templates/upload-service/service.yaml b/helm-charts/dbrepo/templates/upload-service/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3c4d957002cf479ed03c2df6a4bbf305b6068d87
--- /dev/null
+++ b/helm-charts/dbrepo/templates/upload-service/service.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.uploadService.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: upload-service
+  namespace: {{ $.Values.namespace }}
+  labels:
+    service: upload-service
+spec:
+  type: ClusterIP
+  ports:
+    - name: "http"
+      port: 80
+      targetPort: 1080
+      protocol: TCP
+  selector:
+    service: upload-service
+{{- end }}
diff --git a/helm-charts/dbrepo/values.yaml b/helm-charts/dbrepo/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4fb5af517db018a3facfe2b14de1f042a3f776d4
--- /dev/null
+++ b/helm-charts/dbrepo/values.yaml
@@ -0,0 +1,611 @@
+namespace: dbrepo
+
+hostname: example.com
+
+strategyType: RollingUpdate
+
+clusterDomain: cluster.local
+
+metadata-db:
+  fullnameOverride: metadata-db
+  image:
+    debug: false
+  host: metadata-db
+  rootUser:
+    user: root
+    password: dbrepo
+  jdbcExtraArgs: ""
+  db:
+    name: fda
+  metrics:
+    enabled: true
+  galera:
+    mariabackup:
+      user: mariabackup
+      password: mariabackup
+  initdbScriptsConfigMap: metadata-db-setup
+  service:
+    type: ClusterIP
+    annotations: { }
+    #loadBalancerIP: 1.2.3.4
+    loadBalancerSourceRanges: [ ]
+  persistence:
+    enabled: false
+    size: 10Gi
+    storageClass: default
+  replicaCount: 3 # uneven 3,5,7
+
+auth-service:
+  fullnameOverride: auth-service
+  image:
+    debug: false
+  auth:
+    adminUser: fda
+    adminPassword: fda
+  postgresql:
+    enabled: false # not needed
+  extraStartupArgs: "--import-realm"
+  tls:
+    enabled: true
+    existingSecret: dbrepo-ingress-tls-cert
+    usePem: true
+  metrics:
+    enabled: true
+  externalDatabase:
+    existingSecret: auth-service-secret
+    existingSecretDatabaseKey: db-name
+    existingSecretHostKey: db-host
+    existingSecretPortKey: db-port
+    existingSecretUserKey: db-username
+    existingSecretPasswordKey: db-password
+  client:
+    id: dbrepo-client
+    secret: MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG
+  extraEnvVarsCM: auth-service-config
+  extraVolumes:
+    - name: config-map
+      configMap:
+        name: auth-service-setup
+  extraVolumeMounts:
+    - name: config-map
+      mountPath: /opt/bitnami/keycloak/data/import
+  replicaCount: 2
+
+auth-db:
+  fullnameOverride: auth-db
+  host: auth-db-pgpool
+  port: 5432
+  postgresql:
+    postgresPassword: postgres
+    username: metrics # implicit requirement for metrics container
+    password: metrics # implicit requirement for metrics container
+    repmgrPassword: repmgr # implicit requirement for rolling updates
+    database: keycloak
+  pgpool:
+    adminUsername: admin
+    adminPassword: admin
+  metrics:
+    enabled: true
+  service:
+    type: ClusterIP
+    annotations: { }
+    #loadBalancerIP: 1.2.3.4
+    loadBalancerSourceRanges: [ ]
+  persistence:
+    enabled: false
+    size: 10Gi
+    storageClass: default
+
+data-db:
+  fullnameOverride: data-db
+  image:
+    debug: false
+  extraFlags: "--character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci"
+  rootUser:
+    user: root
+    password: dbrepo
+  metrics:
+    enabled: true
+  galera:
+    mariabackup:
+      user: mariabackup
+      password: mariabackup
+  sidecars:
+    - name: sidecar
+      image: s210.dl.hpc.tuwien.ac.at/dbrepo/data-db-sidecar:latest
+      imagePullPolicy: Always
+      securityContext:
+        runAsUser: 1001
+        runAsGroup: 1001
+      ports:
+        - containerPort: 3305
+          protocol: TCP
+      env:
+        - name: S3_STORAGE_ENDPOINT
+          value: http://storage-service-s3:9000
+        - name: S3_ACCESS_KEY_ID
+          value: seaweedfsadmin
+        - name: S3_SECRET_ACCESS_KEY
+          value: seaweedfsadmin
+      volumeMounts:
+        - name: tmp # share between sidecar and galera container
+          mountPath: /tmp
+  service:
+    type: ClusterIP
+    annotations: { }
+    #loadBalancerIP: 1.2.3.4
+    loadBalancerSourceRanges: [ ]
+    extraPorts:
+      - name: "sidecar"
+        port: 3305
+        targetPort: 3305
+        protocol: TCP
+  extraVolumeMounts:
