diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 387d6709..b2da644c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d98fae84..5363fb52 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -142,7 +142,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=1.12.18-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=1.12.19-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Hashicorp Container Build and push
@@ -180,7 +180,7 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=1.12.18-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
+            type=raw,value=1.12.19-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }}
             type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
 
       - name: Agent Plane Azure Vault Container Build and push
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
index 3964bc82..dc436091 100644
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -1,5 +1,5 @@
 ###############################################################
-# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation
+# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml
index 961d3fa6..7e1a89cd 100644
--- a/.github/workflows/helm-chart-lint.yml
+++ b/.github/workflows/helm-chart-lint.yml
@@ -1,6 +1,6 @@
 ---
 #
-#  Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -56,23 +56,38 @@ jobs:
   lint-test:
     runs-on: ubuntu-latest
     steps:
+      # get the code
       - name: Checkout
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
+      # Set-Up Helm
       - name: Set up Helm
         uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
         with:
           version: v3.10.3
 
+      # Set-Up Java
+      - name: Setup JDK 17
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+
+      # Set-Up Python
       - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
         with:
           python-version: 3.9
 
+      # Set-Up CT
       - name: Set up chart-testing
         uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
 
+      - name: Run chart-testing (lint)
+        run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml
+
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
@@ -81,6 +96,47 @@ jobs:
             echo "CHART_CHANGED=true" >> $GITHUB_ENV
           fi
 
-      # run chart linting
-      - name: Run chart-testing (lint)
-        run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml
+      # Preparing a kind cluster to install and test charts on
+      - name: Create kind cluster
+        uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3
+        with:
+          # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions
+          version: v0.20.0
+          # default value for event_name != workflow_dispatch
+          node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }}
+        if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true'
+
+      - name: Build Java/Docker via Maven
+        run: |
+          ./mvnw -s settings.xml deploy -Drepo=kind-registry:5000/tractusx/ -Dmaven.deploy.skip -DskipTests -Pwith-docker-image
+        if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true'
+
+      # install the chart to the kind cluster and run helm test
+      # define charts to test with the --charts parameter
+      - name: Run chart-testing (install)
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add hashicorp https://helm.releases.hashicorp.com
+          ct install --charts charts/agent-plane,charts/agent-plane-azure-vault --config charts/config/chart-testing-config.yaml --helm-extra-set-args="--set=imageRegistry=kind-registry:5000/"
+        if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true'
+
+      # Upgrade the released chart version with the locally available chart
+      # default value for event_name != workflow_dispatch
+      - name: Run helm upgrade on agent plane
+        run: |
+          helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+          helm install agent tractusx-dev/agent-plane --version ${{ github.event.inputs.upgrade_from }} --set=image.registry=kind-registry:5000/
+          helm dependency update charts/agent-plane
+          helm upgrade agent charts/agent-plamne
+        if: (github.event_name != 'pull_request' || env.CHART_CHANGED == 'true') && github.event.inputs.upgrade_from != '' && github.event.inputs.upgrade_from != 'x.x.x'
+
+      # Upgrade the released chart version with the locally available chart
+      # default value for event_name != workflow_dispatch
+      - name: Run helm upgrade on agent plane azure vault
+        run: |
+          helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+          helm install agent-azure tractusx-dev/agent-plane-azure-vault --version ${{ github.event.inputs.upgrade_from }} --set=imageRegistry=kind-registry:5000/
+          helm dependency update charts/agent-plane-azure-vault
+          helm upgrade agent-azure charts/agent-plane-azure-vault
+        if: (github.event_name != 'pull_request' || env.CHART_CHANGED == 'true') && github.event.inputs.upgrade_from != '' && github.event.inputs.upgrade_from != 'x.x.x'
+
diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm-chart-release.yml
index f01e9f76..8ab748dc 100644
--- a/.github/workflows/helm-chart-release.yml
+++ b/.github/workflows/helm-chart-release.yml
@@ -1,6 +1,6 @@
 ---
 #
-#  Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
diff --git a/.tractusx b/.tractusx
index a6c21476..6efc7db9 100644
--- a/.tractusx
+++ b/.tractusx
@@ -1,5 +1,5 @@
 ###############################################################
-# Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5c019e9b..dee0ffd5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,39 @@ All notable changes to this product will be documented in this file.
 
 # Released
 
+## [1.12.19] - 2024-05-17
+
+### Added
+
+- Federated Catalogue: Support for sh:shape in top-level graph for implementing goal-oriented skills, operate according to the CS 24.05 standard
+- Matchmaking Agent: Possibility to use an external matchmaking agent (which can host actual graph data)
+- Charts for Agent Plane Only Deployments (agent-plane, agent-plane-vault) in Umbrella with Tractus-X Connector (tractusx-connector, tractusx-connector-azure-vault)
+
+### Changed
+
+- Adapted to Tractus-X EDC 0.7.0
+- Upgraded to the latest possible version of dependent libraries
+- Improvements when interacting with EDC control plane
+
+### Removed
+
+- Support for Tractus-X EDC <0.6.x, compatibility modes
+- Charts for Complete Connector Deployments (agent-connector)
+
+## [1.11.16] - 2024-02-20
+
+### Added
+
+- Federated Catalogue: More asset properties mapped, operate according CX 24.03 standards
+
+### Changed
+
+- Adapted to Tractus-X EDC 0.5.4
+- Upgraded to the latest possible version of dependent libraries
+- Improvements when interacting with EDC control plane
+
+### Removed
+
 ## [1.10.15] - 2023-11-22
 
 ### Added
diff --git a/DEPENDENCIES b/DEPENDENCIES
index 723b36e1..932603bc 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -1,314 +1,365 @@
-maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.2, Apache-2.0, approved, #8912
-maven/mavencentral/com.azure/azure-core-http-netty/1.13.6, MIT AND Apache-2.0, approved, #7948
-maven/mavencentral/com.azure/azure-core/1.42.0, MIT AND Apache-2.0, approved, #10089
-maven/mavencentral/com.azure/azure-identity/1.10.0, MIT AND Apache-2.0, approved, #10086
-maven/mavencentral/com.azure/azure-json/1.0.1, MIT AND Apache-2.0, approved, #7933
-maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.6.2, MIT, approved, #7940
-maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.2, Apache-2.0, approved, #5303
-maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.2, Apache-2.0, approved, #7947
-maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.2, Apache-2.0 AND MIT, approved, #4303
-maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.2, MIT AND Apache-2.0, approved, #7932
-maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.2, Apache-2.0, approved, #4105
-maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.2, Apache-2.0, approved, #7934
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.15.2, Apache-2.0, approved, #9237
-maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.13.3, Apache-2.0, approved, #2566
-maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.15.2, Apache-2.0, approved, #9179
-maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.2, Apache-2.0, approved, #4699
-maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.15.2, Apache-2.0, approved, #7930
-maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.13.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.13.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.13.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.14.1, Apache-2.0, approved, #5308
-maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.5.1, Apache-2.0, approved, #7950
+maven/mavencentral/com.apicatalog/carbon-did/0.0.2, Apache-2.0, approved, #9239
+maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.8.1, Apache-2.0, approved, #9234
+maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.0, Apache-2.0, approved, #13683
+maven/mavencentral/com.azure/azure-core-http-netty/1.14.0, MIT AND Apache-2.0, approved, #13238
+maven/mavencentral/com.azure/azure-core-http-netty/1.14.1, MIT AND Apache-2.0, approved, #13238
+maven/mavencentral/com.azure/azure-core/1.46.0, MIT AND Apache-2.0, approved, #13234
+maven/mavencentral/com.azure/azure-core/1.47.0, MIT AND Apache-2.0, approved, #13678
+maven/mavencentral/com.azure/azure-identity/1.11.4, MIT AND Apache-2.0, approved, #13237
+maven/mavencentral/com.azure/azure-json/1.1.0, MIT AND Apache-2.0, approved, #10547
+maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.8.1, MIT, approved, #13690
+maven/mavencentral/com.azure/azure-storage-blob/12.25.2, MIT, approved, #13400
+maven/mavencentral/com.azure/azure-storage-common/12.24.2, MIT, approved, #13402
+maven/mavencentral/com.azure/azure-storage-internal-avro/12.10.2, MIT, approved, #13399
+maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672
+maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665
+maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.0, Apache-2.0, approved, #14192
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.0, Apache-2.0, approved, #13666
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.0, Apache-2.0, approved, #13669
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.0, Apache-2.0, approved, #14161
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.5, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.0, Apache-2.0, approved, #14160
+maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.17.0, Apache-2.0, approved, #14194
+maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.17.0, Apache-2.0, approved, #14195
+maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.17.0, Apache-2.0, approved, #13668
+maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.6.1, Apache-2.0, approved, #12789
 maven/mavencentral/com.github.andrewoma.dexx/collection/0.7, MIT, approved, CQ22160
-maven/mavencentral/com.github.docker-java/docker-java-api/3.3.0, Apache-2.0, approved, #10346
-maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
-maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.0, Apache-2.0, approved, #7942
+maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.6, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346
+maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946
+maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942
 maven/mavencentral/com.github.jsonld-java/jsonld-java/0.13.4, BSD-3-Clause, approved, CQ22136
 maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949
+maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, Apache-2.0, approved, #20
 maven/mavencentral/com.google.code.gson/gson/2.10.1, Apache-2.0, approved, #6159
-maven/mavencentral/com.google.protobuf/protobuf-java/3.22.2, BSD-3-Clause, approved, #8370
+maven/mavencentral/com.google.crypto.tink/tink/1.12.0, Apache-2.0, approved, #12041
+maven/mavencentral/com.google.errorprone/error_prone_annotations/2.22.0, Apache-2.0, approved, #10661
+maven/mavencentral/com.google.protobuf/protobuf-java/3.24.3, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.2.0, MIT, approved, clearlydefined
-maven/mavencentral/com.microsoft.azure/msal4j/1.13.9, MIT, approved, clearlydefined
-maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.microsoft.azure/msal4j/1.14.3, MIT, approved, #14159
+maven/mavencentral/com.nimbusds/content-type/2.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.31, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/10.7.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.11.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.squareup.okhttp3/okhttp/4.11.0, Apache-2.0, approved, #9240
-maven/mavencentral/com.squareup.okio/okio-jvm/3.2.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.squareup.okio/okio-jvm/3.4.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.squareup.okio/okio/3.2.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.squareup.okio/okio/3.4.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
+maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/11.9.1, Apache-2.0, approved, #12667
+maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, approved, #11159
+maven/mavencentral/com.squareup.okhttp3/okhttp/4.12.0, Apache-2.0, approved, #11156
+maven/mavencentral/com.squareup.okio/okio-jvm/3.6.0, Apache-2.0, approved, #11158
+maven/mavencentral/com.squareup.okio/okio/3.6.0, Apache-2.0, approved, #11155
 maven/mavencentral/com.sun.activation/jakarta.activation/2.0.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/commons-cli/commons-cli/1.5.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641
-maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745
+maven/mavencentral/commons-io/commons-io/2.15.1, Apache-2.0, approved, #11244
 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #9178
 maven/mavencentral/dev.failsafe/failsafe/3.3.2, Apache-2.0, approved, #9268
-maven/mavencentral/io.github.classgraph/classgraph/4.8.138, MIT, approved, CQ22530
-maven/mavencentral/io.micrometer/micrometer-commons/1.11.3, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243
-maven/mavencentral/io.micrometer/micrometer-core/1.11.3, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238
-maven/mavencentral/io.micrometer/micrometer-observation/1.11.3, Apache-2.0, approved, #9242
-maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.10.5, Apache-2.0, approved, #4721
-maven/mavencentral/io.netty/netty-buffer/4.1.101.Final, Apache-2.0, approved, CQ21842
-maven/mavencentral/io.netty/netty-buffer/4.1.94.Final, Apache-2.0, approved, CQ21842
-maven/mavencentral/io.netty/netty-codec-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-codec-http/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-codec-http/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-codec-http2/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-codec-socks/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-codec/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-codec/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-common/4.1.101.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
-maven/mavencentral/io.netty/netty-common/4.1.94.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
-maven/mavencentral/io.netty/netty-handler-proxy/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-handler/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.101.Final, Apache-2.0, approved, #6367
-maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.101.Final, Apache-2.0, approved, #7004
-maven/mavencentral/io.netty/netty-resolver-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-resolver/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-resolver/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.61.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
-maven/mavencentral/io.netty/netty-tcnative-classes/2.0.61.Final, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.101.Final, Apache-2.0, approved, #6366
-maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.94.Final, Apache-2.0, approved, #6366
-maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.94.Final, Apache-2.0, approved, #4107
+maven/mavencentral/io.github.classgraph/classgraph/4.8.154, MIT, approved, CQ22530
+maven/mavencentral/io.micrometer/micrometer-commons/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11679
+maven/mavencentral/io.micrometer/micrometer-core/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678
+maven/mavencentral/io.micrometer/micrometer-observation/1.12.5, Apache-2.0, approved, #11680
+maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.1, Apache-2.0, approved, #9805
+maven/mavencentral/io.netty/netty-buffer/4.1.108.Final, Apache-2.0, approved, CQ21842
+maven/mavencentral/io.netty/netty-codec-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-codec-http/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-codec-http2/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-codec-socks/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-codec/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-common/4.1.108.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843
+maven/mavencentral/io.netty/netty-handler-proxy/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-handler/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.108.Final, Apache-2.0, approved, #6367
+maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.108.Final, Apache-2.0, approved, #7004
+maven/mavencentral/io.netty/netty-resolver-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-resolver/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.62.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280
+maven/mavencentral/io.netty/netty-tcnative-classes/2.0.62.Final, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.108.Final, Apache-2.0, approved, #6366
+maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.108.Final, Apache-2.0, approved, #4107
 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-transport/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.netty/netty-transport/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
-maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.29.0, Apache-2.0, approved, #10087
-maven/mavencentral/io.opentelemetry/opentelemetry-api/1.29.0, Apache-2.0, approved, #10088
-maven/mavencentral/io.opentelemetry/opentelemetry-context/1.29.0, Apache-2.0, approved, #10090
-maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.39, Apache-2.0, approved, #9687
-maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.39, Apache-2.0, approved, #11661
+maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.netty/netty-transport/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926
+maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684
+maven/mavencentral/io.opentelemetry/opentelemetry-api/1.32.0, Apache-2.0, approved, #11682
+maven/mavencentral/io.opentelemetry/opentelemetry-context/1.32.0, Apache-2.0, approved, #11683
+maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.40, Apache-2.0, approved, #9687
+maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.44, Apache-2.0, approved, #9687
+maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.40, Apache-2.0, approved, #11661
+maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.44, Apache-2.0, approved, #11661
 maven/mavencentral/io.projectreactor/reactor-core/3.4.34, Apache-2.0, approved, #7517
+maven/mavencentral/io.projectreactor/reactor-core/3.4.37, Apache-2.0, approved, #7517
 maven/mavencentral/io.prometheus/simpleclient/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_common/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_tracer_common/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_tracer_otel/0.16.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.prometheus/simpleclient_tracer_otel_agent/0.16.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.2, Apache-2.0, approved, #5947
-maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.2, Apache-2.0, approved, #5929
-maven/mavencentral/io.swagger.core.v3/swagger-integration-jakarta/2.2.2, Apache-2.0, approved, #11475
-maven/mavencentral/io.swagger.core.v3/swagger-jaxrs2-jakarta/2.2.2, Apache-2.0, approved, #11477
-maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.2, Apache-2.0, approved, #5919
+maven/mavencentral/io.setl/rdf-urdna/1.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.15, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.15, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-integration-jakarta/2.2.15, Apache-2.0, approved, #11475
+maven/mavencentral/io.swagger.core.v3/swagger-jaxrs2-jakarta/2.2.15, Apache-2.0, approved, #11477
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.15, Apache-2.0, approved, #5919
 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
 maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
-maven/mavencentral/jakarta.json/jakarta.json-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
+maven/mavencentral/jakarta.json/jakarta.json-api/2.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
 maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jta
 maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation
 maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest
-maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb
+maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, approved, ee4j.jaxb
 maven/mavencentral/javax.servlet/javax.servlet-api/4.0.1, (CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ16125
 maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
-maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.5, Apache-2.0, approved, #7164
-maven/mavencentral/net.bytebuddy/byte-buddy/1.14.5, Apache-2.0 AND BSD-3-Clause, approved, #7163
+maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.1, Apache-2.0, approved, #7164
+maven/mavencentral/net.bytebuddy/byte-buddy/1.14.1, Apache-2.0 AND BSD-3-Clause, approved, #7163
+maven/mavencentral/net.bytebuddy/byte-buddy/1.14.9, Apache-2.0 AND BSD-3-Clause, approved, #7163
 maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #6707
-maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217
+maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390
 maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #6709
-maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515
-maven/mavencentral/net.minidev/json-smart/2.4.11, Apache-2.0, approved, #3288
-maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368
+maven/mavencentral/net.minidev/accessors-smart/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/net.minidev/json-smart/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.commons/commons-compress/1.26.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #13288
 maven/mavencentral/org.apache.commons/commons-csv/1.10.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.commons/commons-lang3/3.14.0, Apache-2.0, approved, #11677
 maven/mavencentral/org.apache.commons/commons-pool2/2.12.0, Apache-2.0 AND LicenseRef-Public-Domain, approved, #10843
 maven/mavencentral/org.apache.httpcomponents/httpclient-cache/4.5.14, Apache-2.0, approved, CQ11714
 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527
 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528
-maven/mavencentral/org.apache.jena/jena-arq/4.8.0, Apache-2.0 AND (Apache-2.0 AND EPL-2.0) AND (Apache-2.0 AND EPL-1.0), approved, #8883
-maven/mavencentral/org.apache.jena/jena-base/4.8.0, Apache-2.0, approved, #8887
-maven/mavencentral/org.apache.jena/jena-core/4.8.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #8873
-maven/mavencentral/org.apache.jena/jena-dboe-base/4.8.0, Apache-2.0, approved, #8884
-maven/mavencentral/org.apache.jena/jena-dboe-index/4.8.0, Apache-2.0, approved, #8879
-maven/mavencentral/org.apache.jena/jena-dboe-storage/4.8.0, Apache-2.0, approved, #8907
-maven/mavencentral/org.apache.jena/jena-dboe-trans-data/4.8.0, Apache-2.0, approved, #8874
-maven/mavencentral/org.apache.jena/jena-dboe-transaction/4.8.0, Apache-2.0, approved, #8892
-maven/mavencentral/org.apache.jena/jena-fuseki-core/4.8.0, Apache-2.0 AND (EPL-2.0 OR Apache-2.0), approved, #9841
-maven/mavencentral/org.apache.jena/jena-iri/4.8.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.apache.jena/jena-rdfconnection/4.8.0, Apache-2.0, approved, #8897
-maven/mavencentral/org.apache.jena/jena-rdfpatch/4.8.0, Apache-2.0, approved, #8903
-maven/mavencentral/org.apache.jena/jena-shacl/4.8.0, Apache-2.0 AND W3C-20150513, approved, #8905
-maven/mavencentral/org.apache.jena/jena-shaded-guava/4.8.0, Apache-2.0 AND CC0-1.0 AND LicenseRef-Public-Domain, approved, #8877
-maven/mavencentral/org.apache.jena/jena-shex/4.8.0, Apache-2.0, approved, #8908
-maven/mavencentral/org.apache.jena/jena-tdb/4.8.0, Apache-2.0, approved, #8909
-maven/mavencentral/org.apache.jena/jena-tdb2/4.8.0, Apache-2.0, approved, #8881
+maven/mavencentral/org.apache.jena/jena-arq/4.9.0, Apache-2.0 AND (Apache-2.0 AND EPL-2.0) AND (Apache-2.0 AND EPL-1.0), approved, #14711
+maven/mavencentral/org.apache.jena/jena-base/4.9.0, Apache-2.0, approved, #14713
+maven/mavencentral/org.apache.jena/jena-core/4.9.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #14700
+maven/mavencentral/org.apache.jena/jena-dboe-base/4.9.0, Apache-2.0, approved, #14705
+maven/mavencentral/org.apache.jena/jena-dboe-index/4.9.0, Apache-2.0, approved, #14710
+maven/mavencentral/org.apache.jena/jena-dboe-storage/4.9.0, Apache-2.0, approved, #14704
+maven/mavencentral/org.apache.jena/jena-dboe-trans-data/4.9.0, Apache-2.0, approved, #14707
+maven/mavencentral/org.apache.jena/jena-dboe-transaction/4.9.0, Apache-2.0, approved, #14712
+maven/mavencentral/org.apache.jena/jena-fuseki-core/4.9.0, Apache-2.0 AND (EPL-2.0 OR Apache-2.0), approved, #14702
+maven/mavencentral/org.apache.jena/jena-iri/4.9.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.jena/jena-rdfconnection/4.9.0, Apache-2.0, approved, #14703
+maven/mavencentral/org.apache.jena/jena-rdfpatch/4.9.0, Apache-2.0, approved, #14714
+maven/mavencentral/org.apache.jena/jena-shacl/4.9.0, Apache-2.0 AND W3C-20150513, approved, #14706
+maven/mavencentral/org.apache.jena/jena-shex/4.9.0, Apache-2.0, approved, #14709
+maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, Apache-2.0, approved, #14708
+maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, Apache-2.0, approved, #14701
 maven/mavencentral/org.apache.thrift/libthrift/0.18.1, Apache-2.0, approved, #8911
 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161
-maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.76, MIT, approved, #9825
-maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.76, MIT AND CC0-1.0, approved, #9827
-maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.76, MIT, approved, #9828
-maven/mavencentral/org.checkerframework/checker-qual/3.31.0, MIT, approved, clearlydefined
-maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670
-maven/mavencentral/org.eclipse.edc/aggregate-service-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/api-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/api-observability/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/auth-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/aws-s3-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/boot/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/catalog-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/connector-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/contract-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/control-api-configuration/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/core-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-api/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-aws-s3/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-framework/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-http/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/data-plane-util/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/http-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/http/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jersey-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jersey-providers/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jetty-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/json-ld-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/json-ld/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/junit/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jwt-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/jwt-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/micrometer-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/oauth2-client/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/oauth2-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-engine/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-evaluator/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-model/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/policy-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/sql-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/sql-lease/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transaction-local/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transaction-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transfer-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transform-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/transform-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/util/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/validator-core/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/validator-spi/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/vault-azure/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.2.1, Apache-2.0, approved, technology.edc
-maven/mavencentral/org.eclipse.edc/web-spi/0.2.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585
+maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434
+maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433
+maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435
+maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined
+maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined
+maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.2, BSD-2-Clause, approved, #2670
+maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/api-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/api-observability/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/asset-index-sql/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/asset-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/auth-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/aws-s3-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/azure-blob-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/boot-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/boot-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/boot/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/catalog-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/connector-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/contract-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-api-configuration/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/control-plane-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/core-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-aws-s3/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-azure-storage/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-http/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-public-api-v2/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-signaling-api-configuration/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-signaling-api/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-signaling-transform/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-store-sql/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/data-plane-util/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/edr-index-sql/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/edr-store-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/edr-store-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/http-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/http-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/http/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-did-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-did-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-did-web/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jersey-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jersey-providers-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jetty-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-ld-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-ld-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-ld/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/json-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/junit-base/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/junit/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/jwt-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/keys-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/keys-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/micrometer-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/oauth2-client/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/oauth2-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-engine-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-evaluator-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-model/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/policy-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/query-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/sql-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/sql-lease/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/state-machine-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/store-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/token-core/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/token-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transaction-local/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transaction-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transfer-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transform-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/transform-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/util-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/validator-lib/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/validator-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/vault-azure/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.6.1, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/web-spi/0.6.1, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.16, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.12.18-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.12.18-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-provider-api/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-provider-core/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-provider-spi/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edr-cache-core/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edr-cache-sql/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/sql-pool/0.5.3, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
-maven/mavencentral/org.glassfish.hk2/osgi-resource-locator/1.0.3, CDDL-1.0, approved, CQ10889
-maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
-maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty
+maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.12.19-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.12.19-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/core-utils/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/data-plane-migration/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edr-core/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/postgresql-migration-lib/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-api/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-core/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-handler/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-spi/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/tx-iatp-sts-dim/0.7.0, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.flywaydb/flyway-core/10.11.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.11.0, Apache-2.0, approved, #14239
+maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.hk2/osgi-resource-locator/1.0.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish
+maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
+maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey
 maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
 maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429
 maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192
-maven/mavencentral/org.javassist/javassist/3.25.0-GA, MPL-1.1 OR LGPL-2.1-or-later OR Apache-2.0, approved, CQ19885
 maven/mavencentral/org.javassist/javassist/3.29.2-GA, Apache-2.0 AND LGPL-2.1-or-later AND MPL-1.1, approved, #6023
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.6.20, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.0, Apache-2.0, approved, #8910
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.6.20, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.0, Apache-2.0, approved, #8807
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.6.20, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.0, Apache-2.0, approved, #8919
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.6.20, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.0, Apache-2.0, approved, #8865
-maven/mavencentral/org.jetbrains/annotations/24.0.1, Apache-2.0, approved, #7417
-maven/mavencentral/org.junit-pioneer/junit-pioneer/2.0.1, EPL-2.0, approved, clearlydefined
-maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.3, EPL-2.0, approved, #3133
-maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.3, EPL-2.0, approved, #3125
-maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approved, #3134
-maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130
-maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.3, EPL-2.0, approved, #3128
-maven/mavencentral/org.junit.platform/junit-platform-launcher/1.9.3, EPL-2.0, approved, #3132
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.9.10, Apache-2.0, approved, #14186
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, approved, #8807
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.10, Apache-2.0, approved, #14193
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.9.10, Apache-2.0, approved, #14191
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.9.10, Apache-2.0, approved, #11827
+maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857
+maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.2, EPL-2.0, approved, #9714
+maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.2, EPL-2.0, approved, #9711
+maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #9708
+maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.2, EPL-2.0, approved, #9715
+maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.2, EPL-2.0, approved, #9709
+maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.2, EPL-2.0, approved, #9704
 maven/mavencentral/org.jvnet.mimepull/mimepull/1.9.15, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ21484
 maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, BSD-2-Clause, approved, CQ17408
-maven/mavencentral/org.mockito/mockito-core/5.4.0, MIT AND Apache-2.0, approved, #9092
+maven/mavencentral/org.mockito/mockito-core/5.2.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7401
 maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
-maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
-maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, clearlydefined
-maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
-maven/mavencentral/org.postgresql/postgresql/42.6.0, BSD-2-Clause AND Apache-2.0, approved, #9159
+maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
+maven/mavencentral/org.ow2.asm/asm-commons/9.6, BSD-3-Clause, approved, #10775
+maven/mavencentral/org.ow2.asm/asm-tree/9.6, BSD-3-Clause, approved, #10773
+maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
+maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681
 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332
 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
-maven/mavencentral/org.slf4j/slf4j-api/2.0.7, MIT, approved, #5915
-maven/mavencentral/org.testcontainers/junit-jupiter/1.18.3, MIT, approved, #7941
-maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #7938
-maven/mavencentral/org.yaml/snakeyaml/2.0, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #7275
-maven/mavencentral/software.amazon.awssdk/annotations/2.20.162, Apache-2.0, approved, #8598
-maven/mavencentral/software.amazon.awssdk/apache-client/2.20.123, Apache-2.0, approved, #8609
-maven/mavencentral/software.amazon.awssdk/arns/2.20.123, Apache-2.0, approved, #8616
-maven/mavencentral/software.amazon.awssdk/auth/2.20.123, Apache-2.0, approved, #8602
-maven/mavencentral/software.amazon.awssdk/aws-core/2.20.123, Apache-2.0, approved, #8612
-maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.20.123, Apache-2.0, approved, #8629
-maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.20.123, Apache-2.0, approved, #8624
-maven/mavencentral/software.amazon.awssdk/crt-core/2.20.123, Apache-2.0, approved, #8627
-maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.20.123, Apache-2.0, approved, #8604
-maven/mavencentral/software.amazon.awssdk/http-client-spi/2.20.162, Apache-2.0, approved, #8608
-maven/mavencentral/software.amazon.awssdk/iam/2.20.123, Apache-2.0, approved, #9271
-maven/mavencentral/software.amazon.awssdk/json-utils/2.20.123, Apache-2.0, approved, #8614
-maven/mavencentral/software.amazon.awssdk/metrics-spi/2.20.162, Apache-2.0, approved, #8636
-maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.20.162, Apache-2.0, approved, #8613
-maven/mavencentral/software.amazon.awssdk/profiles/2.20.123, Apache-2.0, approved, #8600
-maven/mavencentral/software.amazon.awssdk/protocol-core/2.20.123, Apache-2.0, approved, #8635
-maven/mavencentral/software.amazon.awssdk/regions/2.20.123, Apache-2.0, approved, #8632
-maven/mavencentral/software.amazon.awssdk/s3/2.20.123, Apache-2.0, approved, #8623
-maven/mavencentral/software.amazon.awssdk/sdk-core/2.20.123, Apache-2.0, approved, #8611
-maven/mavencentral/software.amazon.awssdk/sts/2.20.123, Apache-2.0, approved, #9269
-maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.20.123, Apache-2.0, approved, #8622
-maven/mavencentral/software.amazon.awssdk/utils/2.20.162, Apache-2.0, approved, #8625
+maven/mavencentral/org.roaringbitmap/RoaringBitmap/0.9.45, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.roaringbitmap/shims/0.9.45, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.slf4j/slf4j-api/2.0.12, MIT, approved, #5915
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.7, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/testcontainers/1.19.7, Apache-2.0 AND MIT, approved, #10347
+maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232
+maven/mavencentral/software.amazon.awssdk/annotations/2.24.10, Apache-2.0, approved, #13251
+maven/mavencentral/software.amazon.awssdk/apache-client/2.24.10, Apache-2.0, approved, #13257
+maven/mavencentral/software.amazon.awssdk/arns/2.24.10, Apache-2.0, approved, #13243
+maven/mavencentral/software.amazon.awssdk/auth/2.24.10, Apache-2.0, approved, #13256
+maven/mavencentral/software.amazon.awssdk/aws-core/2.24.10, Apache-2.0, approved, #13240
+maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.24.10, Apache-2.0, approved, #13262
+maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.24.10, Apache-2.0, approved, #13247
+maven/mavencentral/software.amazon.awssdk/checksums-spi/2.24.10, Apache-2.0, approved, #13245
+maven/mavencentral/software.amazon.awssdk/checksums/2.24.10, Apache-2.0, approved, #13242
+maven/mavencentral/software.amazon.awssdk/crt-core/2.24.10, Apache-2.0, approved, #13252
+maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.24.10, Apache-2.0, approved, #13246
+maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.24.10, Apache-2.0, approved, #13253
+maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.24.10, Apache-2.0, approved, #13264
+maven/mavencentral/software.amazon.awssdk/http-auth/2.24.10, Apache-2.0, approved, #13248
+maven/mavencentral/software.amazon.awssdk/http-client-spi/2.24.10, Apache-2.0, approved, #13259
+maven/mavencentral/software.amazon.awssdk/iam/2.24.10, Apache-2.0, approved, #13444
+maven/mavencentral/software.amazon.awssdk/identity-spi/2.24.10, Apache-2.0, approved, #13244
+maven/mavencentral/software.amazon.awssdk/json-utils/2.24.10, Apache-2.0, approved, #13261
+maven/mavencentral/software.amazon.awssdk/metrics-spi/2.24.10, Apache-2.0, approved, #13239
+maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.24.10, Apache-2.0, approved, #13260
+maven/mavencentral/software.amazon.awssdk/profiles/2.24.10, Apache-2.0, approved, #13258
+maven/mavencentral/software.amazon.awssdk/protocol-core/2.24.10, Apache-2.0, approved, #13241
+maven/mavencentral/software.amazon.awssdk/regions/2.24.10, Apache-2.0, approved, #13255
+maven/mavencentral/software.amazon.awssdk/s3/2.24.10, Apache-2.0, approved, #13254
+maven/mavencentral/software.amazon.awssdk/sdk-core/2.24.10, Apache-2.0, approved, #13265
+maven/mavencentral/software.amazon.awssdk/sts/2.24.10, Apache-2.0, approved, #13442
+maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.24.10, Apache-2.0, approved, #13249
+maven/mavencentral/software.amazon.awssdk/utils/2.24.10, Apache-2.0, approved, #13250
 maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined
diff --git a/README.md b/README.md
index eafb1dc7..8895dce4 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ Above is a collaboration map of the main implementation classes found in this re
 
 It starts with an application performing a [SPARQL](https://www.w3.org/TR/sparql11-query/) call against the Consumer's [AgentController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java) of the [Agent Protocol Data Plane Extension](agent-plane/agent-plane-protocol/README.md). This call may be handled by a [AuthenticationService](https://github.com/eclipse-edc/Connector/blob/main/spi/common/auth-spi/src/main/java/org/eclipse/edc/api/auth/spi/AuthenticationService.java). Using the configuration facilities of the [JWT Auth Extension](common/auth-jwt/README.md) which sets up single [JwtAuthenticationService](common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/JwtAuthenticationService.java) or composed [CompositeAuthenticationService](common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeAuthenticationService.java) the handler stack may analyses diverse authorisation features of the incoming request, such as checking a JWT-based bearer token for validity against multiple OpenId servers by [CompositeJwsVerifier](common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java).
 
-The [AgentController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java) delegates the call upon preprocessing (e.g. by resolving local Skill Asset references using the [EdcSkillStore](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java)) to the actual [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) (an instance of an [Apache Jena Sparql Query Processor](https://github.com/apache/jena/blob/main/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java)). The [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) is backed by an [RDFStore](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RDFStore.java) which hosts the Federated Data Catalogue (and that is regularly synchronized by the [DataspaceSynchronizer](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java)).
+The [AgentController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java) delegates the call upon preprocessing (e.g. by resolving local Skill Asset references using the [EdcSkillStore](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java)) to the actual [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) (an instance of an [Apache Jena Sparql Query Processor](https://github.com/apache/jena/blob/main/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java)). The [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) is backed by an [RdfStore](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java) which hosts the Federated Data Catalogue (and that is regularly synchronized by the [DataspaceSynchronizer](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java)).
 
 Whenever external SERVICE references in a SPARQL query are to be executed, the [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) will ask the [DataspaceServiceExecutor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java) to execute the actual sub-operation. This operation could - depending on the actual query binding context - either point to multiple tenant-internal or public endpoints. The operation could also need to be batched in case that there are too many bindings to transfer in one go (see the maxBatchSize Parameter in the [Agent Protocol Data Plane Extension](agent-plane/agent-plane-protocol/README.md)). The operation could also hint to dataspace addresses (as indicated through URLs starting with the edc:// or edcs:// schemes). In this latter case, [DataspaceServiceExecutor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java) will ask the [AgreementController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementController.java) for help.
 
@@ -120,12 +120,12 @@ kubectl wait --namespace ingress-nginx \
   --selector=app.kubernetes.io/component=controller \
   --timeout=90s
 # transfer images
-kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT --name ka
-kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.12.18-SNAPSHOT --name ka
+kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT --name ka
+kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.12.19-SNAPSHOT --name ka
 # run chart testing
 ct install --charts charts/agent-plane
 ct install --charts charts/agent-plane-azure-vault   
-``````
+```
 
 ### Notice for Docker Images
 
diff --git a/agent-plane/README.md b/agent-plane/README.md
index 0e4bf97d..92abdc4d 100644
--- a/agent-plane/README.md
+++ b/agent-plane/README.md
@@ -66,10 +66,10 @@ mvn package -Pwith-docker-image
 Alternatively, after a successful build, you can invoke docker yourself 
 
 ```console
-docker build -t tractusx/agentplane-azure-vault:1.12.18-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-azure-vault:1.12.19-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile .
 ```
 
 ```console
-docker build -t tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile .
 ```
 
diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md
index e55b12b2..a6e34897 100644
--- a/agent-plane/agent-plane-protocol/README.md
+++ b/agent-plane/agent-plane-protocol/README.md
@@ -64,7 +64,7 @@ Add the following dependency to your data-plane artifact pom:
         <dependency>
             <groupId>org.eclipse.tractusx.agents.edc</groupId>
             <artifactId>agent-plane-protocol</artifactId>
-            <version>1.12.18-SNAPSHOT</version>
+            <version>1.12.19-SNAPSHOT</version>
         </dependency>
 ```
 
@@ -104,14 +104,14 @@ See [this sample configuration file](resources/dataplane.properties)
 | edc.dataplane.token.validation.endpoints.<id> | (X)      | http://oem-control-plane:9999/control/token                                    | Additional token validation endpoints to switch between (if multiple control planes)                                                                          | *    | 
 | web.http.callback.port                        | X        | 8187                                                                           | Callback endpoint port                                                                                                                                        |      | 
 | web.http.callback.path                        | X        | /callback                                                                      | Callback endpoint path prefix                                                                                                                                 |      | 
-| cx.agent.callback                             | X        | http://oem-data-plane:8187/callback/endpoint-data-reference                    | Callback endpoint full address as seen from the consuming control plane                                                                                       |      | 
+| cx.agent.callback                             | X        | http://oem-data-plane:8187/callback/transfer-process-started                    | Callback endpoint full address as seen from the consuming control plane                                                                                       |      | 
 | cx.agent.skill.contract                       |          | cx.agent.skill.contract.default=Contract?partner=Skill                         | Id/IRI of the default contract put in the cx-common:publishedUnderContract property for new skills                                                            |      |
 | cx.agent.dataspace.synchronization            |          | -1 / 60000                                                                     | If positive, number of seconds between each catalogue synchronization attempt                                                                                 |      | 
 | cx.agent.service.allow                        |          | (http&#124;edc)s?://.*                                                         | Regular expression for determining which IRIs are allowed in SERVICE calls (on top level/federated data catalogue)                                            |      | 
 | cx.agent.service.deny                         |          | ^$                                                                             | Regular expression for determining which IRIs are denied in SERVICE calls (on top level/federated data catalogue)                                             |      |                                                                                                                                                                       | 
 | cx.agent.service.asset.allow                  |          | (http&#124;edc)s://.*                                                          | Regular expression for determining which IRIs are allowed in delegated SERVICE calls (if not overriden by the cx-common:allowServicePattern address property) |      | 
 | cx.agent.service.asset.deny                   |          | ^$                                                                             | Regular expression for determining which IRIs are denied in delegated SERVICE calls (it not overridden by the cx-common:denyServicePattern address property)  |      |                                                                                                                                                                       | 
-| cx.agent.dataspace.remotes                    |          | http://consumer-edc-control:8282,http://tiera-edc-control:8282                 | business partner control plane protocol urls to synchronize with (if using internal matchmaking)                                                                                              | L    | 
+| cx.agent.dataspace.remotes                    |          | BPNL00000003COJN=http://oem-control-plane:8084,BPNL00000003CPIY=http://tiera-control-plane:8084                 | business partner control plane protocol urls wkth associated partner ids to synchronize with (if using internal matchmaking)                                                                                              | L    | 
 | cx.agent.sparql.verbose                       |          | false                                                                          | Controls the verbosity of the SparQL Engine                                                                                                                   |      | 
 | cx.agent.threadpool.size                      |          | 4                                                                              | Number of threads pooled for any concurrent batch calls and synchronisation actions                                                                           |      | 
 | cx.agent.federation.batch.max                 |          | 9223372036854775807 / 8                                                        | Maximal number of tuples to send in one query                                                                                                                 |      | 
@@ -121,5 +121,5 @@ See [this sample configuration file](resources/dataplane.properties)
 | cx.agent.read.timeout                         |          | 1080000                                                                        | Number of milliseconds after which a reading attempt is regarded as stale                                                                                     |      | 
 | cx.agent.call.timeout                         |          |                                                                                | Number of milliseconds after which a complete call is regarded as stale                                                                                       |      | 
 | cx.agent.write.timeout                        |          |                                                                                | Number of milliseconds after which a write attempt is regarded as stale                                                                                       |      | 
-| cx.agent.edc.version                          |          | 0.5.1                                                                          | Version of the TX EDC that is used (in case that management/transfer API changes)                                                                             |      | 
+| cx.agent.edc.version                          |          | 0.7.0                                                                          | Version of the TX EDC that is used (in case that management/transfer API changes)                                                                             |      | 
 
diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml
index aa75d9f8..5989490b 100644
--- a/agent-plane/agent-plane-protocol/pom.xml
+++ b/agent-plane/agent-plane-protocol/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents.edc</groupId>
         <artifactId>agent-plane</artifactId>
-        <version>1.12.18-SNAPSHOT</version>
+        <version>1.12.19-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -176,6 +176,12 @@
             <artifactId>junit</artifactId>
             <version>${edc.version}</version>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <!-- EDC Test -->
@@ -298,12 +304,78 @@
             </exclusions>
         </dependency>
 
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-toml</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-xml</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-yaml</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.jakarta.rs</groupId>
+            <artifactId>jackson-jakarta-rs-base</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.jakarta.rs</groupId>
+            <artifactId>jackson-jakarta-rs-json-provider</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.module</groupId>
+            <artifactId>jackson-module-jakarta-xmlbind-annotations</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+
         <!-- Runtime Only -->
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>netty-nio-client</artifactId>
-            <version>2.20.162</version>
+            <version>${awssdk.version}</version>
             <scope>runtime</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-buffer</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec-http</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-codec</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-common</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-handler</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-resolver</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-transport</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -312,12 +384,45 @@
             <version>${netty.nio.core-http2.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-resolver-dns</artifactId>
+            <version>${netty.nio.core-http2.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-handler-proxy</artifactId>
+            <version>${netty.nio.core-http2.version}</version>
+        </dependency>
+
+        <dependency>
+           <groupId>io.netty</groupId>
+            <artifactId>netty-resolver-dns-native-macos</artifactId>
+            <version>${netty.nio.core-http2.version}</version>
+            <classifier>osx-x86_64</classifier>
+        </dependency>
+
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-transport-native-kqueue</artifactId>
+            <version>${netty.nio.core-http2.version}</version>
+            <classifier>osx-x86_64</classifier>
+        </dependency>
+
+
         <dependency>
             <groupId>io.netty</groupId>
             <artifactId>netty-handler</artifactId>
             <version>${netty.nio.core-http2.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-transport-classes-epoll</artifactId>
+            <version>${netty.nio.core-http2.version}</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
@@ -361,6 +466,7 @@
             <version>${slf4j.version}</version>
             <scope>provided</scope>
         </dependency>
+
         <!-- Test -->
         <dependency>
             <groupId>org.junit.jupiter</groupId>
@@ -371,12 +477,12 @@
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
             <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>jakarta.validation</groupId>
-            <artifactId>jakarta.validation-api</artifactId>
-            <version>${jakarta.validation.version}</version>
-            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.eclipse.edc</groupId>
@@ -391,6 +497,12 @@
             </exclusions>
         </dependency>
 
+        <dependency>
+            <groupId>org.eclipse.edc</groupId>
+            <artifactId>jetty-core</artifactId>
+            <version>${edc.version}</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>
             <artifactId>kotlin-stdlib</artifactId>
@@ -398,6 +510,13 @@
             <scope>compile</scope>
         </dependency>
 
+        <dependency>
+            <groupId>org.jetbrains.kotlin</groupId>
+            <artifactId>kotlin-stdlib-jdk8</artifactId>
+            <version>${jetbrains.kotlin.version}</version>
+            <scope>compile</scope>
+        </dependency>
+
 
         <dependency>
             <groupId>io.micrometer</groupId>
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java
index 75532cb0..7842a4ef 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java
@@ -19,7 +19,9 @@
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.system.configuration.Config;
 
+import java.util.HashMap;
 import java.util.Map;
+import java.util.UUID;
 import java.util.regex.Pattern;
 
 /**
@@ -49,20 +51,20 @@ public class AgentConfig {
 
     public static final String NEGOTIATION_TIMEOUT_PROPERTY = "cx.agent.negotiation.timeout";
     public static final long DEFAULT_NEGOTIATION_TIMEOUT = 30000;
-    
+
     public static final String NEGOTIATION_POLLINTERVAL_PROPERTY = "cx.agent.negotiation.poll";
     public static final long DEFAULT_NEGOTIATION_POLLINTERVAL = 1000;
-    
+
     public static final String DATASPACE_SYNCINTERVAL_PROPERTY = "cx.agent.dataspace.synchronization";
     public static final long DEFAULT_DATASPACE_SYNCINTERVAL = -1;
-    
+
     public static final String DATASPACE_SYNCCONNECTORS_PROPERTY = "cx.agent.dataspace.remotes";
-        
+
     public static final String VALIDATION_ENDPOINTS = "edc.dataplane.token.validation.endpoints";
-    
+
     public static final String FEDERATION_SERVICE_BATCH_SIZE = "cx.agent.federation.batch.max";
     public static final long DEFAULT_FEDERATION_SERVICE_BATCH_SIZE = Long.MAX_VALUE;
-    
+
     public static final String THREAD_POOL_SIZE = "cx.agent.threadpool.size";
     public static final int DEFAULT_THREAD_POOL_SIZE = 4;
 
@@ -88,8 +90,6 @@ public class AgentConfig {
     public static final String SERVICE_DENY_ASSET_PROPERTY = "cx.agent.service.asset.deny";
     public static final String DEFAULT_SERVICE_DENY_ASSET_PATTERN = "^$";
 
-    public static final String TX_EDC_VERSION_PROPERTY = "cx.agent.edc.version";
-    
     public static final String MATCHMAKING_URL = "cx.agent.matchmaking";
 
     /**
@@ -99,7 +99,8 @@ public class AgentConfig {
     protected final Pattern serviceDenyPattern;
     protected final Pattern serviceAssetAllowPattern;
     protected final Pattern serviceAssetDenyPattern;
-    
+    protected static final Pattern ASSET_REFERENCE_PATTERN = Pattern.compile("((?<url>[^#]+)#)?(?<asset>.+)");
+
     /**
      * references to EDC services
      */
@@ -110,7 +111,7 @@ public class AgentConfig {
      * creates the typed config
      *
      * @param monitor logger
-     * @param config untyped config
+     * @param config  untyped config
      */
     public AgentConfig(Monitor monitor, Config config) {
         this.monitor = monitor;
@@ -242,19 +243,37 @@ public long getDataspaceSynchronizationInterval() {
         return config.getLong(DATASPACE_SYNCINTERVAL_PROPERTY, DEFAULT_DATASPACE_SYNCINTERVAL);
     }
 
+    protected volatile Map<String, String> knownConnectors;
+
     /**
      * access
      *
-     * @return array of connector urls to synchronize, null if no sync
+     * @return map of business partner ids to connector urls to synchronize with, null if no sync
      */
-    public String[] getDataspaceSynchronizationConnectors() {
-        String[] connectors = config.getString(DATASPACE_SYNCCONNECTORS_PROPERTY, "").split(",");
-        if (connectors.length == 1 && (connectors[0] == null || connectors[0].length() == 0)) {
-            return null;
+    public Map<String, String> getDataspaceSynchronizationConnectors() {
+        if (knownConnectors == null) {
+            synchronized (config) {
+                if (knownConnectors == null) {
+                    knownConnectors = new HashMap<>();
+                    String[] connectors = config.getString(DATASPACE_SYNCCONNECTORS_PROPERTY, "").split(",");
+                    for (String connector : connectors) {
+                        String[] entry = connector.split("=");
+                        if (entry.length > 0) {
+                            String key = UUID.randomUUID().toString();
+                            String value = entry[0];
+                            if (entry.length > 1) {
+                                key = entry[0];
+                                value = entry[1];
+                            }
+                            knownConnectors.put(key, value);
+                        }
+                    }
+                }
+            }
         }
-        return connectors;
+        return knownConnectors;
     }
-    
+
     /**
      * access
      *
@@ -326,7 +345,7 @@ public Integer getCallTimeout() {
     public String getDefaultSkillContract() {
         return config.getString(DEFAULT_SKILL_CONTRACT_PROPERTY, null);
     }
-    
+
     /**
      * access
      *
@@ -366,21 +385,12 @@ public Pattern getServiceAssetDenyPattern() {
     /**
      * access
      *
-     * @return tx edc version as a string
+     * @return regular expression for asset references
      */
-    public String getEdcVersion() {
-        return config.getString(TX_EDC_VERSION_PROPERTY, "0.5.0");
+    public static Pattern getAssetReferencePattern() {
+        return ASSET_REFERENCE_PATTERN;
     }
 
-    /**
-     * check
-     *
-     * @return whether the edc version is less than 23.09
-     */
-    public boolean isPrerelease() {
-        return getEdcVersion().compareTo("0.5.0") <= 0;
-    }
-    
     /**
      * access
      *
@@ -389,5 +399,5 @@ public boolean isPrerelease() {
     public String getMatchmakingAgentUrl() {
         return config.getString(MATCHMAKING_URL, null);
     }
-    
+
 }
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java
index 806357ec..2a864051 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -22,12 +22,15 @@
 import org.apache.jena.sparql.service.ServiceExecutorRegistry;
 import org.eclipse.edc.connector.dataplane.http.params.HttpRequestFactory;
 import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParamsProvider;
+import org.eclipse.edc.connector.dataplane.spi.Endpoint;
+import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
+import org.eclipse.edc.http.spi.EdcHttpClient;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Requires;
-import org.eclipse.edc.spi.http.EdcHttpClient;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.security.Vault;
+import org.eclipse.edc.spi.system.Hostname;
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 import org.eclipse.edc.spi.types.TypeManager;
@@ -49,7 +52,6 @@
 import java.util.Map;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
-import java.util.regex.Pattern;
 
 /**
  * EDC extension that initializes the Agent subsystem (Agent Sources, Agent Endpoint and Federation Callbacks
@@ -62,9 +64,6 @@ public class AgentExtension implements ServiceExtension {
      */
     protected static final String DEFAULT_CONTEXT_ALIAS = "default";
     protected static final String CALLBACK_CONTEXT_ALIAS = "callback";
-    public static final Pattern GRAPH_PATTERN = Pattern.compile("((?<url>[^#]+)#)?(?<graph>.*Graph(Asset)?.*)");
-    public static final Pattern SKILL_PATTERN = Pattern.compile("((?<url>[^#]+)#)?(?<skill>.*Skill(Asset)?.*)");
-
 
     /**
      * dependency injection part
@@ -87,6 +86,10 @@ public class AgentExtension implements ServiceExtension {
     protected EdcHttpClient edcHttpClient;
     @Inject
     protected OkHttpClient httpClient;
+    @Inject
+    private PublicEndpointGeneratorService generatorService;
+    @Inject
+    private Hostname hostname;
 
     /**
      * refers a scheduler
@@ -169,6 +172,14 @@ public void initialize(ServiceExtensionContext context) {
         HttpRequestFactory httpRequestFactory = new HttpRequestFactory();
         AgentSourceFactory sourceFactory = new AgentSourceFactory(edcHttpClient, new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor), monitor, httpRequestFactory, processor, skillStore);
         pipelineService.registerFactory(sourceFactory);
+
+        var publicEndpoint = context.getSetting("edc.dataplane.api.public.baseurl", null);
+        if (publicEndpoint == null) {
+            publicEndpoint = String.format("http://%s:%d%s", hostname.get(), context.getSetting("web.http.public.port", 8185), context.getSetting("web.http.public.path", "/api/public"));
+        }
+        var endpoint = Endpoint.url(publicEndpoint);
+        generatorService.addGeneratorFunction(AgentProtocol.SPARQL_HTTP.getProtocolId(), dataAddress -> endpoint);
+        generatorService.addGeneratorFunction(AgentProtocol.SKILL_HTTP.getProtocolId(), dataAddress -> endpoint);
     }
 
     /**
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java
index 977261dc..ab7fb6d5 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -28,6 +28,8 @@
 import jakarta.ws.rs.WebApplicationException;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
+import org.eclipse.edc.connector.controlplane.transfer.spi.event.TransferProcessStarted;
+import org.eclipse.edc.spi.event.EventEnvelope;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.types.domain.DataAddress;
 import org.eclipse.edc.spi.types.domain.callback.CallbackAddress;
@@ -59,7 +61,7 @@
  * An endpoint/service that receives information from the control plane
  */
 @Consumes({MediaType.APPLICATION_JSON})
-@Path("/endpoint-data-reference")
+@Path("/transfer-process-started")
 public class AgreementControllerImpl implements AgreementController {
 
     /**
@@ -108,7 +110,7 @@ public AgreementControllerImpl(Monitor monitor, AgentConfig config, DataManageme
      */
     @Override
     public String toString() {
-        return super.toString() + "/endpoint-data-reference";
+        return super.toString() + "/transfer-process-started";
     }
 
     /**
@@ -117,21 +119,20 @@ public String toString() {
      * @param dataReference contains the actual call token
      */
     @POST
-    public void receiveEdcCallback(EndpointDataReference dataReference) {
-        var agreementId = dataReference.getId();
-        monitor.debug(String.format("An endpoint data reference for agreement %s has been posted.", agreementId));
-        synchronized (processStore) {
-            for (Map.Entry<String, TransferProcess> process : processStore.entrySet()) {
-                if (process.getValue().getId().equals(agreementId)) {
-                    synchronized (endpointStore) {
-                        monitor.debug(String.format("Agreement %s belongs to asset %s.", agreementId, process.getKey()));
-                        endpointStore.put(process.getKey(), dataReference);
-                        return;
-                    }
-                }
-            }
+    public void receiveEdcCallback(EventEnvelope<TransferProcessStarted> dataReference) {
+        var processId = dataReference.getPayload().getTransferProcessId();
+        var assetId = dataReference.getPayload().getAssetId();
+        monitor.debug(String.format("A transfer process %s for asset %s has been started.", processId, assetId));
+        synchronized (endpointStore) {
+            EndpointDataReference newRef = EndpointDataReference.Builder.newInstance()
+                    .id(dataReference.getId())
+                    .contractId(dataReference.getPayload().getContractId())
+                    .endpoint(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/endpoint", null))
+                    .authKey("Authorization")
+                    .authCode(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/authorization", null))
+                    .build();
+            endpointStore.put(assetId, newRef);
         }
-        monitor.debug(String.format("Agreement %s has no active asset. Guess that came for another plane. Ignoring.", agreementId));
     }
 
     /**
@@ -369,7 +370,7 @@ public EndpointDataReference createAgreement(String remoteUrl, String asset) thr
         monitor.debug(String.format("About to initiate transfer for agreement %s (for asset %s at connector %s)", negotiation.getContractAgreementId(), asset, remoteUrl));
 
         String transferId;
-        TransferProcess process = null;
+        TransferProcess process;
 
         try {
             synchronized (processStore) {
@@ -388,7 +389,7 @@ public EndpointDataReference createAgreement(String remoteUrl, String asset) thr
         startTime = System.currentTimeMillis();
 
         // EDC 0.5.1 has a problem with the checker configuration and wont process to COMPLETED
-        String expectedTransferState = config.isPrerelease() ? "COMPLETED" : "STARTED";
+        String expectedTransferState = "STARTED";
 
         try {
             while ((System.currentTimeMillis() - startTime < config.getNegotiationTimeout()) && (process == null || !process.getState().equals(expectedTransferState))) {
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java
index aef5c27a..ba9a3191 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java
@@ -17,23 +17,12 @@
 package org.eclipse.tractusx.agents.edc;
 
 import java.util.Optional;
-import java.util.regex.Matcher;
 
 /**
  * interface to a skill store
  */
 public interface SkillStore {
 
-    /**
-     * match a given asset
-     *
-     * @param key asset name
-     * @return matcher
-     */
-    static Matcher matchSkill(String key) {
-        return AgentExtension.SKILL_PATTERN.matcher(key);
-    }
-
     /**
      * check a given asset for being a skill
      *
@@ -45,17 +34,17 @@ static Matcher matchSkill(String key) {
     /**
      * register a skill
      *
-     * @param key         asset name required
-     * @param skill       query text required
-     * @param name        of skill optional
-     * @param description of skill optional
-     * @param version     of skill optional
-     * @param contract    of skill optional
-     * @param dist        of skill required
-     * @param isFederated whether skill maybe synchronized in catalogue
+     * @param key                 asset name required
+     * @param skill               query text required
+     * @param name                of skill optional
+     * @param description         of skill optional
+     * @param version             of skill optional
+     * @param contract            of skill optional
+     * @param dist                of skill required
+     * @param isFederated         whether skill maybe synchronized in catalogue
      * @param allowServicePattern regex for service to call in skill
-     * @param denyServicePattern regex for services denied in skill
-     * @param ontologies  a set of ontologies
+     * @param denyServicePattern  regex for services denied in skill
+     * @param ontologies          a set of ontologies
      * @return skill id
      */
     String put(String key, String skill, String name, String description, String version, String contract, SkillDistribution dist, boolean isFederated, String allowServicePattern, String denyServicePattern, String... ontologies);
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java
index 00c1f309..7184ee75 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java
@@ -16,7 +16,7 @@
 // SPDX-License-Identifier: Apache-2.0
 package org.eclipse.tractusx.agents.edc;
 
-import org.apache.jena.ext.com.google.common.collect.ArrayListMultimap;
+import com.github.jsonldjava.shaded.com.google.common.collect.ArrayListMultimap;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -25,6 +25,7 @@
 import java.util.List;
 import java.util.Set;
 
+
 /**
  * Implementation of a compact representation of
  * a tuple set that is the explosion of
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java
index c7fb97d9..7b4d2c94 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java
@@ -32,7 +32,6 @@
 import org.apache.http.HttpStatus;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.tractusx.agents.edc.AgentConfig;
-import org.eclipse.tractusx.agents.edc.AgentExtension;
 import org.eclipse.tractusx.agents.edc.AgreementController;
 import org.eclipse.tractusx.agents.edc.SkillDistribution;
 import org.eclipse.tractusx.agents.edc.SkillStore;
@@ -63,6 +62,7 @@ public class AgentController {
     protected final SparqlQueryProcessor processor;
     protected final DelegationService delegationService;
 
+
     /**
      * creates a new agent controller
      *
@@ -378,17 +378,15 @@ public Response executeQuery(String asset, HttpHeaders headers, HttpServletReque
         String remoteUrl = null;
 
         if (asset != null) {
-            Matcher matcher = AgentExtension.GRAPH_PATTERN.matcher(asset);
+            Matcher matcher = config.getAssetReferencePattern().matcher(asset);
             if (matcher.matches()) {
                 remoteUrl = matcher.group("url");
-                graph = matcher.group("graph");
-            } else {
-                matcher = SkillStore.matchSkill(asset);
-                if (!matcher.matches()) {
-                    return Response.status(Response.Status.BAD_REQUEST).build();
+                asset = matcher.group("asset");
+                if (asset.contains("Graph")) {
+                    graph = asset;
+                } else if (asset.contains("Skill")) {
+                    skill = asset;
                 }
-                remoteUrl = matcher.group("url");
-                skill = matcher.group("skill");
             }
         }
 
@@ -406,15 +404,14 @@ public Response executeQuery(String asset, HttpHeaders headers, HttpServletReque
         }
 
         try {
-            // exchange skill against text
-            if (asset != null) {
-                if (skillStore.isSkill(asset)) {
-                    Optional<String> skillOption = skillStore.get(asset);
-                    if (skillOption.isPresent()) {
-                        skill = skillOption.get();
-                    } else {
-                        return HttpUtils.respond(monitor, headers, HttpStatus.SC_NOT_FOUND, "The requested skill is not registered.", null);
-                    }
+            // exchange skill against text locally
+            if (asset != null && skill != null) {
+                Optional<String> skillOption = skillStore.get(skill);
+                if (skillOption.isPresent()) {
+                    skill = skillOption.get();
+                } else {
+                    skill = null;
+                    return HttpUtils.respond(monitor, headers, HttpStatus.SC_NOT_FOUND, "The requested skill is not registered.", null);
                 }
             }
 
@@ -455,7 +452,7 @@ public Response postSkill(String query,
                               @QueryParam("denyServicesPattern") String denyServicePattern,
                               @QueryParam("ontology") String[] ontologies
     ) {
-        monitor.debug(String.format("Received a POST skill request %s %s %s %s %s %b %s %s %s ", asset, name, description, version, contract, mode.getMode(), isFederated, allowServicePattern, denyServicePattern, query));
+        monitor.debug(String.format("Received a POST skill request %s %s %s %s %s %b %s %s %s ", asset, name, description, version, contract, mode, isFederated, allowServicePattern, denyServicePattern, query));
         Response.ResponseBuilder rb;
         if (skillStore.put(asset, query, name, description, version, contract, mode, isFederated, allowServicePattern, denyServicePattern, ontologies) != null) {
             rb = Response.ok();
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java
index 16014979..65bc9277 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java
@@ -46,6 +46,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
@@ -183,8 +184,8 @@ public DelegationResponse sendPostRequest(EndpointDataReference dataReference, S
         return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build());
     }
 
-    protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?!asset$)[^&?=]+$");
-    protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^.+$");
+    protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?<param>(?!asset$)[^&?=]+)$");
+    protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^(?<value>[^&]+)$");
 
     /**
      * computes the url to target the given data plane
@@ -209,11 +210,13 @@ protected HttpUrl getUrl(String connectorUrl, String subUrl, HttpHeaders headers
         HttpUrl.Builder httpBuilder = Objects.requireNonNull(okhttp3.HttpUrl.parse(url)).newBuilder();
         for (Map.Entry<String, List<String>> param : uri.getQueryParameters().entrySet()) {
             String key = param.getKey();
-            if (PARAMETER_KEY_ALLOW.matcher(key).matches()) {
+            Matcher keyMatcher = PARAMETER_KEY_ALLOW.matcher(key);
+            if (keyMatcher.matches()) {
+                String recodeKey = HttpUtils.urlEncodeParameter(keyMatcher.group("param"));
                 for (String value : param.getValue()) {
-                    if (PARAMETER_VALUE_ALLOW.matcher(value).matches()) {
-                        String recodeKey = HttpUtils.urlEncodeParameter(key);
-                        String recodeValue = HttpUtils.urlEncodeParameter(value);
+                    Matcher valueMatcher = PARAMETER_VALUE_ALLOW.matcher(value);
+                    if (valueMatcher.matches()) {
+                        String recodeValue = HttpUtils.urlEncodeParameter(valueMatcher.group("value"));
                         httpBuilder = httpBuilder.addQueryParameter(recodeKey, recodeValue);
                     }
                 }
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java
index eaf69395..05298ab3 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -19,7 +19,7 @@
 import okhttp3.OkHttpClient;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSourceFactory;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
-import org.eclipse.edc.spi.http.EdcHttpClient;