+    - name: tmp # share between sidecar and galera container
+      mountPath: /tmp
+  extraVolumes:
+    #    - name: tmp
+    #      emptyDir: {}
+    - name: tmp
+      persistentVolumeClaim:
+        claimName: data-db-shared
+  persistence:
+    enabled: false
+    size: 10Gi
+    storageClass: default
+    sharedStorageClass: default
+  replicaCount: 3 # uneven
+
+search-db:
+  fullnameOverride: search-db
+  host: search-db
+  port: 9200
+  protocol: http
+  username: admin
+  password: admin
+  clusterName: search-db
+  masterService: search-db
+  image:
+    debug: false
+  sysctlInit:
+    enabled: true
+  persistence:
+    enabled: false
+    size: 10Gi
+  service:
+    type: ClusterIP
+    annotations: { }
+    loadBalancerSourceRanges: [ ]
+  extraEnvs:
+    - name: DISABLE_INSTALL_DEMO_CONFIG
+      value: "true"
+  extraVolumeMounts:
+    - name: node-cert
+      mountPath: /usr/share/opensearch/config/tls
+      readOnly: true
+  extraVolumes:
+    - name: node-cert
+      secret:
+        secretName: search-db-cert
+  config:
+    opensearch.yml: |
+      cluster.name: search-db
+      network.host: 0.0.0.0
+      plugins:
+        security:
+          ssl:
+            transport:
+              pemcert_filepath: tls/tls.crt
+              pemkey_filepath: tls/tls.key
+              pemtrustedcas_filepath: tls/ca.crt
+              enforce_hostname_verification: false
+            http:
+              #enabled: true # uncomment to force ssl connections
+              pemcert_filepath: tls/tls.crt
+              pemkey_filepath: tls/tls.key
+              pemtrustedcas_filepath: tls/ca.crt
+          allow_unsafe_democertificates: false
+          allow_default_init_securityindex: true
+          authcz:
+            admin_dn:
+              - CN=search-db
+          nodes_dn:
+            - CN=search-db
+          audit.type: internal_opensearch
+          enable_snapshot_restore_privilege: true
+          check_snapshot_restore_write_privileges: true
+          restapi:
+            roles_enabled: [ "all_access", "security_rest_api_access" ]
+          system_indices:
+            enabled: true
+            indices:
+              [
+                ".opendistro-alerting-config",
+                ".opendistro-alerting-alert*",
+                ".opendistro-anomaly-results*",
+                ".opendistro-anomaly-detector*",
+                ".opendistro-anomaly-checkpoints",
+                ".opendistro-anomaly-detection-state",
+                ".opendistro-reports-*",
+                ".opendistro-notifications-*",
+                ".opendistro-notebooks",
+                ".opendistro-asynchronous-search-response*",
+              ]
+
+search-db-dashboard:
+  fullnameOverride: search-db-dashboard
+  opensearchHosts: http://search-db:9200
+  extraInitContainers:
+    - name: init
+      image: s210.dl.hpc.tuwien.ac.at/dbrepo/search-db-init:latest
+      imagePullPolicy: Always
+      env:
+        - name: OPENSEARCH_HOST
+          value: http://search-db:9200
+  extraVolumeMounts:
+    - name: tls
+      mountPath: /usr/share/opensearch-dashboards/tls
+      readOnly: true
+    - name: config
+      mountPath: /usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+      subPath: opensearch_dashboards.yml
+      readOnly: true
+  extraVolumes:
+    - name: tls
+      secret:
+        secretName: dbrepo-ingress-tls-cert
+    - name: config
+      secret:
+        secretName: search-db-dashboard-secret
+  replicaCount: 2
+
+uploadService:
+  enabled: true
+  image:
+    registry: docker.io
+    repository: tusproject/tusd
+    tag: v1.12
+  replicaCount: 2
+
+broker-service:
+  fullnameOverride: broker-service
+  image:
+    debug: true
+  url: http://broker-service:15672
+  host: broker-service
+  port: 5672
+  virtualHost: dbrepo
+  queueName: dbrepo
+  exchangeName: dbrepo
+  routingKey: dbrepo.#
+  connectionTimeout: 60000
+  auth:
+    tls:
+      enabled: false
+      sslOptionsVerify: true
+      failIfNoPeerCert: true
+      existingSecret: dbrepo-ingress-tls-cert
+    username: broker
+    password: broker
+  extraConfiguration: |-
+    default_vhost = dbrepo
+    default_user_tags.administrator = true
+    default_permissions.configure = .*
+    default_permissions.read = .*
+    default_permissions.write = .*
+    load_definitions = /etc/rabbitmq/definitions.json