+import org.eclipse.edc.http.spi.EdcHttpClient;
 import org.eclipse.tractusx.agents.edc.AgentConfig;
 import org.jetbrains.annotations.NotNull;
 
@@ -51,7 +51,7 @@ public class HttpClientFactory {
             httpDataSourceFactory = HttpClientFactory.class.getClassLoader().loadClass("org.eclipse.edc.connector.dataplane.http.pipeline.HttpDataSourceFactory");
             httpClient = httpDataSourceFactory.getDeclaredField("httpClient");
             httpClient.setAccessible(true);
-            okHttpClient = HttpClientFactory.class.getClassLoader().loadClass("org.eclipse.edc.connector.core.base.EdcHttpClientImpl").getDeclaredField("okHttpClient");
+            okHttpClient = HttpClientFactory.class.getClassLoader().loadClass("org.eclipse.edc.http.client.EdcHttpClientImpl").getDeclaredField("okHttpClient");
             okHttpClient.setAccessible(true);
             connectTimeoutMillis = OkHttpClient.class.getDeclaredField("connectTimeoutMillis");
             connectTimeoutMillis.setAccessible(true);
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java
index 310cc12f..cf18eac9 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java
@@ -18,7 +18,6 @@
 
 import jakarta.servlet.ServletInputStream;
 import org.eclipse.edc.spi.monitor.Monitor;
-import org.jetbrains.annotations.NotNull;
 
 import java.io.IOException;
 import javax.servlet.ReadListener;
@@ -68,12 +67,12 @@ public int read() throws IOException {
     }
 
     @Override
-    public int read(byte @NotNull [] buf) throws IOException {
+    public int read(byte[] buf) throws IOException {
         return jakartaDelegate.read(buf);
     }
 
     @Override
-    public int read(byte @NotNull [] b, int off, int len) throws IOException {
+    public int read(byte[] b, int off, int len) throws IOException {
         return jakartaDelegate.read(b, off, len);
     }
 
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java
index 127bbccf..b01ee96a 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java
@@ -18,7 +18,6 @@
 
 import jakarta.servlet.ServletOutputStream;
 import org.eclipse.edc.spi.monitor.Monitor;
-import org.jetbrains.annotations.NotNull;
 
 import java.io.IOException;
 import javax.servlet.WriteListener;
@@ -63,12 +62,12 @@ public void write(int b) throws IOException {
     }
 
     @Override
-    public void write(byte @NotNull [] b) throws IOException {
+    public void write(byte[] b) throws IOException {
         jakartaDelegate.write(b);
     }
 
     @Override
-    public void write(byte @NotNull [] b, int off, int len) throws IOException {
+    public void write(byte[] b, int off, int len) throws IOException {
         jakartaDelegate.write(b, off, len);
     }
 
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java
index c96a6c50..466ea6f2 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java
@@ -24,9 +24,9 @@
 import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSource;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.StreamResult;
-import org.eclipse.edc.spi.http.EdcHttpClient;
-import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest;
-import org.eclipse.tractusx.agents.edc.AgentExtension;
+import org.eclipse.edc.http.spi.EdcHttpClient;
+import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage;
+import org.eclipse.tractusx.agents.edc.AgentConfig;
 import org.eclipse.tractusx.agents.edc.SkillDistribution;
 import org.eclipse.tractusx.agents.edc.SkillStore;
 import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor;
@@ -69,8 +69,8 @@ public class AgentSource implements DataSource {
     protected SparqlQueryProcessor processor;
     protected SkillStore skillStore;
 
-    protected DataFlowRequest request;
-    
+    protected DataFlowStartMessage request;
+
     protected String matchmakingAgentUrl;
 
     public static final String AGENT_BOUNDARY = "--";
@@ -102,35 +102,36 @@ protected StreamResult<Stream<Part>> openMatchmakingInternal() {
         String graph = null;
         String asset = String.valueOf(request.getSourceDataAddress().getProperties().get(AgentSourceHttpParamsDecorator.ASSET_PROP_ID));
         if (asset != null && asset.length() > 0) {
-            Matcher graphMatcher = AgentExtension.GRAPH_PATTERN.matcher(asset);
-            if (graphMatcher.matches()) {
-                graph = asset;
-            }
-            Matcher skillMatcher = SkillStore.matchSkill(asset);
-            if (skillMatcher.matches()) {
-                var skillText = skillStore.get(asset);
-                if (skillText.isEmpty()) {
-                    return StreamResult.error(format("Skill %s does not exist.", asset));
-                }
-                SkillDistribution distribution = skillStore.getDistribution(asset);
-                String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS);
-                SkillDistribution runMode = SkillDistribution.ALL;
-                if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) {
-                    runMode = SkillDistribution.PROVIDER;
-                } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) {
-                    runMode = SkillDistribution.CONSUMER;
-                }
-                if (runMode == SkillDistribution.CONSUMER) {
-                    if (distribution == SkillDistribution.PROVIDER) {
-                        return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset));
+            Matcher assetMatcher = AgentConfig.getAssetReferencePattern().matcher(asset);
+            if (assetMatcher.matches()) {
+                if (assetMatcher.group("asset").contains("Graph")) {
+                    graph = asset;
+                } else if (assetMatcher.group("asset").contains("Skill")) {
+                    var skillText = skillStore.get(asset);
+                    if (skillText.isEmpty()) {
+                        return StreamResult.error(format("Skill %s does not exist.", asset));
+                    }
+                    SkillDistribution distribution = skillStore.getDistribution(asset);
+                    String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS);
+                    SkillDistribution runMode = SkillDistribution.ALL;
+                    if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) {
+                        runMode = SkillDistribution.PROVIDER;
+                    } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) {
+                        runMode = SkillDistribution.CONSUMER;
                     }
-                    return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes())));
-                } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) {
-                    return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset));
+                    if (runMode == SkillDistribution.CONSUMER) {
+                        if (distribution == SkillDistribution.PROVIDER) {
+                            return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset));
+                        }
+                        return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes())));
+                    } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) {
+                        return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset));
+                    }
+                    skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider
                 }
-                skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider
             }
         }
+
         try (Response response = processor.execute(this.requestFactory.toRequest(params), skill, graph, request.getSourceDataAddress().getProperties())) {
             if (!response.isSuccessful()) {
                 return StreamResult.error(format("Received code transferring HTTP data for request %s: %s - %s.", requestId, response.code(), response.message()));
@@ -147,7 +148,7 @@ protected StreamResult<Stream<Part>> openMatchmakingInternal() {
             return StreamResult.error(e.getMessage());
         }
     }
-    
+
     /**
      * executes a KA-MATCHMAKING REST API call and pipes the results into KA-TRANSFER
      *
@@ -165,33 +166,33 @@ protected StreamResult<Stream<Part>> openMatchmakingRest() {
 
         String url = baseUrl + "?asset=" + asset;
         if (asset != null && asset.length() > 0) {
-            Matcher graphMatcher = AgentExtension.GRAPH_PATTERN.matcher(asset);
-            if (graphMatcher.matches()) {
-                graph = asset;
-            }
-            Matcher skillMatcher = SkillStore.matchSkill(asset);
-            if (skillMatcher.matches()) {
-                var skillText = skillStore.get(asset);
-                if (skillText.isEmpty()) {
-                    return StreamResult.error(format("Skill %s does not exist.", asset));
-                }
-                SkillDistribution distribution = skillStore.getDistribution(asset);
-                String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS);
-                SkillDistribution runMode = SkillDistribution.ALL;
-                if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) {
-                    runMode = SkillDistribution.PROVIDER;
-                } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) {
-                    runMode = SkillDistribution.CONSUMER;
-                }
-                if (runMode == SkillDistribution.CONSUMER) {
-                    if (distribution == SkillDistribution.PROVIDER) {
-                        return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset));
+            Matcher assetMatcher = AgentConfig.getAssetReferencePattern().matcher(asset);
+            if (assetMatcher.matches()) {
+                if (assetMatcher.group("asset").contains("Graph")) {
+                    graph = asset;
+                } else if (assetMatcher.group("asset").contains("Skill")) {
+                    var skillText = skillStore.get(asset);
+                    if (skillText.isEmpty()) {
+                        return StreamResult.error(format("Skill %s does not exist.", asset));
+                    }
+                    SkillDistribution distribution = skillStore.getDistribution(asset);
+                    String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS);
+                    SkillDistribution runMode = SkillDistribution.ALL;
+                    if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) {
+                        runMode = SkillDistribution.PROVIDER;
+                    } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) {
+                        runMode = SkillDistribution.CONSUMER;
+                    }
+                    if (runMode == SkillDistribution.CONSUMER) {
+                        if (distribution == SkillDistribution.PROVIDER) {
+                            return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset));
+                        }
+                        return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes())));
+                    } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) {
+                        return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset));
                     }
-                    return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes())));
-                } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) {
-                    return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset));
+                    skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider
                 }
-                skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider
             }
         }
 
@@ -202,7 +203,7 @@ protected StreamResult<Stream<Part>> openMatchmakingRest() {
             } else {
                 assetValue = skill;
             }
-   
+
             HttpUrl.Builder urlBuilder = HttpUrl.parse(url).newBuilder();
             urlBuilder.addQueryParameter("asset", assetValue);
             // Put parameters into request
@@ -240,6 +241,11 @@ public String toString() {
         return String.format("AgentSource(%s,%s)", requestId, name);
     }
 
+    @Override
+    public void close() throws Exception {
+
+    }
+
     /**
      * the agent source builder
      */
@@ -285,16 +291,16 @@ public AgentSource.Builder skillStore(SkillStore skillStore) {
             return this;
         }
 
-        public AgentSource.Builder request(DataFlowRequest request) {
+        public AgentSource.Builder request(DataFlowStartMessage request) {
             dataSource.request = request;
             return this;
         }
-        
+
         public AgentSource.Builder matchmakingAgentUrl(String matchmakingAgentUrl) {
             dataSource.matchmakingAgentUrl = matchmakingAgentUrl;
             return this;
         }
-        
+
         public AgentSource build() {
             Objects.requireNonNull(dataSource.requestId, "requestId");
             Objects.requireNonNull(dataSource.httpClient, "httpClient");
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java
index ba1823b7..3dd4c368 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java
@@ -17,11 +17,11 @@
 package org.eclipse.tractusx.agents.edc.http.transfer;
 
 import org.eclipse.edc.connector.dataplane.http.params.HttpRequestFactory;
+import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSource;
-import org.eclipse.edc.spi.http.EdcHttpClient;
+import org.eclipse.edc.http.spi.EdcHttpClient;
 import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.types.domain.HttpDataAddress;
-import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest;
+import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage;
 import org.eclipse.tractusx.agents.edc.AgentProtocol;
 import org.eclipse.tractusx.agents.edc.SkillStore;
 import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor;
@@ -66,7 +66,7 @@ public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupp
      * @return flag
      */
     @Override
-    public boolean canHandle(DataFlowRequest request) {
+    public boolean canHandle(DataFlowStartMessage request) {
         return AgentProtocol.SPARQL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType()) ||
                 AgentProtocol.SKILL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType());
     }
@@ -79,7 +79,7 @@ public boolean canHandle(DataFlowRequest request) {
      * @return new data source
      */
     @Override
-    public DataSource createSource(DataFlowRequest request) {
+    public DataSource createSource(DataFlowStartMessage request) {
         var dataAddress = HttpDataAddress.Builder.newInstance()
                 .copyFrom(request.getSourceDataAddress())
                 .build();
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java
index b1c730d4..f4c01d03 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -16,12 +16,12 @@
 // SPDX-License-Identifier: Apache-2.0
 package org.eclipse.tractusx.agents.edc.http.transfer;
 
+import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress;
 import org.eclipse.edc.connector.dataplane.http.spi.HttpParamsDecorator;
 import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams;
 import org.eclipse.edc.spi.EdcException;
 import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.types.domain.HttpDataAddress;
-import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest;
+import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage;
 import org.eclipse.tractusx.agents.edc.AgentConfig;
 import org.eclipse.tractusx.agents.edc.http.HttpUtils;
 import org.eclipse.tractusx.agents.edc.sparql.DataspaceServiceExecutor;
@@ -100,7 +100,7 @@ public AgentSourceHttpParamsDecorator(AgentConfig config, Monitor monitor) {
      * @param dataflowRequest the request to check
      * @return if this is a transfer request
      */
-    public static boolean isTransferRequest(DataFlowRequest dataflowRequest) {
+    public static boolean isTransferRequest(DataFlowStartMessage dataflowRequest) {
         return false;
     }
 
@@ -143,7 +143,7 @@ public static Map<String, List<String>> mergeParams(Map<String, List<String>> pa
      * @return translated call content (identical to params)
      */
     @Override
-    public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddress address, HttpRequestParams.Builder params) {
+    public HttpRequestParams.Builder decorate(DataFlowStartMessage request, HttpDataAddress address, HttpRequestParams.Builder params) {
         String contentType = this.extractContentType(address, request);
         String body = this.extractBody(address, request);
         Map<String, List<String>> queryParams = parseParams("?" + getRequestQueryParams(address, request));
@@ -196,7 +196,7 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre
         return params;
     }
 
-    protected @NotNull String extractMethod(HttpDataAddress address, DataFlowRequest request) {
+    protected @NotNull String extractMethod(HttpDataAddress address, DataFlowStartMessage request) {
         if (Boolean.parseBoolean(address.getProxyMethod())) {
             return Optional.ofNullable(request.getProperties().get(METHOD)).orElseThrow(() -> new EdcException(String.format("DataFlowRequest %s: 'method' property is missing", request.getId())));
         } else {
@@ -204,11 +204,11 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre
         }
     }
 
-    protected @Nullable String extractPath(HttpDataAddress address, DataFlowRequest request) {
+    protected @Nullable String extractPath(HttpDataAddress address, DataFlowStartMessage request) {
         return Boolean.parseBoolean(address.getProxyPath()) ? request.getProperties().get(PATH_SEGMENTS) : address.getPath();
     }
 
-    protected @Nullable String getRequestQueryParams(HttpDataAddress address, DataFlowRequest request) {
+    protected @Nullable String getRequestQueryParams(HttpDataAddress address, DataFlowStartMessage request) {
         return Boolean.parseBoolean(address.getProxyQueryParams()) ? request.getProperties().get(QUERY_PARAMS) : null;
     }
 
@@ -219,12 +219,12 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre
      * @param request data flow request
      * @return the content type (which would be derived from the query language part in case the original content type is a url-encoded form)
      */
-    protected @Nullable String extractContentType(HttpDataAddress address, DataFlowRequest request) {
+    protected @Nullable String extractContentType(HttpDataAddress address, DataFlowStartMessage request) {
         String contentType = Boolean.parseBoolean(address.getProxyBody()) ? request.getProperties().get(MEDIA_TYPE) : address.getContentType();
         return contentType;
     }
 
-    protected @Nullable String extractBody(HttpDataAddress address, DataFlowRequest request) {
+    protected @Nullable String extractBody(HttpDataAddress address, DataFlowStartMessage request) {
         return Boolean.parseBoolean(address.getProxyBody()) ? request.getProperties().get(BODY) : null;
     }
 }
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java
index ed4034ce..245ccc11 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java
@@ -18,14 +18,14 @@
 
 import org.eclipse.edc.connector.dataplane.http.params.decorators.BaseCommonHttpParamsDecorator;
 import org.eclipse.edc.connector.dataplane.http.params.decorators.BaseSinkHttpParamsDecorator;
+import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress;
 import org.eclipse.edc.connector.dataplane.http.spi.HttpParamsDecorator;
 import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams;
 import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParamsProvider;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.security.Vault;
 import org.eclipse.edc.spi.types.TypeManager;
-import org.eclipse.edc.spi.types.domain.HttpDataAddress;
-import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest;
+import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage;
 import org.eclipse.tractusx.agents.edc.AgentConfig;
 
 import java.util.ArrayList;
@@ -81,17 +81,17 @@ public void registerSinkDecorator(HttpParamsDecorator decorator) {
     }
 
     @Override
-    public HttpRequestParams provideSourceParams(DataFlowRequest request) {
+    public HttpRequestParams provideSourceParams(DataFlowStartMessage request) {
         HttpRequestParams.Builder params = HttpRequestParams.Builder.newInstance();
-        HttpDataAddress address = org.eclipse.edc.spi.types.domain.HttpDataAddress.Builder.newInstance().copyFrom(request.getSourceDataAddress()).build();
+        HttpDataAddress address = HttpDataAddress.Builder.newInstance().copyFrom(request.getSourceDataAddress()).build();
         this.sourceDecorators.forEach((decorator) -> decorator.decorate(request, address, params));
         return params.build();
     }
 
     @Override
-    public HttpRequestParams provideSinkParams(DataFlowRequest request) {
+    public HttpRequestParams provideSinkParams(DataFlowStartMessage request) {
         HttpRequestParams.Builder params = HttpRequestParams.Builder.newInstance();
-        HttpDataAddress address = org.eclipse.edc.spi.types.domain.HttpDataAddress.Builder.newInstance().copyFrom(request.getDestinationDataAddress()).build();
+        HttpDataAddress address = HttpDataAddress.Builder.newInstance().copyFrom(request.getDestinationDataAddress()).build();
         this.sinkDecorators.forEach((decorator) -> decorator.decorate(request, address, params));
         return params.build();
     }
@@ -104,7 +104,7 @@ public HttpRequestParams provideSinkParams(DataFlowRequest request) {
      * 
      * @return a fitting matchmaking agent address
      */
-    public String provideMatchmakingUrl(DataFlowRequest request) {
+    public String provideMatchmakingUrl(DataFlowStartMessage request) {
         return config.getMatchmakingAgentUrl();
     }
     
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java
index 84c6adda..67d3e2d7 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -37,6 +37,7 @@
 import java.util.Map;
 import java.util.stream.Collectors;
 
+
 /**
  * base facility to deal with EDC specific JSONLD structures
  */
@@ -134,6 +135,10 @@ public static <JSONTYPE extends JsonValue> JSONTYPE processJsonLd(JSONTYPE sourc
                             prefix = prefix + ":";
                         }
                         prop = prefix + prop.substring(colonIndex + 1);
+                    } else {
+                        if (!prop.startsWith("@") && namespaces.containsKey("@vocab")) {
+                            prop = namespaces.get("@vocab") + prop;
+                        }
                     }
                     object.add(prop, processJsonLd(value, namespaces));
                 });
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java
index a84cf32e..7e9193ed 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -32,7 +32,10 @@ public class DcatCatalog extends JsonLdObject {
 
     public DcatCatalog(JsonObject node) {
         super(node);
-        JsonValue dataset = node.get("https://www.w3.org/ns/dcat/dataset");
+        JsonValue dataset = node.getOrDefault(
+                "https://www.w3.org/ns/dcat/dataset",
+                node.get("http://www.w3.org/ns/dcat#dataset")
+        );
         if (dataset != null) {
             if (dataset.getValueType() == JsonValue.ValueType.ARRAY) {
                 for (JsonValue ds : dataset.asJsonArray()) {
@@ -45,7 +48,7 @@ public DcatCatalog(JsonObject node) {
     }
 
     public String getParticipantId() {
-        return object.getString("https://w3id.org/edc/v0.0.1/ns/participantId", "anonymous");
+        return object.getString("https://w3id.org/dspace/v0.8/participantId", "anonymous");
     }
 
     public List<DcatDataset> getDatasets() {
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java
index e40e3b2f..d0c5fc0f 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -17,6 +17,7 @@
 package org.eclipse.tractusx.agents.edc.model;
 
 import jakarta.json.JsonObject;
+import org.eclipse.tractusx.agents.edc.jsonld.JsonLd;
 import org.eclipse.tractusx.agents.edc.jsonld.JsonLdObject;
 
 /**
@@ -28,4 +29,16 @@ public OdrlPolicy(JsonObject node) {
         super(node);
     }
 
+    public String getPermissionAsString() {
+        return JsonLd.asString(object.get("http://www.w3.org/ns/odrl/2/permission"));
+    }
+
+    public String getObligationAsString() {
+        return JsonLd.asString(object.get("http://www.w3.org/ns/odrl/2/obligation"));
+    }
+
+    public String getProhibitionAsString() {
+        return JsonLd.asString(object.get("http://www.w3.org/ns/odrl/2/prohibition"));
+    }
+
 }
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java
new file mode 100644
index 00000000..1d8dacc5
--- /dev/null
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java
@@ -0,0 +1,66 @@
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
+//
+// See the NOTICE file(s) distributed with this work for additional
+// information regarding copyright ownership.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Apache License, Version 2.0 which is available at
+// https://www.apache.org/licenses/LICENSE-2.0.
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations
+// under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+package org.eclipse.tractusx.agents.edc.rdf;
+
+/**
+ * lists the various formats that the rdf store can import
+ */
+public enum ExternalFormat {
+    TURTLE("text/turtle"),
+    CSV("text/csv");
+
+    private final String contentType;
+
+    /**
+     * Constructoe for ExternalFormat
+     *
+     * @param contentType the mime type
+     */
+    
+    ExternalFormat(final String contentType) {
+        this.contentType = contentType;
+    }
+
+    /**
+     * get the content type
+     *
+     * @return mode as argument
+     */
+    
+    public String getContentType() {
+        return this.contentType;
+    }
+
+    /**
+     * converts a mime type into a format
+     *
+     * @param contentType as argument
+     * @return respective enum, null if format cannot be deduced
+     */
+    
+    public static ExternalFormat valueOfFormat(String contentType) {
+        if (contentType != null) {
+            if (contentType.endsWith("turtle")) {
+                return TURTLE;
+            }
+            if (contentType.endsWith("csv")) {
+                return CSV;
+            }
+        }
+        return null;
+    }
+}
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java
index 700f0a6d..a9dcb2c9 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -30,10 +30,21 @@
 import org.apache.jena.riot.system.StreamRDFLib;
 import org.apache.jena.sparql.core.DatasetGraph;
 import org.apache.jena.sparql.core.DatasetGraphFactory;
+import org.apache.jena.sparql.core.Quad;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.tractusx.agents.edc.AgentConfig;
 import org.eclipse.tractusx.agents.edc.MonitorWrapper;
 
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 /**
  * a service sitting on a local RDF store/graph
  * (which hosts the ontology and the federated dataspace
@@ -59,6 +70,7 @@ public class RdfStore {
     public RdfStore(AgentConfig config, Monitor monitor) {
         this.config = config;
         this.dataset = DatasetGraphFactory.createTxnMem();
+
         DataService.Builder dataService = DataService.newBuilder(dataset);
         this.service = dataService.build();
         api = new DataAccessPoint(config.getAccessPoint(), service);
@@ -88,6 +100,115 @@ public RdfStore(AgentConfig config, Monitor monitor) {
         }
     }
 
+    public static final String CSV_REGEX = "(\"[^\"]*\")?([^%s]*)";
+ 
+    /**
+     * registers (overwrites/extends) an asset
+     *
+     * @param asset asset iri
+     * @param content stream for rdf data
+     * @param format the format of the stream
+     * @return number of resulting triples
+     */
+    public long registerAsset(String asset, String content, ExternalFormat format) {
+        if (!asset.contains("/")) {
+            asset = "http://server/unset-base/" + asset;
+        }
+        monitor.info(String.format("Upserting asset %s with turtle source.", asset));
+        startTx();
+        StreamRDF dest = StreamRDFLib.dataset(dataset);
+        StreamRDF graphDest = StreamRDFLib.extendTriplesToQuads(NodeFactory.createURI(asset), dest);
+        StreamRDFCounting countingDest = StreamRDFLib.count(graphDest);
+        ErrorHandler errorHandler = ErrorHandlerFactory.errorHandlerStd(monitorWrapper);
+        switch (format) {
+            default:
+                RDFParser.create()
+                        .errorHandler(errorHandler)
+                        .source(new ByteArrayInputStream(content.getBytes()))
+                        .lang(Lang.TTL)
+                        .parse(countingDest);
+                break;
+            case CSV:
+                countingDest.start();
+                Pattern csvCell = Pattern.compile(String.format(CSV_REGEX, ","));
+                try (BufferedReader reader = new BufferedReader(new StringReader(content))) {
+                    String header = reader.readLine();
+                    List<Node> predicates = new ArrayList<>();
+                    if (header != null) {
+                        int position = 0;
+                        Matcher headerMatcher = csvCell.matcher(header);
+                        while (position <= header.length() && headerMatcher.find(position)) {
+                            predicates.add(NodeFactory.createURI(headerMatcher.group()));
+                            position = headerMatcher.end() + 1;
+                        }
+                        reader.lines().forEach(factLine -> {
+                            int fposition = 0;
+                            Matcher factMatcher = csvCell.matcher(factLine);
+                            if (factMatcher.find(fposition)) {
+                                Node subject = NodeFactory.createURI(factMatcher.group());
+                                fposition = factMatcher.end() + 1;
+                                for (int fact = 1; fact < predicates.size() && fposition <= factLine.length() && factMatcher.find(fposition); fact++) {
+                                    Node object = parseObject(factMatcher.group());
+                                    countingDest.triple(NodeFactory.createTripleNode(subject, predicates.get(fact), object).getTriple());
+                                    fposition = factMatcher.end() + 1;
+                                }
+                            }
+                        });
+                    }
+                } catch (IOException e) {
+                    monitor.warning("An exception has occurred while parsing a CSV stream. Ignoring some/all data.", e);
+                }
+                countingDest.finish();
+                break;
+        }
+        long numberOfTriples = countingDest.countTriples();
+        monitor.debug(String.format("Upserting asset %s resulted in %d triples", asset, numberOfTriples));
+        commit();
+        return numberOfTriples;
+    }
+
+    /**
+     * parses a given rdf snippet into a node
+     *
+     * @param group rdf snippet node
+     * @return a parsed node
+     */
+    private Node parseObject(String group) {
+        if (group.startsWith("<")) {
+            group = group.replaceAll("[\\<\\>]", "");
+            return NodeFactory.createURI(group);
+        } else if (group.contains("^^")) {
+            int index = group.lastIndexOf("^^");
+            String type = group.substring(index + 2);
+            group = group.substring(0, index - 1);
+        }
+        return NodeFactory.createLiteral(group);
+    }
+
+    /**
+     * deletes an asset
+     *
+     * @param asset asset iri
+     * @return number of deleted triples
+     */
+    public long deleteAsset(String asset) {
+        if (!asset.contains("/")) {
+            asset = "http://server/unset-base/" + asset;
+        }
+        monitor.info(String.format("Deleting asset %s.", asset));
+        startTx();
+        Quad findAssets = Quad.create(NodeFactory.createURI(asset), Node.ANY, Node.ANY, Node.ANY);
+        Iterator<Quad> assetQuads = getDataSet().find(findAssets);
+        int tupleCount = 0;
+        while (assetQuads.hasNext()) {
+            getDataSet().delete(assetQuads.next());
+            tupleCount++;
+        }
+        monitor.debug(String.format("Deleting asset %s resulted in %d triples", asset, tupleCount));
+        commit();
+        return tupleCount;
+    }
+
     /**
      * access
      *
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java
index c04f4fc9..24572250 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java
@@ -18,6 +18,7 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.ObjectNode;
+import jakarta.json.Json;
 import jakarta.ws.rs.InternalServerErrorException;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
@@ -43,6 +44,7 @@
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
+import java.util.UUID;
 
 import static java.lang.String.format;
 
@@ -55,33 +57,33 @@ public class DataManagement {
     /**
      * some constants when interacting with control plane
      */
-    public static final String DSP_PATH = "%s/api/v1/dsp";
-    public static final String CATALOG_CALL = "%s/v2/catalog/request";
+    public static final String DSP_PATH = "%1$s/api/v1/dsp";
+    public static final String CATALOG_CALL = "%1$s/v2/catalog/request";
     // catalog request 0.5.>=1
     public static final String CATALOG_REQUEST_BODY = "{" +
             "\"@context\": {}," +
             "\"protocol\": \"dataspace-protocol-http\"," +
-            "\"counterPartyAddress\": \"%s\", " +
-            "\"querySpec\": %s }";
-    // catalog request 0.5.0
-    public static final String CATALOG_REQUEST_BODY_PRERELEASE = "{" +
-            "\"@context\": {}," +
-            "\"protocol\": \"dataspace-protocol-http\"," +
-            "\"providerUrl\": \"%s\", " +
-            "\"querySpec\": %s }";
+            "\"counterPartyAddress\": \"%2$s\", " +
+            "\"counterPartyId\": \"%1$s\", " +
+            "\"querySpec\": %3$s }";
+
+    public static final String ASSET_CREATE_CALL = "%1$s%2$s/assets";
+    public static final String ASSET_UPDATE_CALL = "%1$s%2$s/assets";
 
-    public static final String ASSET_CREATE_CALL = "%s%s/assets";
-    public static final String ASSET_CREATE_BODY = "{\n" +
+    /**
+     * template for skill asset creation
+     */
+    public static final String SKILL_ASSET_CREATE_BODY = "{\n" +
             "    \"@context\": {\n" +
+            "        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"," +
             "        \"rdf\": \"http://www.w3.org/1999/02/22-rdf-syntax-ns#\",\n" +
             "        \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n" +
             "        \"cx-common\": \"https://w3id.org/catenax/ontology/common#\",\n" +
+            "        \"xsd\": \"http://www.w3.org/2001/XMLSchema#\",\n" +
             "        \"sh\": \"http://www.w3.org/ns/shacl#\"\n" +
             "    },\n" +
-            "    \"asset\": {\n" +
-            "        \"@type\": \"Asset\",\n" +
-            "        \"@id\": \"%1$s\", \n" +
-            "        \"properties\": {\n" +
+            "    \"@id\": \"%1$s\", \n" +
+            "    \"properties\": {\n" +
             "            \"name\": \"%2$s\",\n" +
             "            \"description\": \"%3$s\",\n" +
             "            \"version\": \"%4$s\",\n" +
@@ -92,46 +94,9 @@ public class DataManagement {
             "            \"cx-common:implementsProtocol\": \"cx-common:Protocol?w3c:http:SKILL\",\n" +
             "            \"cx-common:distributionMode\": \"%7$s\",\n" +
             "            \"cx-common:isFederated\": \"%8$b^^xsd:boolean\"\n" +
-            "        },\n" +
-            "        \"privateProperties\": {\n" +
-            "            \"cx-common:query\":%9$s\n" +
-            "        }\n" +
-            "    },\n" +
-            "    \"dataAddress\": {\n" +
-            "        \"id\":\"%1$s\",\n" +
-            "        \"@type\": \"DataAddress\",\n" +
-            "        \"type\": \"cx-common:Protocol?w3c:http:SKILL\",\n" +
-            "        \"baseUrl\":\"https://w3id.org/catenax\",\n" +
-            "        \"proxyPath\": \"false\",\n" +
-            "        \"proxyMethod\": \"true\",\n" +
-            "        \"proxyQueryParams\": \"true\",\n" +
-            "        \"proxyBody\": \"true\",\n" +
-            "        \"cx-common:allowServicePattern\": \"%10$s\",\n" +
-            "        \"cx-common:denyServicePattern\": \"%11$s\"\n" +
-            "}\n";
-
-    public static final String SKILL_ASSET_CREATE_BODY_V3 = "{\n" +
-            "    \"@context\": {\n" +
-            "        \"rdf\": \"http://www.w3.org/1999/02/22-rdf-syntax-ns#\",\n" +
-            "        \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n" +
-            "        \"cx-common\": \"https://w3id.org/catenax/ontology/common#\",\n" +
-            "        \"sh\": \"http://www.w3.org/ns/shacl#\"\n" +
-            "    },\n" +
-            "    \"@id\": \"%1$s\", \n" +
-            "    \"properties\": {\n" +
-            "        \"name\": \"%2$s\",\n" +
-            "        \"description\": \"%3$s\",\n" +
-            "        \"version\": \"%4$s\",\n" +
-            "        \"contenttype\": \"application/json, application/xml\",\n" +
-            "%5$s" +
-            "        \"rdf:type\": \"cx-common:SkillAsset\",\n" +
-            "        \"rdfs:isDefinedBy\": \"%6$s\",\n" +
-            "        \"cx-common:implementsProtocol\": \"cx-common:Protocol?w3c:http:SKILL\",\n" +
-            "        \"cx-common:distributionMode\": \"%7$s\",\n" +
-            "        \"cx-common:isFederated\": \"%8$b^^xsd:boolean\"\n" +
             "    },\n" +
             "    \"privateProperties\": {\n" +
-            "        \"cx-common:query\":%9$s\n" +
+            "            \"cx-common:query\":%9$s\n" +
             "    },\n" +
             "    \"dataAddress\": {\n" +
             "        \"id\":\"%1$s\",\n" +
@@ -142,42 +107,34 @@ public class DataManagement {
             "        \"proxyMethod\": \"true\",\n" +
             "        \"proxyQueryParams\": \"true\",\n" +
             "        \"proxyBody\": \"true\",\n" +
-            "        \"cx-common:allowServicePattern\": \"%10$s\",\n" +
-            "        \"cx-common:denyServicePattern\": \"%11$s\"\n" +
+            "        \"cx-common:allowServicePattern\": %10$s,\n" +
+            "        \"cx-common:denyServicePattern\": %11$s\n" +
             "    }\n" +
             "}\n";
 
+
     public static final String ASSET_CALL = "%s%s/assets/request";
 
     // negotiation request 0.5.>=1
-    public static final String NEGOTIATION_REQUEST_BODY = "{\n" +
-            "\"@context\": { \"odrl\": \"http://www.w3.org/ns/odrl/2/\"},\n" +
-            "\"@type\": \"NegotiationInitiateRequestDto\",\n" +
-            "\"connectorAddress\": \"%1$s\",\n" +
-            "\"protocol\": \"dataspace-protocol-http\",\n" +
-            "\"providerId\": \"%3$s\",\n" +
-            "\"connectorId\": \"%2$s\",\n" +
-            "\"offer\": {\n" +
-            "  \"offerId\": \"%4$s\",\n" +
-            "  \"assetId\": \"%5$s\",\n" +
-            "  \"policy\": %6$s\n" +
-            "}\n" +
-            "}";
-
-    // negotiation request 0.5.0 - roles of provider and connector are wrong
-    public static final String NEGOTIATION_REQUEST_BODY_PRERELEASE = "{\n" +
-            "\"@context\": { \"odrl\": \"http://www.w3.org/ns/odrl/2/\"},\n" +
-            "\"@type\": \"NegotiationInitiateRequestDto\",\n" +
-            "\"connectorAddress\": \"%1$s\",\n" +
-            "\"protocol\": \"dataspace-protocol-http\",\n" +
-            "\"providerId\": \"%2$s\",\n" +
-            "\"connectorId\": \"%3$s\",\n" +
-            "\"offer\": {\n" +
-            "  \"offerId\": \"%4$s\",\n" +
-            "  \"assetId\": \"%5$s\",\n" +
-            "  \"policy\": %6$s\n" +
-            "}\n" +
-            "}";
+    public static final String NEGOTIATION_REQUEST_BODY =
+            "{\n" +
+                    "    \"@context\": {\n" +
+                    "        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" +
+                    "    },\n" +
+                    "    \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n" +
+                    "    \"counterPartyAddress\": \"%1$s\",\n" +
+                    "    \"protocol\": \"dataspace-protocol-http\",\n" +
+                    "    \"policy\": {\n" +
+                    "        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n" +
+                    "        \"@type\": \"odrl:Offer\",\n" +
+                    "        \"@id\": \"%4$s\",\n" +
+                    "        \"target\": \"%5$s\",\n" +
+                    "        \"assigner\": \"%3$s\",\n" +
+                    "        \"odrl:permission\": %6$s,\n" +
+                    "        \"odrl:prohibition\": %7$s,\n" +
+                    "        \"odrl:obligation\": %8$s\n" +
+                    "    }\n" +
+                    "}";
 
     public static final String NEGOTIATION_INITIATE_CALL = "%s/v2/contractnegotiations";
     public static final String NEGOTIATION_CHECK_CALL = "%s/v2/contractnegotiations/%s";
@@ -185,24 +142,27 @@ public class DataManagement {
 
     public static final String TRANSFER_REQUEST_BODY = "{\n" +
             "    \"@context\": {\n" +
-            "        \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n" +
+            "        \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" +
             "    },\n" +
+            "    \"@type\": \"TransferRequest\",\n" +
             "    \"assetId\": \"%1$s\",\n" +
-            "    \"connectorAddress\": \"%2$s\",\n" +
-            "    \"connectorId\": \"%5$s\",\n" +
             "    \"contractId\": \"%3$s\",\n" +
+            "    \"counterPartyAddress\": \"%2$s\",\n" +
             "    \"dataDestination\": {\n" +
             "        \"type\": \"HttpProxy\"\n" +
             "    },\n" +
-            "    \"managedResources\": false,\n" +
-            "    \"privateProperties\": {\n" +
-            "        \"receiverHttpEndpoint\": \"%4$s\"\n" +
-            "    },\n" +
             "    \"protocol\": \"dataspace-protocol-http\",\n" +
-            "    \"transferType\": {\n" +
-            "        \"contentType\": \"application/octet-stream\",\n" +
-            "        \"isFinite\": true\n" +
-            "    }\n" +
+            "    \"transferType\": \"HttpData-PULL\",\n" +
+            "    \"privateProperties\": {},\n" +
+            "    \"callbackAddresses\": [\n" +
+            "      {\n" +
+            "        \"transactional\": false,\n" +
+            "        \"uri\": \"%4$s\",\n" +
+            "        \"events\": [\n" +
+            "          \"transfer.process.started\"\n" +
+            "        ]\n" +
+            "      }\n" +
+            "    ] \n" +
             "}";
     public static final String TRANSFER_CHECK_CALL = "%s/v2/transferprocesses/%s";
     public static final String AGREEMENT_CHECK_CALL = "%s/v2/contractagreements/%s";
@@ -244,25 +204,24 @@ public DcatCatalog findContractOffers(String remoteControlPlaneIdsUrl, String as
         QuerySpec findAsset = QuerySpec.Builder.newInstance().filter(
                 List.of(new Criterion("https://w3id.org/edc/v0.0.1/ns/id", "=", assetId))
         ).build();
-        return getCatalog(remoteControlPlaneIdsUrl, findAsset);
+        String partnerId = config.getDataspaceSynchronizationConnectors().entrySet()
+                .stream().filter(entry -> entry.getValue().equals(remoteControlPlaneIdsUrl))
+                .findFirst().map(entry -> entry.getKey()).orElse(UUID.randomUUID().toString());
+        return getCatalog(partnerId, remoteControlPlaneIdsUrl, findAsset);
     }
 
     /**
      * Access the catalogue
      *
+     * @param partnerId                business partner id
      * @param remoteControlPlaneIdsUrl url of the remote control plane ids endpoint
      * @param spec                     query specification
      * @return catalog object
      * @throws IOException in case something went wrong
      */
-    public DcatCatalog getCatalog(String remoteControlPlaneIdsUrl, QuerySpec spec) throws IOException {
+    public DcatCatalog getCatalog(String partnerId, String remoteControlPlaneIdsUrl, QuerySpec spec) throws IOException {
         var url = String.format(CATALOG_CALL, config.getControlPlaneManagementUrl());
-
-        // use a version specific call
-        String template = config.isPrerelease() ? CATALOG_REQUEST_BODY_PRERELEASE : CATALOG_REQUEST_BODY;
-
-        var catalogSpec = String.format(template,
-                String.format(DSP_PATH, remoteControlPlaneIdsUrl), objectMapper.writeValueAsString(spec));
+        var catalogSpec = String.format(CATALOG_REQUEST_BODY, partnerId, String.format(DSP_PATH, remoteControlPlaneIdsUrl), objectMapper.writeValueAsString(spec));
 
         var request = new Request.Builder().url(url).post(RequestBody.create(catalogSpec, MediaType.parse("application/json")));
         config.getControlPlaneManagementHeaders().forEach(request::addHeader);
@@ -290,10 +249,10 @@ public DcatCatalog getCatalog(String remoteControlPlaneIdsUrl, QuerySpec spec) t
      */
     public List<Asset> listAssets(QuerySpec spec) throws IOException {
 
-        String version = config.isPrerelease() ? "/v2" : "/v3";
+        String version = "/v3";
         var url = String.format(ASSET_CALL, config.getControlPlaneManagementProviderUrl(), version);
         var assetObject = (ObjectNode) objectMapper.readTree(objectMapper.writeValueAsString(spec));
-        assetObject.put("@context", objectMapper.createObjectNode());
+        assetObject.set("@context", objectMapper.createObjectNode());
         var assetSpec = objectMapper.writeValueAsString(assetObject);
 
         var request = new Request.Builder().url(url).post(RequestBody.create(assetSpec, MediaType.parse("application/json")));
@@ -314,7 +273,48 @@ public List<Asset> listAssets(QuerySpec spec) throws IOException {
     }
 
     /**
-     * creates or updates a given asset
+     * helper to create or update assets
+     *
+     * @param assetSpec json text of the asset description
+     * @return a response listing the id of the created/updated asset
+     * @throws IOException in case something goes wrong
+     */
+    protected IdResponse createOrUpdateAsset(String assetId, String assetSpec) throws IOException {
+        String version = "/v3";
+        var url = String.format(ASSET_CREATE_CALL, config.getControlPlaneManagementProviderUrl(), version);
+        var request = new Request.Builder().url(url).post(RequestBody.create(assetSpec, MediaType.parse("application/json")));
+        config.getControlPlaneManagementHeaders().forEach(request::addHeader);
+
+        try (var response = httpClient.newCall(request.build()).execute()) {
+            ResponseBody body = response.body();
+
+            if (!response.isSuccessful() || body == null) {
+
+                if (response.code() != 409 || body == null) {
+                    throw new InternalServerErrorException(format("Control plane responded with: %s %s", response.code(), body != null ? body.string() : ""));
+                }
+
+                url = String.format(ASSET_UPDATE_CALL, config.getControlPlaneManagementProviderUrl(), version, assetId);
+                var patchRequest = new Request.Builder().url(url).put(RequestBody.create(assetSpec, MediaType.parse("application/json")));
+                config.getControlPlaneManagementHeaders().forEach(patchRequest::addHeader);
+
+                try (var patchResponse = httpClient.newCall(patchRequest.build()).execute()) {
+                    body = patchResponse.body();
+                    if (!patchResponse.isSuccessful() || body == null) {
+                        monitor.warning(format("Failure in updating the resource at %s. Ignoring", url));
+                        return null;
+                    }
+                }
+            }
+            return JsonLd.processIdResponse(body.string());
+        } catch (Exception e) {
+            monitor.severe(format("Error in calling the control plane at %s", url), e);
+            throw e;
+        }
+    }
+
+    /**
+     * creates or updates a given skill asset
      *
      * @param assetId             key
      * @param name                of skill
@@ -333,15 +333,12 @@ public List<Asset> listAssets(QuerySpec spec) throws IOException {
     public IdResponse createOrUpdateSkill(String assetId, String name, String description, String version, String contract,
                                           String ontologies, String distributionMode, boolean isFederated, String query, String allowServicePattern,
                                           String denyServicePattern) throws IOException {
-
-        String apiVersion = config.isPrerelease() ? "/v2" : "/v3";
-        var url = String.format(ASSET_CREATE_CALL, config.getControlPlaneManagementProviderUrl(), apiVersion);
         if (contract != null) {
             contract = String.format("            \"cx-common:publishedUnderContract\": \"%1$s\",\n", contract);
         } else {
             contract = "";
         }
-        String spec = config.isPrerelease() ? ASSET_CREATE_BODY : SKILL_ASSET_CREATE_BODY_V3;
+        String body = SKILL_ASSET_CREATE_BODY;
 
         if (allowServicePattern == null) {
             allowServicePattern = config.getServiceAllowPattern().pattern();
@@ -349,40 +346,42 @@ public IdResponse createOrUpdateSkill(String assetId, String name, String descri
         if (denyServicePattern == null) {
             denyServicePattern = config.getServiceDenyPattern().pattern();
         }
-        var assetSpec = String.format(spec, assetId, name, description, version, contract, ontologies, distributionMode,
-                isFederated, query, allowServicePattern, denyServicePattern);
 
-        var request = new Request.Builder().url(url).post(RequestBody.create(assetSpec, MediaType.parse("application/json")));
-        config.getControlPlaneManagementHeaders().forEach(request::addHeader);
+        allowServicePattern     = Json.createValue(allowServicePattern).toString();
+        denyServicePattern = Json.createValue(denyServicePattern).toString();
 
-        try (var response = httpClient.newCall(request.build()).execute()) {
-            ResponseBody body = response.body();
+        var assetSpec = String.format(body, assetId, name, description, version, contract, ontologies, distributionMode,
+                isFederated, query, allowServicePattern, denyServicePattern);
 
-            if (!response.isSuccessful()) {
-                if (response.code() != 409 || body == null) {
-                    throw new InternalServerErrorException(format("Control plane responded with: %s %s", response.code(), body != null ? body.string() : ""));
-                }
+        return createOrUpdateAsset(assetId, assetSpec);
+    }
 
-                var putRequest = new Request.Builder().url(url).put(RequestBody.create(assetSpec, MediaType.parse("application/json")));
-                config.getControlPlaneManagementHeaders().forEach(putRequest::addHeader);
+    /**
+     * deletes an existing aseet
+     *
+     * @param assetId key of the asset
+     * @return idresponse
+     */
 
-                try (var putResponse = httpClient.newCall(putRequest.build()).execute()) {
-                    body = putResponse.body();
-                    if (!putResponse.isSuccessful() || body == null) {
-                        throw new InternalServerErrorException(format("Control plane responded with: %s %s", response.code(), body != null ? body.string() : ""));
-                    }
-                    return new IdResponse(jakarta.json.Json.createObjectBuilder().add("@id", "assetId").build());
-                }
+    public IdResponse deleteAsset(String assetId) throws IOException {
+        String version = "/v3";
+        var url = String.format(ASSET_UPDATE_CALL, config.getControlPlaneManagementProviderUrl(), version, assetId);
+        var request = new Request.Builder().url(url).delete();
+        config.getControlPlaneManagementHeaders().forEach(request::addHeader);
+        try (var response = httpClient.newCall(request.build()).execute()) {
+            ResponseBody body = response.body();
+            if (response.isSuccessful() && body != null) {
+                return JsonLd.processIdResponse(body.string());
+            } else {
+                monitor.warning(format("Failure in calling the control plane at %s. Ignoring", url));
+                return null;
             }
-
-            return JsonLd.processIdResponse(body.string());
         } catch (Exception e) {
             monitor.severe(format("Error in calling the control plane at %s", url), e);
             throw e;
         }
     }
 
-
     /**
      * initiates negotation
      *
@@ -394,7 +393,7 @@ public String initiateNegotiation(ContractNegotiationRequest negotiationRequest)
         var url = String.format(NEGOTIATION_INITIATE_CALL, config.getControlPlaneManagementUrl());
 
         // use a version specific call
-        String template = config.isPrerelease() ? NEGOTIATION_REQUEST_BODY_PRERELEASE : NEGOTIATION_REQUEST_BODY;
+        String template = NEGOTIATION_REQUEST_BODY;
 
         var negotiateSpec = String.format(template,
                 negotiationRequest.getConnectorAddress(),
@@ -402,7 +401,10 @@ public String initiateNegotiation(ContractNegotiationRequest negotiationRequest)
                 negotiationRequest.getRemoteBusinessPartnerNumber(),
                 negotiationRequest.getOffer().getOfferId(),
                 negotiationRequest.getOffer().getAssetId(),
-                negotiationRequest.getOffer().getPolicy().asString());
+                negotiationRequest.getOffer().getPolicy().getPermissionAsString(),
+                negotiationRequest.getOffer().getPolicy().getObligationAsString(),
+                negotiationRequest.getOffer().getPolicy().getProhibitionAsString()
+                );
 
         var requestBody = RequestBody.create(negotiateSpec, MediaType.parse("application/json"));
 
@@ -461,7 +463,7 @@ public ContractNegotiation getNegotiation(String negotiationId) throws IOExcepti
     }
 
     /**
-     * access a pending agreement
+     * get a contract agreement by its id
      *
      * @param agreementId id of the agreement
      * @return contract agreement
@@ -504,8 +506,7 @@ public String initiateHttpProxyTransferProcess(TransferRequest transferRequest)
                 transferRequest.getAssetId(),
                 transferRequest.getConnectorAddress(),
                 transferRequest.getContractId(),
-                transferRequest.getCallbackAddresses().get(0).getUri(),
-                transferRequest.getConnectorAddress());
+                transferRequest.getCallbackAddresses().get(0).getUri());
 
         var requestBody = RequestBody.create(transferSpec, MediaType.parse("application/json"));
 
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java
index d670322b..52a4753c 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java
@@ -183,9 +183,9 @@ public synchronized void start() {
         if (!isStarted) {
             isStarted = true;
             long interval = config.getDataspaceSynchronizationInterval();
-            String[] connectors = config.getDataspaceSynchronizationConnectors();
-            if (interval > 0 && connectors != null && connectors.length > 0) {
-                monitor.info(String.format("Starting dataspace synchronization on %d connectors with interval %d milliseconds", connectors.length, interval));
+            Map<String, String> connectors = config.getDataspaceSynchronizationConnectors();
+            if (interval > 0 && connectors != null && connectors.size() > 0) {
+                monitor.info(String.format("Starting dataspace synchronization on %d connectors with interval %d milliseconds", connectors.size(), interval));
                 service.schedule(this, interval, TimeUnit.MILLISECONDS);
             }
         }
@@ -209,16 +209,16 @@ public synchronized void shutdown() {
     public void run() {
         monitor.debug("Synchronization run has been started");
         if (isStarted) {
-            for (String remote : config.getDataspaceSynchronizationConnectors()) {
+            for (Map.Entry<String, String> remote : config.getDataspaceSynchronizationConnectors().entrySet()) {
                 if (isStarted) {
                     monitor.debug(String.format("About to synchronize remote connector %s", remote));
                     rdfStore.startTx();
                     try {
-                        DcatCatalog catalog = dataManagement.getCatalog(remote, FEDERATED_ASSET_QUERY);
+                        DcatCatalog catalog = dataManagement.getCatalog(remote.getKey(), remote.getValue(), FEDERATED_ASSET_QUERY);
                         Node graph = rdfStore.getDefaultGraph();
-                        Node connector = NodeFactory.createURI(remote.replace("https", "edcs").replace("http", "edc"));
+                        Node connector = NodeFactory.createURI(remote.getValue().replace("https", "edcs").replace("http", "edc"));
                         deleteConnectorFacts(graph, connector);
-                        addConnectorFacts(remote, catalog, graph, connector);
+                        addConnectorFacts(remote.getValue(), catalog, graph, connector);
                         rdfStore.commit();
                     } catch (Throwable io) {
                         monitor.warning(String.format("Could not synchronize remote connector %s because of %s. Going ahead.", remote, io));
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java
index c722cdf3..e285160b 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java
@@ -29,6 +29,7 @@
 import java.io.IOException;
 import java.util.List;
 import java.util.Optional;
+import java.util.regex.Matcher;
 
 /**
  * Implements a skill store based on EDC assets
@@ -47,7 +48,8 @@ public EdcSkillStore(DataManagement management, TypeManager typeManager, AgentCo
 
     @Override
     public boolean isSkill(String key) {
-        return SkillStore.matchSkill(key).matches();
+        Matcher matcher = config.getAssetReferencePattern().matcher(key);
+        return matcher.matches() && matcher.group("asset").contains("Skill");
     }
 
     @Override
@@ -64,6 +66,9 @@ public String put(String key, String skill, String name, String description, Str
         if (contract == null) {
             contract = config.getDefaultSkillContract();
         }
+        if (dist == null) {
+            dist = SkillDistribution.ALL;
+        }
         String ontologiesString = String.join(",", ontologies);
         try {
             return management.createOrUpdateSkill(
diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java
index cd7a4acf..ed5f7a36 100644
--- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java
+++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java
@@ -16,12 +16,14 @@
 // SPDX-License-Identifier: Apache-2.0
 package org.eclipse.tractusx.agents.edc.service;
 
+import org.eclipse.tractusx.agents.edc.AgentConfig;
 import org.eclipse.tractusx.agents.edc.SkillDistribution;
 import org.eclipse.tractusx.agents.edc.SkillStore;
 
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
+import java.util.regex.Matcher;
 
 /**
  * An in-memory store for local skills
@@ -31,15 +33,20 @@ public class InMemorySkillStore implements SkillStore {
     // temporary local skill store
     protected final Map<String, String> skills = new HashMap<>();
 
+    protected AgentConfig config;
+
     /**
      * create the store
      */
-    public InMemorySkillStore() {
+    public InMemorySkillStore(AgentConfig config) {
+        this.config = config;
     }
 
+
     @Override
     public boolean isSkill(String key) {
-        return SkillStore.matchSkill(key).matches();
+        Matcher matcher = config.getAssetReferencePattern().matcher(key);
+        return matcher.matches() && matcher.group("asset").contains("Skill");
     }
 
     @Override
diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java
index 13191e17..1269ed6a 100644
--- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java
+++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java
@@ -55,7 +55,7 @@ public MockAgreementController() {
     @Override
     public EndpointDataReference get(String assetId) {
         EndpointDataReference.Builder builder= EndpointDataReference.Builder.newInstance();
-        builder.endpoint(String.format("http://localhost:%d/%s#%s",port,path,assetId));
+        builder.id(assetId).contractId(assetId).endpoint(String.format("http://localhost:%d/%s#%s",port,path,assetId));
         return builder.build();
     }
 
diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java
index 6ab99daf..9b0c5be5 100644
--- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java
+++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java
@@ -26,6 +26,7 @@
 import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor;
 import okhttp3.*;
 import org.apache.jena.sparql.service.ServiceExecutorRegistry;
+import org.eclipse.edc.json.JacksonTypeManager;
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.tractusx.agents.edc.*;
 import org.junit.jupiter.api.AfterEach;
@@ -73,13 +74,13 @@ public class TestAgentController extends RestControllerTestBase {
     OkHttpClient client=new OkHttpClient();
     AgreementController mockController = new MockAgreementController("test",port);
     ExecutorService threadedExecutor= Executors.newSingleThreadExecutor();
-    TypeManager typeManager = new TypeManager();
+    TypeManager typeManager = new JacksonTypeManager();
     DataspaceServiceExecutor exec=new DataspaceServiceExecutor(monitor,mockController,agentConfig,client,threadedExecutor,typeManager);
     RdfStore store = new RdfStore(agentConfig,monitor);
 
 
     SparqlQueryProcessor processor=new SparqlQueryProcessor(serviceExecutorReg,monitor,agentConfig,store, typeManager);
-    InMemorySkillStore skillStore=new InMemorySkillStore();
+    InMemorySkillStore skillStore=new InMemorySkillStore(agentConfig);
 
     DelegationServiceImpl delegationService=new DelegationServiceImpl(mockController,monitor,client,typeManager,agentConfig);
     AgentController agentController=new AgentController(monitor,mockController,agentConfig,processor,skillStore,delegationService);
diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java
index 49daa7cb..e4153271 100644
--- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java
+++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java
@@ -26,6 +26,7 @@
 import okhttp3.*;
 import org.apache.jena.graph.Node;
 import org.apache.jena.sparql.core.Quad;
+import org.eclipse.edc.json.JacksonTypeManager;
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.tractusx.agents.edc.AgentConfig;
 import org.junit.jupiter.api.AfterEach;
@@ -59,7 +60,7 @@ public class TestDataspaceSynchronizer {
     ScheduledExecutorService threadedExecutor = Executors.newSingleThreadScheduledExecutor();
     RdfStore store = new RdfStore(agentConfig, monitor);
 
-    TypeManager typeManager = new TypeManager();
+    TypeManager typeManager = new JacksonTypeManager();
 
     DataManagement dm = new DataManagement(monitor, typeManager, client, agentConfig);
     DataspaceSynchronizer synchronizer = new DataspaceSynchronizer(threadedExecutor, agentConfig, dm, store, monitor);
@@ -122,7 +123,7 @@ private static JsonObjectBuilder createOffer() {
         JsonObjectBuilder offerBuilder = Json.createObjectBuilder()
                 .add("@id", "cx-taxo:GraphAsset?test=ExampleAsset")
                 .add("https://w3id.org/edc/v0.0.1/ns/contenttype", "application/json, application/xml")
-                .add("https://w3id.org/catenax/ontology/common#version", "1.12.18-SNAPSHOT")
+                .add("https://w3id.org/catenax/ontology/common#version", "1.12.19-SNAPSHOT")
                 .add("https://w3id.org/catenax/ontology/common#name", "Test Asset")
                 .add("https://w3id.org/catenax/ontology/common#description", "Test Asset for RDF Representation")
                 .add("https://w3id.org/catenax/ontology/common#description@de", "Beispiel Asset für RDF Darstellung")
@@ -211,7 +212,7 @@ public void testCatalogDeserialization() {
                 "                },\n" +
                 "                \"dcat:accessService\": \"ddd4b79e-f785-4e71-9fe5-4a177b3ccf54\"\n" +
                 "            },\n" +
-                "            \"edc:version\": \"1.12.18-SNAPSHOT\",\n" +
+                "            \"edc:version\": \"1.12.19-SNAPSHOT\",\n" +
                 "            \"http://www.w3.org/2000/01/rdf-schema#isDefinedBy\": \"<https://w3id.org/catenax/ontology/diagnosis>\",\n" +
                 "            \"edc:name\": \"Diagnostic Trouble Code Catalogue Version 2022\",\n" +
                 "            \"http://www.w3.org/ns/shacl#shapesGraph\": \"@prefix cx-common: <https://w3id.org/catenax/ontology/common#>. \\n@prefix : <https://w3id.org/catenax/taxonomy#GraphAsset?oem=Diagnosis2022&shapeObject=> .\\n@prefix cx-diag: <https://w3id.org/catenax/ontology/diagnosis#> .\\n@prefix owl: <http://www.w3.org/2002/07/owl#> .\\n@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .\\n@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .\\n@prefix sh: <http://www.w3.org/ns/shacl#> .\\n\\n:OemDTC rdf:type sh:NodeShape ;\\n  sh:targetClass cx-diag:DTC ;\\n  sh:property [\\n        sh:path cx-diag:provisionedBy ;\\n        sh:hasValue <urn:bpn:legal:BPNL00000003COJN> ;\\n    ] ;\\n  sh:property [\\n        sh:path cx-diag:version ;\\n        sh:hasValue \\\"0\\\"^^xsd:long ;\\n    ] ;\\n  sh:property [\\n        sh:path cx-diag:affects ;\\n        sh:class :OemDiagnosedParts ;\\n    ].\\n\\n:OemDiagnosedParts rdf:type sh:NodeShape ;\\n  sh:targetClass cx-diag:DiagnosedPart ;\\n  sh:property [\\n        sh:path cx-diag:provisionedBy ;\\n        sh:hasValue <urn:bpn:legal:BPNL00000003COJN> ;\\n    ] .\\n\",\n" +
diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java
index 36878012..e082f954 100644
--- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java
+++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java
@@ -20,6 +20,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import okhttp3.*;
 import org.apache.jena.sparql.service.ServiceExecutorRegistry;
+import org.eclipse.edc.json.JacksonTypeManager;
 import org.eclipse.edc.spi.monitor.ConsoleMonitor;
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.tractusx.agents.edc.*;
@@ -50,7 +51,7 @@ public class TestSparqlProcessor {
     OkHttpClient client=new OkHttpClient();
     AgreementController mockController = new MockAgreementController();
     ExecutorService threadedExecutor= Executors.newSingleThreadExecutor();
-    TypeManager typeManager = new TypeManager();
+    TypeManager typeManager = new JacksonTypeManager();
     DataspaceServiceExecutor exec=new DataspaceServiceExecutor(monitor,mockController,agentConfig,client,threadedExecutor,typeManager);
     RdfStore store = new RdfStore(agentConfig,monitor);
 
diff --git a/agent-plane/agentplane-azure-vault/README.md b/agent-plane/agentplane-azure-vault/README.md
index 2de37cfe..782b6062 100644
--- a/agent-plane/agentplane-azure-vault/README.md
+++ b/agent-plane/agentplane-azure-vault/README.md
@@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image
 Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using
 