+    log.console = true
+    listeners.tcp.1 = 0.0.0.0:5672
+    auth_backends.1 = rabbit_auth_backend_oauth2
+    auth_backends.2 = rabbit_auth_backend_internal
+    auth_oauth2.resource_server_id = rabbitmq
+    auth_oauth2.preferred_username_claims.1 = client_id
+    auth_oauth2.default_key = t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM
+    auth_oauth2.signing_keys.t2OCeCheJ9uwoBbNQjG_nN6WKiLcceTIAZmiTbGODFM = /etc/rabbitmq/cert.pem
+    auth_oauth2.signing_keys.id2 = /etc/rabbitmq/pubkey.pem
+    auth_oauth2.algorithms.1 = HS256
+    auth_oauth2.algorithms.2 = RS256
+  loadDefinition:
+    enabled: true
+    file: /etc/rabbitmq/definitions.json
+    existingSecret: broker-service-secret
+  extraVolumeMounts:
+    - name: secret-map
+      mountPath: /etc/rabbitmq/definitions.json
+      subPath: definitions.json
+      readOnly: true
+    - name: secret-map
+      mountPath: /etc/rabbitmq/pubkey.pem
+      subPath: pubkey.pem
+      readOnly: true
+    - name: secret-map
+      mountPath: /etc/rabbitmq/cert.pem
+      subPath: cert.pem
+      readOnly: true
+  extraVolumes:
+    - name: secret-map
+      secret:
+        secretName: broker-service-secret
+  extraPlugins: rabbitmq_prometheus rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl
+  extraEnvVars:
+    - name: BITNAMI_DEBUG
+      value: "true"
+  persistence:
+    enabled: false
+    size: 5Gi
+    storageClass: default
+  service:
+    type: ClusterIP
+    # loadBalancerIP:
+  replicaCount: 3
+
+analyseService:
+  enabled: true
+  image:
+    registry: s210.dl.hpc.tuwien.ac.at
+    repository: dbrepo/analyse-service
+    tag: "latest"
+    pullPolicy: Always
+    debug: false
+  replicaCount: 2
+
+metadataService:
+  enabled: true
+  image:
+    registry: s210.dl.hpc.tuwien.ac.at
+    repository: dbrepo/metadata-service
+    tag: "latest"
+    pullPolicy: Always
+    debug: false
+  adminEmail: noreply@example.com
+  authService:
+    url: http://auth-service
+  website: http://example.com
+  repositoryName: Database Repository
+  datacite:
+    enabled: false
+    url: https://api.datacite.org
+    prefix: ""
+    username: ""
+    password: ""
+  rates:
+    mirror: 60
+    obtainMetadata: 60
+    deleteStaleQueries: 60
+  replicaCount: 2
+
+dataService:
+  enabled: true
+  image:
+    registry: s210.dl.hpc.tuwien.ac.at
+    repository: dbrepo/data-service
+    tag: "latest"
+    pullPolicy: Always
+    debug: false
+  jwt:
+    pubkey: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB"
+  consumerConcurrentMin: 1
+  consumerConcurrentMax: 5
+  requeueRejected: false
+  replicaCount: 2
+
+searchService:
+  enabled: true
+  image:
+    registry: s210.dl.hpc.tuwien.ac.at
+    repository: dbrepo/search-service
+    tag: "latest"
+    pullPolicy: Always
+    debug: false
+  replicaCount: 2
+
+storage-service:
+  fullnameOverride: storage-service
+  master:
+    enabled: true
+  filer:
+    enabled: true
+    replicas: 1
+    enablePVC: false
+    storage: 25Gi
+    s3:
+      enabled: true
+      allowEmptyFolder: true
+      port: 9000
+      enableAuth: true
+      skipAuthSecretCreation: true
+      existingConfigSecret: seaweedfs-s3-secret
+  volume:
+    enabled: true
+    replicas: 1
+  s3:
+    enabled: true
+    replicas: 1
+    port: 9000
+    metricsPort: 9091
+    enableAuth: true
+    skipAuthSecretCreation: true
+    existingConfigSecret: seaweedfs-s3-secret
+    auth:
+      username: seaweedfsadmin
+      password: seaweedfsadmin
+
+log-service:
+  fullnameOverride: log-service
+  config:
+    outputs: |
+      [OUTPUT]
+          Name               opensearch
+          Match              kube.*
+          Host               search-db
+          Port               9200
+          HTTP_User          admin
+          HTTP_Passwd        admin
+          Logstash_Format    On
+          Replace_Dots       On
+          Type               _doc
+          Retry_Limit        False
+          Suppress_Type_Name On
+      
+      [OUTPUT]
+          Name               opensearch
+          Match              host.*
+          Host               search-db
+          Port               9200
+          HTTP_User          admin
+          HTTP_Passwd        admin
+          Logstash_Format    On
+          Logstash_Prefix    node
+          Replace_Dots       On
+          Type               _doc