 ```console
-docker build -t tractusx//agentplane-azure-vault:1.12.18-SNAPSHOT -f src/main/docker/Dockerfile .
+docker build -t tractusx//agentplane-azure-vault:1.12.19-SNAPSHOT -f src/main/docker/Dockerfile .
 ```
 
 To run the docker image, you could invoke this command
diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml
index 70c52271..e22f9e9f 100644
--- a/agent-plane/agentplane-azure-vault/pom.xml
+++ b/agent-plane/agentplane-azure-vault/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents.edc</groupId>
         <artifactId>agent-plane</artifactId>
-        <version>1.12.18-SNAPSHOT</version>
+        <version>1.12.19-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -174,6 +174,12 @@
             <groupId>net.minidev</groupId>
             <artifactId>json-smart</artifactId>
             <version>${net.minidev.jsonsmart.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.ow2.asm</groupId>
+                    <artifactId>asm</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -214,6 +220,13 @@
             <version>${project.version}</version>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/software.amazon.awssdk/utils -->
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>utils</artifactId>
+            <version>${awssdk.version}</version>
+        </dependency>
+
         <!-- Test -->
         <dependency>
             <groupId>org.junit.jupiter</groupId>
diff --git a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
index abc440bd..43210948 100644
--- a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
+++ b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile
@@ -18,14 +18,14 @@
 
 FROM alpine:3.19.0 AS otel
 
-ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
+ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.27.0/opentelemetry-javaagent.jar"
 
 HEALTHCHECK NONE
 
 RUN apk update && apk add curl=8.5.0-r0 --no-cache
 RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar
 
-FROM eclipse-temurin:17-jre-alpine
+FROM eclipse-temurin:22_36-jre-alpine
 
 ARG APP_USER=docker
 ARG APP_UID=10100
diff --git a/agent-plane/agentplane-hashicorp/README.md b/agent-plane/agentplane-hashicorp/README.md
index b2be868b..8d7a3e64 100644
--- a/agent-plane/agentplane-hashicorp/README.md
+++ b/agent-plane/agentplane-hashicorp/README.md
@@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image
 Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using
 
 ```console
-docker build -t tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT -f src/main/docker/Dockerfile .
+docker build -t tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT -f src/main/docker/Dockerfile .
 ```
 
 To run the docker image, you could invoke this command
@@ -66,7 +66,7 @@ docker run -p 8082:8082 \
   -v $(pwd)/resources/dataplane.properties:/app/configuration.properties \
   -v $(pwd)/resources/opentelemetry.properties:/app/opentelemetry.properties \
   -v $(pwd)/resources/logging.properties:/app/logging.properties \
-  tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT
+  tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT
 ````
 
 Afterwards, you should be able to access the [local SparQL endpoint](http://localhost:8082/api/agent) via
diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml
index 089f3e2a..5d77f23e 100644
--- a/agent-plane/agentplane-hashicorp/pom.xml
+++ b/agent-plane/agentplane-hashicorp/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents.edc</groupId>
         <artifactId>agent-plane</artifactId>
-        <version>1.12.18-SNAPSHOT</version>
+        <version>1.12.19-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -153,6 +153,10 @@
                     <groupId>com.squareup.okio</groupId>
                     <artifactId>okio</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>io.netty</groupId>
+                    <artifactId>netty-transport-classes-epoll</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
 
@@ -176,6 +180,25 @@
             <version>${project.version}</version>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/software.amazon.awssdk/utils -->
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>utils</artifactId>
+            <version>${awssdk.version}</version>
+        </dependency>
+
+        <!-- json-smart -->
+        <dependency>
+            <groupId>net.minidev</groupId>
+            <artifactId>json-smart</artifactId>
+            <version>${net.minidev.jsonsmart.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.ow2.asm</groupId>
+                    <artifactId>asm</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
 
         <!-- Test -->
         <dependency>
diff --git a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
index aad28394..e36a378a 100644
--- a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
+++ b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile
@@ -17,14 +17,14 @@
 
 FROM alpine:3.19.0 AS otel
 
-ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
+ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.27.0/opentelemetry-javaagent.jar"
 
 HEALTHCHECK NONE
 
 RUN apk update && apk add curl=8.5.0-r0 --no-cache
 RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar
 
-FROM eclipse-temurin:17-jre-alpine
+FROM eclipse-temurin:22_36-jre-alpine
 
 ARG APP_USER=docker
 ARG APP_UID=10100
diff --git a/agent-plane/pom.xml b/agent-plane/pom.xml
index 0afb0d58..89903210 100644
--- a/agent-plane/pom.xml
+++ b/agent-plane/pom.xml
@@ -28,7 +28,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents</groupId>
         <artifactId>edc</artifactId>
-        <version>1.12.18-SNAPSHOT</version>
+        <version>1.12.19-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>    
     </parent>
     <name>Tractus-X EDC Agent Plane</name>
diff --git a/charts/README.md b/charts/README.md
index bac9da9c..a6bb9123 100644
--- a/charts/README.md
+++ b/charts/README.md
@@ -20,11 +20,9 @@
 
 # Helm Charts
 
-This folder contains ready-made charts for the following variants of the Agent-Enabled EDC
+This folder contains ready-made charts for obtaining an Agent-Enabled EDC
 
-- [Agent-Enabled EDC based on Hashicorp Vault and PostgreSQL persistence](agent-connector) 
-- [Agent-Enabled EDC based on Azure Vault and PostgreSQL persistence](agent-connector-azure-vault) 
-- [Agent-Enabled EDC based on Hashicorp Vault and in-memory persistence](agent-connector-memory)
+- [Agent-Enabled Dataplane](agent-plane)
 