+          Retry_Limit        False
+          Suppress_Type_Name On
+#          Replace_Dots        On
+#          Suppress_Type_Name  On
+
+ui:
+  enabled: true
+  image:
+    registry: s210.dl.hpc.tuwien.ac.at
+    repository: dbrepo/ui
+    tag: "latest"
+    pullPolicy: Always
+  logo: /logo.svg
+  icon: /favicon.ico
+  appleTouchIcon: /apple-touch-logo.png
+  version: 1.4.0
+  title: Database Repository
+  datacite:
+    url: https://doi.org
+  keycloak:
+    url: /api/auth/admin/
+  broker:
+    url: /admin/broker/
+    host: broker-service
+    extraInfo: ""
+    ports:
+      - 5672
+  forceSsl: false
+  replicaCount: 2
+  extraVolumes: [ ]
+  #  - name: images-map
+  #    configMap:
+  #      name: ui-config
+  extraVolumeMounts: [ ]
+  #  - name: images-map
+  #    mountPath: /static/logo.svg
+  #    subPath: logo.svg
+
+ingress:
+  enabled: false
+  data:
+    - name: ingress
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+      hosts:
+        - paths:
+            - path: /api/analyse
+              pathType: Prefix
+              serviceName: analyse-service
+              portNumber: 80
+            - path: /api/search
+              pathType: Prefix
+              serviceName: search-service
+              portNumber: 80
+            - path: /api
+              pathType: Prefix
+              serviceName: metadata-service
+              portNumber: 80
+            - path: /
+              pathType: Prefix
+              serviceName: ui
+              portNumber: 80
+      tls:
+        - secretName: dbrepo-ingress-tls-cert
+    - name: ingress-upload
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+        nginx.ingress.kubernetes.io/proxy-body-size: 2G
+      hosts:
+        - paths:
+            - path: /api/upload
+              pathType: Prefix
+              serviceName: upload-service
+              portNumber: 80
+      tls:
+        - secretName: dbrepo-ingress-tls-cert
+    - name: ingress-secure
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      hosts:
+        - paths:
+            - path: /admin/dashboard
+              pathType: Prefix
+              serviceName: search-db-dashboard
+              portNumber: 5601
+      tls:
+        - secretName: dbrepo-ingress-tls-cert
+    - name: ingress-api
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+        nginx.ingress.kubernetes.io/use-regex: "true"
+        nginx.ingress.kubernetes.io/rewrite-target: /api/$1
+      hosts:
+        - paths:
+            - path: /api/broker/(.*)
+              pathType: ImplementationSpecific
+              serviceName: broker-service
+              portNumber: 15672
+      tls:
+        - secretName: dbrepo-ingress-tls-cert
+    - name: ingress-root
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+        nginx.ingress.kubernetes.io/use-regex: "true"
+        nginx.ingress.kubernetes.io/rewrite-target: /$1
+      hosts:
+        - paths:
+            - path: /admin/broker/(.*)
+              pathType: ImplementationSpecific
+              serviceName: broker-service
+              portNumber: 15672
+            - path: /admin/storage
+              pathType: ImplementationSpecific
+              serviceName: storage-service-s3
+              portNumber: 9000
+      tls:
+        - secretName: dbrepo-ingress-tls-cert
+    - name: ingress-root-secure
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+        nginx.ingress.kubernetes.io/use-regex: "true"
+        nginx.ingress.kubernetes.io/rewrite-target: /$1
+      hosts:
+        - paths:
+            - path: /api/auth/(.*)
+              pathType: ImplementationSpecific
+              serviceName: auth-service
+              portNumber: 443
+            - path: /retrieve/(.*)
+              pathType: ImplementationSpecific
+              serviceName: search-db
+              portNumber: 9200
+      tls:
+        - secretName: dbrepo-ingress-tls-cert
+    - name: ingress-pid
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+        nginx.ingress.kubernetes.io/use-regex: "true"
+        nginx.ingress.kubernetes.io/rewrite-target: /api/pid/$1
+      hosts:
+        - paths:
+            - path: /pid/(.*)
+              pathType: ImplementationSpecific
+              serviceName: metadata-service
+              portNumber: 80
+      tls:
+        - secretName: dbrepo-ingress-tls-cert