 ## Chart Linting
 
diff --git a/charts/agent-connector-azure-vault/README.md b/charts/agent-connector-azure-vault/README.md
deleted file mode 100644
index a59d21a7..00000000
--- a/charts/agent-connector-azure-vault/README.md
+++ /dev/null
@@ -1,383 +0,0 @@
-<!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0.
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
-
--->
-
-# agent-connector-azure-vault
-
-![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square)
-
-A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector configured against Azure Vault. This is a variant of [the Tractus-X Azure Vault Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-azure-vault) which allows
-to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
-Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included.
-
-This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault.
-
-**Homepage:** <https://github.com/eclipse-tractusx/knowledge-agents-edc/>
-
-## Setting up your BPNL and the Control Plane's Management API Key
-
-The secure API-Key that is shared between control and agent plane is configured in the following property:
-- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls).
-
-You should set your BPNL in the folloing property:
-- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding.
-
-## Setting up Azure Vault
-
-You should set your BPNL in the folloing property:
-- 'vault.azure.name': Name of the vault
-- 'vault.azure.client': Id of the registered application that this EDC represents
-- 'vault.azure.tenant': Id of the subscription that the vault runs into
-- 'vault.azure.secret' or 'vault.azure.certificate': the secret/credential to use when interacting with Azure Vault
-
-### Setting up the transfer token encryption
-
-Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
-you should setup a private/public certificate as well as a symmetric AES key.
-
-- 'vault.secretNames.transferProxyTokenSignerPrivateKey':
-- 'vault.secretNames.transferProxyTokenSignerPublicKey':
-- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
-
-## Setting up SSI
-
-### Preconditions
-
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
-  Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
-- the client ID and client secret corresponding to that account must be known
-
-### Preparatory work
-
-- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows:
- ```bash
- az keyvault secret set --vault-name <YOUR_VAULT_NAME> --name client-secret --value "$YOUR_CLIENT_SECRET"
- ```
- By default, Tractus-X EDC expects to find the secret under `client-secret`.
-
-### Configure the chart
-
-Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
-## Setting up the Agent Planes
-
-Make sure to adapt the Agent Plane's application-facing endpoint security:
-- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt)
-- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key
-- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault
-- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found
-- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true)
-
-Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. 
-- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata.
-- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties.
-- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors.
-- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists.
-
-Be sure to adapt the agent configuration
-- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors.
-- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets.
-- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues.
-- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue.
-
-### Launching the application
-
-As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml)
-to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually.
-Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
-
-```shell
-helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1.12.18-SNAPSHOT\
-     -f <path-to>/tractusx-connector-azure-vault-test.yaml \
-     --set vault.azure.name=$AZURE_VAULT_NAME \
-     --set vault.azure.client=$AZURE_CLIENT_ID \
-     --set vault.azure.secret=$AZURE_CLIENT_SECRET \
-     --set vault.azure.tenant=$AZURE_TENANT_ID
-```
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| Tractus-X Knowledge Agents Team |  |  |
-
-## Source Code
-
-* <https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector>
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.1.6 |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| backendService.httpProxyTokenReceiverUrl | string | `""` |  |
-| controlplane.affinity | object | `{}` |  |
-| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
-| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
-| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
-| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
-| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
-| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` |  |
-| controlplane.debug.enabled | bool | `false` |  |
-| controlplane.debug.port | int | `1044` |  |
-| controlplane.debug.suspendOnStart | bool | `false` |  |
-| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
-| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
-| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
-| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
-| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
-| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls |
-| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls |
-| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
-| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
-| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
-| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
-| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing |
-| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls |
-| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls |
-| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
-| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
-| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
-| controlplane.env.EDC_JSONLD_HTTPS_ENABLED | string | `"true"` |  |
-| controlplane.envConfigMapNames | list | `[]` |  |
-| controlplane.envSecretNames | list | `[]` |  |
-| controlplane.envValueFrom | object | `{}` |  |
-| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
-| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically |
-| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add |
-| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| controlplane.ingresses[0].enabled | bool | `false` |  |
-| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource |
-| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
-| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add |
-| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| controlplane.ingresses[1].enabled | bool | `false` |  |
-| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource |
-| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name |
-| controlplane.initContainers | list | `[]` |  |
-| controlplane.limits.cpu | float | `1.5` |  |
-| controlplane.limits.memory | string | `"512Mi"` |  |
-| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
-| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
-| controlplane.nodeSelector | object | `{}` |  |
-| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
-| controlplane.podAnnotations | object | `{}` | additional annotations for the pod |
-| controlplane.podLabels | object | `{}` | additional labels for the pod |
-| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
-| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
-| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
-| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
-| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
-| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds |
-| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| controlplane.replicaCount | int | `1` |  |
-| controlplane.requests.cpu | string | `"500m"` |  |
-| controlplane.requests.memory | string | `"128Mi"` |  |
-| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
-| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
-| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
-| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
-| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
-| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
-| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
-| controlplane.service.annotations | object | `{}` |  |
-| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
-| controlplane.ssi.miw.url | string | `""` | MIW URL |
-| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. |
-| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
-| controlplane.tolerations | list | `[]` |  |
-| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
-| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
-| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
-| customLabels | object | `{}` | To add some custom labels |
-| dataplanes.dataplane.affinity | object | `{}` |  |
-| dataplanes.dataplane.agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"matchmaking":{},"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
-| dataplanes.dataplane.agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with |
-| dataplanes.dataplane.agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
-| dataplanes.dataplane.agent.matchmaking | object | `{}` | Refers to an external matchmaking agent, set to a url string |
-| dataplanes.dataplane.agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services |
-| dataplanes.dataplane.agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls |
-| dataplanes.dataplane.agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) |
-| dataplanes.dataplane.agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) |
-| dataplanes.dataplane.agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue |
-| dataplanes.dataplane.auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries |
-| dataplanes.dataplane.auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service |
-| dataplanes.dataplane.auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. |
-| dataplanes.dataplane.auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt |
-| dataplanes.dataplane.auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas |
-| dataplanes.dataplane.auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation |
-| dataplanes.dataplane.auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt |
-| dataplanes.dataplane.auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally |
-| dataplanes.dataplane.auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) |
-| dataplanes.dataplane.auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead |
-| dataplanes.dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
-| dataplanes.dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
-| dataplanes.dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
-| dataplanes.dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
-| dataplanes.dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
-| dataplanes.dataplane.aws.accessKeyId | string | `""` |  |
-| dataplanes.dataplane.aws.endpointOverride | string | `""` |  |
-| dataplanes.dataplane.aws.secretAccessKey | string | `""` |  |
-| dataplanes.dataplane.configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
-| dataplanes.dataplane.configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
-| dataplanes.dataplane.debug.enabled | bool | `false` |  |
-| dataplanes.dataplane.debug.port | int | `1044` |  |
-| dataplanes.dataplane.debug.suspendOnStart | bool | `false` |  |
-| dataplanes.dataplane.destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
-| dataplanes.dataplane.endpoints.callback.path | string | `"/callback"` |  |
-| dataplanes.dataplane.endpoints.callback.port | int | `8087` |  |
-| dataplanes.dataplane.endpoints.control.path | string | `"/api/dataplane/control"` |  |
-| dataplanes.dataplane.endpoints.control.port | int | `8083` |  |
-| dataplanes.dataplane.endpoints.default.path | string | `"/api"` |  |
-| dataplanes.dataplane.endpoints.default.port | int | `8080` |  |
-| dataplanes.dataplane.endpoints.metrics.path | string | `"/metrics"` |  |
-| dataplanes.dataplane.endpoints.metrics.port | int | `9090` |  |
-| dataplanes.dataplane.endpoints.proxy.path | string | `"/proxy"` |  |
-| dataplanes.dataplane.endpoints.proxy.port | int | `8186` |  |
-| dataplanes.dataplane.endpoints.public.path | string | `"/api/public"` |  |
-| dataplanes.dataplane.endpoints.public.port | int | `8081` |  |
-| dataplanes.dataplane.env | object | `{}` |  |
-| dataplanes.dataplane.envConfigMapNames | list | `[]` |  |
-| dataplanes.dataplane.envSecretNames | list | `[]` |  |
-| dataplanes.dataplane.envValueFrom | object | `{}` |  |
-| dataplanes.dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
-| dataplanes.dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
-| dataplanes.dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| dataplanes.dataplane.ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} |
-| dataplanes.dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| dataplanes.dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| dataplanes.dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| dataplanes.dataplane.ingresses[0].enabled | bool | `false` |  |
-| dataplanes.dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource |
-| dataplanes.dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| dataplanes.dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| dataplanes.dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| dataplanes.dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
-| dataplanes.dataplane.initContainers | list | `[]` |  |
-| dataplanes.dataplane.limits.cpu | float | `1.5` |  |
-| dataplanes.dataplane.limits.memory | string | `"1024Mi"` |  |
-| dataplanes.dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| dataplanes.dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| dataplanes.dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
-| dataplanes.dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| dataplanes.dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| dataplanes.dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| dataplanes.dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
-| dataplanes.dataplane.name | string | `"agentplane"` | the name of the dataplane |
-| dataplanes.dataplane.nodeSelector | object | `{}` |  |
-| dataplanes.dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
-| dataplanes.dataplane.podAnnotations | object | `{}` | additional annotations for the pod |
-| dataplanes.dataplane.podLabels | object | `{}` | additional labels for the pod |
-| dataplanes.dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
-| dataplanes.dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
-| dataplanes.dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
-| dataplanes.dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
-| dataplanes.dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| dataplanes.dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| dataplanes.dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| dataplanes.dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
-| dataplanes.dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| dataplanes.dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| dataplanes.dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| dataplanes.dataplane.replicaCount | int | `1` |  |
-| dataplanes.dataplane.requests.cpu | string | `"500m"` |  |
-| dataplanes.dataplane.requests.memory | string | `"128Mi"` |  |
-| dataplanes.dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
-| dataplanes.dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
-| dataplanes.dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
-| dataplanes.dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
-| dataplanes.dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
-| dataplanes.dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
-| dataplanes.dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
-| dataplanes.dataplane.service.port | int | `80` |  |
-| dataplanes.dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| dataplanes.dataplane.sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
-| dataplanes.dataplane.tolerations | list | `[]` |  |
-| dataplanes.dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
-| dataplanes.dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
-| dataplanes.dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
-| fullnameOverride | string | `""` |  |
-| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| imageRegistry | string | `"docker.io/"` | Image registry to use |
-| install.postgresql | bool | `true` |  |
-| nameOverride | string | `""` |  |
-| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component |
-| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) |
-| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component |
-| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
-| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
-| participant.id | string | `""` | BPN Number |
-| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| serviceAccount.name | string | `""` |  |
-| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
-| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
-| vault.azure.certificate | string | `nil` |  |
-| vault.azure.client | string | `""` |  |
-| vault.azure.name | string | `""` |  |
-| vault.azure.secret | string | `nil` |  |
-| vault.azure.tenant | string | `""` |  |
-| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` |  |
-| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` |  |
-| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` |  |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
diff --git a/charts/agent-connector-azure-vault/README.md.gotmpl b/charts/agent-connector-azure-vault/README.md.gotmpl
deleted file mode 100644
index 2aa860fa..00000000
--- a/charts/agent-connector-azure-vault/README.md.gotmpl
+++ /dev/null
@@ -1,131 +0,0 @@
-<!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0.
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
-
--->
-
-{{ template "chart.header" . }}
-
-{{ template "chart.deprecationWarning" . }}
-
-{{ template "chart.badgesSection" . }}
-
-{{ template "chart.description" . }}
-
-{{ template "chart.homepageLine" . }}
-
-## Setting up your BPNL and the Control Plane's Management API Key
-
-The secure API-Key that is shared between control and agent plane is configured in the following property:
-- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls).
-
-You should set your BPNL in the folloing property:
-- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding.
-
-## Setting up Azure Vault
-
-You should set your BPNL in the folloing property:
-- 'vault.azure.name': Name of the vault
-- 'vault.azure.client': Id of the registered application that this EDC represents
-- 'vault.azure.tenant': Id of the subscription that the vault runs into
-- 'vault.azure.secret' or 'vault.azure.certificate': the secret/credential to use when interacting with Azure Vault
-
-### Setting up the transfer token encryption
-
-Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
-you should setup a private/public certificate as well as a symmetric AES key.
- 
-- 'vault.secretNames.transferProxyTokenSignerPrivateKey': 
-- 'vault.secretNames.transferProxyTokenSignerPublicKey':
-- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
-
-## Setting up SSI
-
-### Preconditions
-
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
-  Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
-- the client ID and client secret corresponding to that account must be known
-
-### Preparatory work
-
-- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows:
- ```bash
- az keyvault secret set --vault-name <YOUR_VAULT_NAME> --name client-secret --value "$YOUR_CLIENT_SECRET"
- ```
- By default, Tractus-X EDC expects to find the secret under `client-secret`.
-
-
-### Configure the chart
-
-Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
-## Setting up the Agent Planes
-
-Make sure to adapt the Agent Plane's application-facing endpoint security:
-- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt)
-- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key
-- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault
-- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found
-- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true)
-
-Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here.  
-- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata.
-- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties.
-- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors.
-- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists.
-
-Be sure to adapt the agent configuration
-- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors.
-- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets.
-- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues.
-- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue.
-
-### Launching the application
-
-As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml)
-to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually.
-Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
-
-```shell
-helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector-azure-vault --version {{ .Version }}\
-     -f <path-to>/tractusx-connector-azure-vault-test.yaml \
-     --set vault.azure.name=$AZURE_VAULT_NAME \
-     --set vault.azure.client=$AZURE_CLIENT_ID \
-     --set vault.azure.secret=$AZURE_CLIENT_SECRET \
-     --set vault.azure.tenant=$AZURE_TENANT_ID
-```
-
-
-{{ template "chart.maintainersSection" . }}
-
-{{ template "chart.sourcesSection" . }}
-
-{{ template "chart.requirementsSection" . }}
-
-{{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}
diff --git a/charts/agent-connector-azure-vault/ci/integration-values.yaml b/charts/agent-connector-azure-vault/ci/integration-values.yaml
deleted file mode 100644
index 37cc28cb..00000000
--- a/charts/agent-connector-azure-vault/ci/integration-values.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
-install:
-  postgresql: true
-
-controlplane:
-  endpoints:
-    management:
-      authKey: "bla"
-  ssi:
-    miw:
-      url: "https://managed-identity-wallets.int"
-      authorityId: "BPNL0000000DUMMY"
-    oauth:
-      tokenurl: "https://keycloak/auth/realms/REALM/protocol/openid-connect/token"
-      client:
-        id: "serviceaccount"
-        secretAlias: "miw-secret"
-
-vault:
-  azure:
-    name: "AZURE_NAME"
-    tenant: "AZURE_TENANT"
-    client: "AZURE_CLIENT"
-    secret: "AZURE_SECRET"
-  hashicorp:
-    url: "https://vault.demo"
-    token: "VAULT_TOKEN"
-    paths:
-      secret: "/v1/secrets"
-  secretNames:
-    transferProxyTokenSignerPrivateKey: "key"
-    transferProxyTokenSignerPublicKey: "cert"
-    transferProxyTokenEncryptionAesKey: "symmetric-key"
-participant:
-  id: "BPNL0000000DUMMY"
diff --git a/charts/agent-connector-azure-vault/templates/NOTES.txt b/charts/agent-connector-azure-vault/templates/NOTES.txt
deleted file mode 100644
index 02f84e82..00000000
--- a/charts/agent-connector-azure-vault/templates/NOTES.txt
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
-#
-# See the NOTICE file(s) distributed with this work for additional
-# information regarding copyright ownership.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Apache License, Version 2.0 which is available at
-# https://www.apache.org/licenses/LICENSE-2.0.
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-
- 1. Get the control plane URL by running these commands:
-{{ with index .Values.controlplane.ingresses 0}}
-{{- if .enabled }}
-{{- range .paths }}
-  http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
-{{- end }}
-{{- else if contains "NodePort" $.Values.controlplane.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane)
-  export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }}
-{{- else if contains "ClusterIP" $.Values.controlplane.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-  echo "Visit http://127.0.0.1:8080 to use your application"
-{{- end }}
-{{- end }}
-
-2. Get the data plane URL(s) by running these commands:
-{{- range $dataplane_name, $dataplane := .Values.repositories }}
-{{ with index $dataplane.ingresses 0}}
-{{- if .enabled }}
-{{- range .paths }}
-  http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
-{{- end }}
-{{- else if contains "NodePort" $dataplane.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" $dataplane.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ $dataplane.service.port }}
-{{- else if contains "ClusterIP" $dataplane.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-  echo "Visit http://127.0.0.1:8080 to use your application"
-{{- end }}
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml b/charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml
deleted file mode 100644
index d69e0de8..00000000
--- a/charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  namespace: {{ .Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-data:
-  opentelemetry.properties: |-
-    {{- .Values.controlplane.opentelemetry | nindent 4 }}
-
-  logging.properties: |-
-    {{- .Values.controlplane.logging | nindent 4 }}
diff --git a/charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml b/charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml
deleted file mode 100644
index b5dda6ea..00000000
--- a/charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }}
-  namespace: {{ $root.Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-data:
-  opentelemetry.properties: |-
-    {{- $dataplane.opentelemetry | nindent 4 }}
-
-  logging.properties: |-
-    {{- $dataplane.logging | nindent 4 }}
-
-  {{- range $config_name, $config_value := $dataplane.configs }}
-  {{ $config_name }}: |-
-  {{ $config_value | nindent 4 }}
-  {{- end }}
-
-{{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml
deleted file mode 100644
index 2f064d2c..00000000
--- a/charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml
+++ /dev/null
@@ -1,367 +0,0 @@
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.controlplane.autoscaling.enabled }}
-  replicas: {{ .Values.controlplane.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.controlplane.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }}
-        {{- with .Values.controlplane.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "txdc.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
-      initContainers:
-        {{- toYaml .Values.controlplane.initContainers | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.controlplane.securityContext | nindent 12 }}
-
-          # either use the specified image, or use the default one
-          {{- if .Values.controlplane.image.repository }}
-          image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default "0.5.1" }}"
-          {{- else }}
-          image: "tractusx/edc-controlplane-postgresql-azure-vault:{{ .Values.controlplane.image.tag | default "0.5.1" }}"
-          {{- end }}
-          imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }}
-          ports:
-          {{- range $key,$value := .Values.controlplane.endpoints }}
-            - name: {{ $key }}
-              containerPort: {{ $value.port }}
-              protocol: TCP
-          {{- end }}
-          {{- if .Values.controlplane.livenessProbe.enabled }}
-          livenessProbe:
-            httpGet:
-              path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness
-              port: {{ .Values.controlplane.endpoints.default.port }}
-            initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }}
-            successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }}
-          {{- end }}
-          {{- if .Values.controlplane.readinessProbe.enabled }}
-          readinessProbe:
-            httpGet:
-              path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness
-              port: {{ .Values.controlplane.endpoints.default.port }}
-            initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }}
-            successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controlplane.resources | nindent 12 }}
-          env:
-          {{- if .Values.controlplane.debug.enabled }}
-            - name: "JAVA_TOOL_OPTIONS"
-            {{- if .Values.controlplane.debug.suspendOnStart }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }}
-            {{- else }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }}
-            {{- end }}
-          {{- end }}
-
-            ########################
-            ## ID CONFIGURATION ##
-            ########################
-            - name: EDC_PARTICIPANT_ID
-              value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
-
-            ##########################
-            # SSI / MIW CONFIGURATION
-            ##########################
-            - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.controlplane.ssi.miw.url | quote }}
-            - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.controlplane.ssi.miw.authorityId | quote }}
-            - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.controlplane.ssi.oauth.client.id | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }}
-            - name: "TX_SSI_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-
-            #######
-            # API #
-            #######
-            - name: "EDC_API_AUTH_KEY"
-              value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }}
-            - name: "WEB_HTTP_DEFAULT_PORT"
-              value: {{ .Values.controlplane.endpoints.default.port | quote }}
-            - name: "WEB_HTTP_DEFAULT_PATH"
-              value: {{ .Values.controlplane.endpoints.default.path | quote }}
-            - name: "WEB_HTTP_MANAGEMENT_PORT"
-              value: {{ .Values.controlplane.endpoints.management.port | quote }}
-            - name: "WEB_HTTP_MANAGEMENT_PATH"
-              value: {{ .Values.controlplane.endpoints.management.path | quote }}
-            - name: "WEB_HTTP_CONTROL_PORT"
-              value: {{ .Values.controlplane.endpoints.control.port | quote }}
-            - name: "WEB_HTTP_CONTROL_PATH"
-              value: {{ .Values.controlplane.endpoints.control.path | quote }}
-            - name: "WEB_HTTP_PROTOCOL_PORT"
-              value: {{ .Values.controlplane.endpoints.protocol.port | quote }}
-            - name: "WEB_HTTP_PROTOCOL_PATH"
-              value: {{ .Values.controlplane.endpoints.protocol.path | quote }}
-
-            #########
-            ## DSP ##
-            #########
-
-            - name: "EDC_DSP_CALLBACK_ADDRESS"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-            - name: "EDC_OAUTH_PROVIDER_AUDIENCE"
-              value: "idsc:IDS_CONNECTORS_ALL"
-            - name: "EDC_OAUTH_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }}
-
-            ################
-            ## POSTGRESQL ##
-            ################
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/asset-index-sql
-            - name: "EDC_DATASOURCE_ASSET_NAME"
-              value: "asset"
-            - name: "EDC_DATASOURCE_ASSET_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_ASSET_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_ASSET_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-definition-store-sql
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_NAME"
-              value: "contractdefinition"
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-negotiation-store-sql
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME"
-              value: "contractnegotiation"
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/policy-store-sql
-            - name: "EDC_DATASOURCE_POLICY_NAME"
-              value: "policy"
-            - name: "EDC_DATASOURCE_POLICY_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_POLICY_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_POLICY_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/transfer-process-store-sql
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_NAME"
-              value: "transferprocess"
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql
-            - name: "EDC_DATASOURCE_EDR_NAME"
-              value: "edr"
-            - name: "EDC_DATASOURCE_EDR_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_EDR_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_EDR_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            ################
-            ## DATA PLANE ##
-            ################
-
-          {{- range $dataplane_name, $dataplane := .Values.dataplanes }}
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_URL" (upper $dataplane.name) | quote }}
-              value: {{ include "txdc.dataplane.url.control" (dict "dataplane" $dataplane "root" $) }}/transfer
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_SOURCETYPES" (upper $dataplane.name) | quote }}
-              value: {{ $dataplane.sourceTypes }}
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_DESTINATIONTYPES" (upper $dataplane.name) | quote }}
-              value: {{ $dataplane.destinationTypes }}
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_PROPERTIES" (upper $dataplane.name) | quote }}
-              value: |-
-                {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" (dict "dataplane" $dataplane "root" $)) }}
-          {{- end }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer
-            - name: "EDC_TRANSFER_PROXY_ENDPOINT"
-              value: {{ include "txdc.dataplane.url.public"  (dict "dataplane" .Values.dataplanes.dataplane "root" $) }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }}
-            {{- end }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }}
-            {{- end }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver
-            {{- if .Values.backendService.httpProxyTokenReceiverUrl }}
-            - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT"
-              value: {{ .Values.backendService.httpProxyTokenReceiverUrl | quote }}
-            {{- end }}
-
-            ###########
-            ## VAULT ##
-            ###########
-
-            - name: "EDC_VAULT_CLIENTID"
-              value: {{ .Values.vault.azure.client | required ".Values.vault.azure.client is required" | quote  }}
-            - name: "EDC_VAULT_TENANTID"
-              value: {{ .Values.vault.azure.tenant | required ".Values.vault.azure.tenant is required" | quote }}
-            - name: "EDC_VAULT_NAME"
-              value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }}
-            # only set the env var if config value not null
-            {{- if .Values.vault.azure.secret }}
-            - name: "EDC_VAULT_CLIENTSECRET"
-              value: {{ .Values.vault.azure.secret | quote }}
-             {{- end }}
-            # only set the env var if config value not null
-            {{- if .Values.vault.azure.certificate }}
-            - name: "EDC_VAULT_CERTIFICATE"
-              value: {{ .Values.vault.azure.certificate | quote }}
-            {{- end }}
-
-            #####################
-            ## DATA ENCRYPTION ##
-            #####################
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/data-encryption
-            - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }}
-            - name: "EDC_DATA_ENCRYPTION_ALGORITHM"
-              value: "AES"
-
-            ###########################
-            ## AAS WRAPPER EXTENSION ##
-            ###########################
-            - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER"
-              value: "0"
-            - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT"
-              value: "0"
-
-            ###########################
-            ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ##
-            ###########################
-            - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION"
-              value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }}
-
-            ######################################
-            ## Additional environment variables ##
-            ######################################
-            - name: "EDC_CONNECTOR_NAME"
-              value: {{ include "txdc.fullname" .}}-controlplane
-          {{- range $key, $value := .Values.controlplane.envValueFrom }}
-            - name: {{ $key | quote }}
-              valueFrom:
-                {{- tpl (toYaml $value) $ | nindent 16 }}
-          {{- end }}
-          {{- range $key, $value := .Values.controlplane.env }}
-            - name: {{ $key | quote }}
-              value: {{ $value | quote }}
-          {{- end }}
-          {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }}
-          envFrom:
-          {{- range $value := .Values.controlplane.envSecretNames }}
-            - secretRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- range $value := .Values.controlplane.envConfigMapNames }}
-            - configMapRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- end }}
-          volumeMounts:
-            - name: "configuration"
-              mountPath: "/app/opentelemetry.properties"
-              subPath: "opentelemetry.properties"
-            - name: "configuration"
-              mountPath: "/app/logging.properties"
-              subPath: "logging.properties"
-            - name: "tmp"
-              mountPath: "/tmp"
-      volumes:
-        - name: "configuration"
-          configMap:
-            name: {{ include "txdc.fullname" . }}-controlplane
-            items:
-              - key: "opentelemetry.properties"
-                path: "opentelemetry.properties"
-              - key: "logging.properties"
-                path: "logging.properties"
-        - name: "tmp"
-          emptyDir: { }
-      {{- with .Values.controlplane.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controlplane.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controlplane.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml b/charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml
deleted file mode 100644
index 50c1dbb5..00000000
--- a/charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-{{- if .Values.controlplane.autoscaling.enabled }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "txdc.fullname" . }}-controlplane
-  minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml b/charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml
deleted file mode 100644
index 47806a8d..00000000
--- a/charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml
+++ /dev/null
@@ -1,99 +0,0 @@
-{{- $fullName := include "txdc.fullname" . }}
-{{- $controlLabels := include "txdc.controlplane.labels" . }}
-{{- $controlEdcEndpoints := .Values.controlplane.endpoints }}
-{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
-{{- $namespace := .Release.Namespace }}
-
-{{- range .Values.controlplane.ingresses }}
-{{- if and .enabled .endpoints }}
-{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }}
-{{- $annotations := .annotations | default dict }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- if semverCompare ">=1.19-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1beta1
-{{- else }}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $controlIngressName }}
-  namespace: {{ $namespace | default "default" | quote }}
-  labels:
-    {{- $controlLabels | nindent 4 }}
-  annotations:
-    {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }}
-    {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }}
-    {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}}
-    {{- end }}
-    {{- end }}
-    {{- if .certManager }}
-    {{- if .certManager.issuer }}
-    {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}}
-    {{- end }}
-    {{- if .certManager.clusterIssuer }}
-    {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}}
-    {{- end }}
-    {{- end }}
-    {{- with $annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }}
-  ingressClassName: {{ .className }}
-  {{- end }}
-  {{- if .hostname }}
-  {{- if .tls.enabled }}
-  tls:
-    - hosts:
-        - {{ .hostname }}
-      {{- if .tls.secretName }}
-      secretName: {{ .tls.secretName }}
-      {{- else }}
-      secretName: {{ $controlIngressName }}-tls
-      {{- end }}
-  {{- end }}
-  rules:
-    - host: {{ .hostname }}
-      http:
-        paths:
-          {{- $ingressEdcEndpoints := .endpoints }}
-          {{- range  $name, $mapping := $controlEdcEndpoints }}
-          {{- if (has $name $ingressEdcEndpoints) }}
-          - path: {{ $mapping.path }}
-            pathType: Prefix
-            backend:
-              {{- if semverCompare ">=1.19-0" $gitVersion }}
-              service:
-                name: {{ $fullName }}-controlplane
-                port:
-                  number: {{ $mapping.port }}
-              {{- else }}
-              {{- end }}
-        {{- end }}
-  {{- end }}
-  {{- end }}
-{{- end }}{{- /* end: if .enabled */}}
-{{- end }}{{- /* end: range .Values.ingresses */}}
diff --git a/charts/agent-connector-azure-vault/templates/networkpolicy.yaml b/charts/agent-connector-azure-vault/templates/networkpolicy.yaml
deleted file mode 100644
index 05b59029..00000000
--- a/charts/agent-connector-azure-vault/templates/networkpolicy.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-{{- if eq (.Values.networkPolicy.enabled | toString) "true" }}
-{{- range tuple "controlplane" "dataplane" }}
-{{- $name := . }}
----
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ include "txdc.fullname" $ }}-{{ $name }}
-  labels:
-    {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }}
-  ingress:
-    - from:
-      {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }}
-      ports:
-      {{- range $key,$value := (index $.Values $name "endpoints") }}
-        - port: {{ $value.port }}
-          protocol: TCP
-      {{- end }}
-  policyTypes:
-    - Ingress
----
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/service-controlplane.yaml b/charts/agent-connector-azure-vault/templates/service-controlplane.yaml
deleted file mode 100644
index e993b46d..00000000
--- a/charts/agent-connector-azure-vault/templates/service-controlplane.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  namespace: {{ .Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.controlplane.service.type }}
-  ports:
-    - port: {{ .Values.controlplane.endpoints.default.port }}
-      targetPort: default
-      protocol: TCP
-      name: default
-    - port: {{ .Values.controlplane.endpoints.control.port }}
-      targetPort: control
-      protocol: TCP
-      name: control
-    - port: {{ .Values.controlplane.endpoints.management.port }}
-      targetPort: management
-      protocol: TCP
-      name: management
-    - port: {{ .Values.controlplane.endpoints.protocol.port }}
-      targetPort: protocol
-      protocol: TCP
-      name: protocol
-    - port: {{ .Values.controlplane.endpoints.metrics.port }}
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
-  selector:
-    {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }}
diff --git a/charts/agent-connector-azure-vault/templates/service-dataplane.yaml b/charts/agent-connector-azure-vault/templates/service-dataplane.yaml
deleted file mode 100644
index 71619f89..00000000
--- a/charts/agent-connector-azure-vault/templates/service-dataplane.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
-  namespace: {{ $root.Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-spec:
-  type: {{ $dataplane.service.type }}
-  ports:
-    - port: {{ $dataplane.endpoints.default.port }}
-      targetPort: default
-      protocol: TCP
-      name: default
-    - port: {{ $dataplane.endpoints.control.port }}
-      targetPort: control
-      protocol: TCP
-      name: control
-    - port: {{ $dataplane.endpoints.public.port }}
-      targetPort: public
-      protocol: TCP
-      name: public
-    - port: {{ $dataplane.endpoints.metrics.port }}
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
-    - port: {{ $dataplane.endpoints.proxy.port }}
-      targetPort: proxy
-      protocol: TCP
-      name: proxy
-  {{- if $dataplane.endpoints.callback }}
-    - port: {{ $dataplane.endpoints.callback.port }}
-      targetPort: callback
-      protocol: TCP
-      name: callback
-  {{- end }}
-  selector:
-    {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml b/charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml
deleted file mode 100644
index efd6f3b1..00000000
--- a/charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{include "txdc.fullname" .}}test-controlplane-readiness"
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-    "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }}
-spec:
-  containers:
-    - name: wget
-      image: curlimages/curl
-      command: [ 'curl' ]
-      args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ]
-  restartPolicy: Never
diff --git a/charts/agent-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml b/charts/agent-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml
deleted file mode 100644
index 2147c743..00000000
--- a/charts/agent-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- $root := . -}}
-{{- $allcommands := (dict "commands" (list)) -}}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes -}}
-{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path  | append $allcommands.commands | set $allcommands "commands" -}}
-{{- end }}
-
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{include "txdc.fullname" .}}test-dataplane-readiness"
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" .Values.dataplanes.dataplane "root" $root) | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-    "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }}
-spec:
-  containers:
-    - name: wget
-      image: curlimages/curl
-      command: [ '/bin/sh','-c' ]
-      args: [ {{ join "&&" $allcommands.commands | quote }} ]
-  restartPolicy: Never
diff --git a/charts/agent-connector-azure-vault/values.yaml b/charts/agent-connector-azure-vault/values.yaml
deleted file mode 100644
index 4973afa3..00000000
--- a/charts/agent-connector-azure-vault/values.yaml
+++ /dev/null
@@ -1,622 +0,0 @@
-#
-#  Copyright (c) 2023,2024 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
-
----
-# Default values for agent-connector.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-install:
-  postgresql: true
-fullnameOverride: ""
-nameOverride: ""
-# -- Image registry to use
-imageRegistry: docker.io/
-# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
-imagePullSecrets: []
-# -- To add some custom labels
-customLabels: {}
-
-participant:
-  # -- BPN Number
-  id: ""
-
-controlplane:
-  image:
-    # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically
-    repository: ""
-    # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
-    pullPolicy: IfNotPresent
-    # -- Overrides the image tag whose default is the chart appVersion
-    tag: ""
-  initContainers: []
-  debug:
-    enabled: false
-    port: 1044
-    suspendOnStart: false
-  livenessProbe:
-    # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-    enabled: true
-    # -- seconds to wait before performing the first liveness check
-    initialDelaySeconds: 30
-    # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-    periodSeconds: 10
-    # -- number of seconds after which the probe times out
-    timeoutSeconds: 5
-    # -- when a probe fails kubernetes will try 6 times before giving up
-    failureThreshold: 6
-    # -- number of consecutive successes for the probe to be considered successful after having failed
-    successThreshold: 1
-  readinessProbe:
-    # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-    enabled: true
-    # -- seconds to wait before performing the first readiness check
-    initialDelaySeconds: 30
-    # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds
-    periodSeconds: 10
-    # -- number of seconds after which the probe times out
-    timeoutSeconds: 5
-    # -- when a probe fails kubernetes will try 6 times before giving up
-    failureThreshold: 6
-    # -- number of consecutive successes for the probe to be considered successful after having failed
-    successThreshold: 1
-  # -- endpoints of the control plane
-  endpoints:
-    # -- default api for health checks, should not be added to any ingress
-    default:
-      # -- port for incoming api calls
-      port: 8080
-      # -- path for incoming api calls
-      path: /api
-    # -- data management api, used by internal users, can be added to an ingress and must not be internet facing
-    management:
-      # -- port for incoming api calls
-      port: 8081
-      # -- path for incoming api calls
-      path: /management
-      # -- authentication key, must be attached to each 'X-Api-Key' request header
-      authKey: ""
-    # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
-    control:
-      # -- port for incoming api calls
-      port: 8083
-      # -- path for incoming api calls
-      path: /control
-    # -- dsp api, used for inter connector communication and must be internet facing
-    protocol:
-      # -- port for incoming api calls
-      port: 8084
-      # -- path for incoming api calls
-      path: /api/v1/dsp
-    # -- metrics api, used for application metrics, must not be internet facing
-    metrics:
-      # -- port for incoming api calls
-      port: 9090
-      # -- path for incoming api calls
-      path: /metrics
-
-  businessPartnerValidation:
-    log:
-      agreementValidation: true
-
-  # SSI configuration
-  ssi:
-    miw:
-      # -- MIW URL
-      url: ""
-      # -- The BPN of the issuer authority
-      authorityId: ""
-    oauth:
-      # -- The URL (of KeyCloak), where access tokens can be obtained
-      tokenurl: ""
-      client:
-        # -- The client ID for KeyCloak
-        id: ""
-        # -- The alias under which the client secret is stored in the vault.
-        secretAlias: ""
-
-  service:
-    # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
-    type: ClusterIP
-    annotations: {}
-  # -- additional labels for the pod
-  podLabels: {}
-  # -- additional annotations for the pod
-  podAnnotations: {}
-  # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
-  podSecurityContext:
-    seccompProfile:
-      # -- Restrict a Container's Syscalls with seccomp
-      type: RuntimeDefault
-    # -- Runs all processes within a pod with a special uid
-    runAsUser: 10001
-    # -- Processes within a pod will belong to this guid
-    runAsGroup: 10001
-    # -- The owner for volumes and any files created within volumes will belong to this guid
-    fsGroup: 10001
-  # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
-  securityContext:
-    capabilities:
-      # -- Specifies which capabilities to drop to reduce syscall attack surface
-      drop:
-        - ALL
-      # -- Specifies which capabilities to add to issue specialized syscalls
-      add: []
-    # -- Whether the root filesystem is mounted in read-only mode
-    readOnlyRootFilesystem: true
-    # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
-    allowPrivilegeEscalation: false
-    # -- Requires the container to run without root privileges
-    runAsNonRoot: true
-    # -- The container's process will run with the specified uid
-    runAsUser: 10001
-  # Extra environment variables that will be pass onto deployment pods
-  env: {
-    EDC_JSONLD_HTTPS_ENABLED: "true"
-  }
-  #  ENV_NAME: value
-
-  # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
-  # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
-  envValueFrom: {}
-  #  ENV_NAME:
-  #    configMapKeyRef:
-  #      name: configmap-name
-  #      key: value_key
-  #    secretKeyRef:
-  #      name: secret-name
-  #      key: value_key
-
-  # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
-  envSecretNames: []
-  #  - first-secret
-  #  - second-secret
-
-  # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
-  envConfigMapNames: []
-  #  - first-config-map
-  #  - second-config-map
-
-  ## Ingress declaration to expose the network service.
-  ingresses:
-    ## Public / Internet facing Ingress
-    - enabled: false
-      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-      hostname: "edc-control.local"
-      # -- Additional ingress annotations to add
-      annotations: {}
-      # -- EDC endpoints exposed by this ingress resource
-      endpoints:
-        - protocol
-      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-      className: ""
-      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-      tls:
-        # -- Enables TLS on the ingress resource
-        enabled: false
-        # -- If present overwrites the default secret name
-        secretName: ""
-      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-      certManager:
-        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-        issuer: ""
-        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-        clusterIssuer: ""
-    ## Private / Intranet facing Ingress
-    - enabled: false
-      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-      hostname: "edc-control.intranet"
-      # -- Additional ingress annotations to add
-      annotations: {}
-      # -- EDC endpoints exposed by this ingress resource
-      endpoints:
-        - management
-        - control
-      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-      className: ""
-      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-      tls:
-        # -- Enables TLS on the ingress resource
-        enabled: false
-        # -- If present overwrites the default secret name
-        secretName: ""
-      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-      certManager:
-        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-        issuer: ""
-        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-        clusterIssuer: ""
-  # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
-  volumeMounts: []
-  # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
-  volumes: []
-  # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-  resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  limits:
-    cpu: 1.5
-    memory: 512Mi
-  requests:
-    cpu: 500m
-    memory: 128Mi
-  replicaCount: 1
-  autoscaling:
-    # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
-    enabled: false
-    # -- Minimal replicas if resource consumption falls below resource threshholds
-    minReplicas: 1
-    # -- Maximum replicas if resource consumption exceeds resource threshholds
-    maxReplicas: 100
-    # -- targetAverageUtilization of cpu provided to a pod
-    targetCPUUtilizationPercentage: 80
-    # -- targetAverageUtilization of memory provided to a pod
-    targetMemoryUtilizationPercentage: 80
-  # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
-  opentelemetry: |-
-    otel.javaagent.enabled=false
-    otel.javaagent.debug=false
-  # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
-  logging: |-
-    .level=INFO
-    org.eclipse.edc.level=ALL
-    handlers=java.util.logging.ConsoleHandler
-    java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-    java.util.logging.ConsoleHandler.level=ALL
-    java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-
-  # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
-  nodeSelector: {}
-  # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
-  tolerations: []
-  # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
-  affinity: {}
-
-  url:
-    # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used)
-    protocol: ""
-dataplanes:
-  dataplane:
-    # -- the name of the dataplane
-    name: "agentplane"
-    # -- a comma-separated list of supported asset types
-    sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"
-    # -- a comma-separated list of supported transfer types
-    destinationTypes: "HttpProxy,AmazonS3"
-    image:
-      # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically
-      repository: ""
-      # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
-      pullPolicy: IfNotPresent
-      # -- Overrides the image tag whose default is the chart appVersion
-      tag: ""
-    initContainers: []
-    debug:
-      enabled: false
-      port: 1044
-      suspendOnStart: false
-    livenessProbe:
-      # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-      enabled: true
-      # -- seconds to wait before performing the first liveness check
-      initialDelaySeconds: 30
-      # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-      periodSeconds: 10
-      # -- number of seconds after which the probe times out
-      timeoutSeconds: 5
-      # -- when a probe fails kubernetes will try 6 times before giving up
-      failureThreshold: 6
-      # -- number of consecutive successes for the probe to be considered successful after having failed
-      successThreshold: 1
-    readinessProbe:
-      # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-      enabled: true
-      # -- seconds to wait before performing the first readiness check
-      initialDelaySeconds: 30
-      # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-      periodSeconds: 10
-      # -- number of seconds after which the probe times out
-      timeoutSeconds: 5
-      # -- when a probe fails kubernetes will try 6 times before giving up
-      failureThreshold: 6
-      # -- number of consecutive successes for the probe to be considered successful after having failed
-      successThreshold: 1
-    service:
-      # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
-      type: ClusterIP
-      port: 80
-    endpoints:
-      default:
-        port: 8080
-        path: /api
-      public:
-        port: 8081
-        path: /api/public
-      control:
-        port: 8083
-        path: /api/dataplane/control
-      proxy:
-        port: 8186
-        path: /proxy
-      callback:
-        port: 8087
-        path: /callback
-      metrics:
-        port: 9090
-        path: /metrics
-    # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
-    auth:
-      # -- the default authentication service
-      default:
-        # -- the type of the default authentication service (api-key, jwt or composite)
-        type: api-key
-        # -- the context(s) of the default authentication service separated by commas
-        context: default
-        # -- excluded paths for liveness checks and validation
-        exclude: ".*/(check|validation).*"
-        # -- controls whether this service should be registered as the default EDC authentication service globally
-        register: false
-        # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart.
-        apiCode: "69609650"
-        # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead
-        vaultKey:
-        # -- public key for checking the validity of jwt tokens, set this when type=jwt
-        publicKey:
-        # -- controls whether the expiry date of jwt tokens is checked when type=jwt
-        checkExpiry: true
-    aws:
-      endpointOverride: ""
-      accessKeyId: ""
-      secretAccessKey: ""
-    # -- additional labels for the pod
-    podLabels: {}
-    # -- additional annotations for the pod
-    podAnnotations: {}
-    # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
-    podSecurityContext:
-      seccompProfile:
-        # -- Restrict a Container's Syscalls with seccomp
-        type: RuntimeDefault
-      # -- Runs all processes within a pod with a special uid
-      runAsUser: 10001
-      # -- Processes within a pod will belong to this guid
-      runAsGroup: 10001
-      # -- The owner for volumes and any files created within volumes will belong to this guid
-      fsGroup: 10001
-    # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
-    securityContext:
-      capabilities:
-        # -- Specifies which capabilities to drop to reduce syscall attack surface
-        drop:
-          - ALL
-        # -- Specifies which capabilities to add to issue specialized syscalls
-        add: []
-      # -- Whether the root filesystem is mounted in read-only mode
-      readOnlyRootFilesystem: true
-      # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
-      allowPrivilegeEscalation: false
-      # -- Requires the container to run without root privileges
-      runAsNonRoot: true
-      # -- The container's process will run with the specified uid
-      runAsUser: 10001
-    # Extra environment variables that will be pass onto deployment pods
-    env: {}
-    #  ENV_NAME: value
-
-    # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
-    # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
-    envValueFrom: {}
-    #  ENV_NAME:
-    #    configMapKeyRef:
-    #      name: configmap-name
-    #      key: value_key
-    #    secretKeyRef:
-    #      name: secret-name
-    #      key: value_key
-
-    # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
-    envSecretNames: []
-    #  - first-secret
-    #  - second-secret
-
-    # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
-    envConfigMapNames: []
-    #  - first-config-map
-    #  - second-config-map
-
-    ## Ingress declaration to expose the network service.
-    ingresses:
-      ## Public / Internet facing Ingress
-      - enabled: false
-        # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-        hostname: "edc-data.local"
-        # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"}
-        annotations:
-            # Sample settings for more demanding use cases
-            # nginx.org/proxy-connect-timeout: "30s"
-            # nginx.org/proxy-read-timeout: "360s"
-            # nginx.org/client-max-body-size: "10m"
-        # -- EDC endpoints exposed by this ingress resource
-        endpoints:
-          - public
-        # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-        className: ""
-        # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-        tls:
-          # -- Enables TLS on the ingress resource
-          enabled: false
-          # -- If present overwrites the default secret name
-          secretName: ""
-        ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-        certManager:
-          # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-          issuer: ""
-          # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-          clusterIssuer: ""
-    # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
-    volumeMounts: []
-    # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
-    volumes: []
-    # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-    resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    limits:
-      cpu: 1.5
-      memory: 1024Mi
-    requests:
-      cpu: 500m
-      memory: 128Mi
-    replicaCount: 1
-    autoscaling:
-      # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
-      enabled: false
-      # -- Minimal replicas if resource consumption falls below resource threshholds
-      minReplicas: 1
-      # -- Maximum replicas if resource consumption exceeds resource threshholds
-      maxReplicas: 100
-      # -- targetAverageUtilization of cpu provided to a pod
-      targetCPUUtilizationPercentage: 80
-      # -- targetAverageUtilization of memory provided to a pod
-      targetMemoryUtilizationPercentage: 80
-    # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
-    opentelemetry: |-
-      otel.javaagent.enabled=false
-      otel.javaagent.debug=false
-    # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
-    logging: |-
-      .level=INFO
-      org.eclipse.edc.level=ALL
-      handlers=java.util.logging.ConsoleHandler
-      java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-      java.util.logging.ConsoleHandler.level=ALL
-      java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-    # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
-    nodeSelector: {}
-    # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
-    tolerations: []
-    # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
-    affinity: {}
-    url:
-      # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
-      public: ""
-    # -- A set of additional configuration files
-    configs:
-      # -- An example of an empty graph in ttl syntax
-      dataspace.ttl: |
-        #################################################################
-        # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT
-        #################################################################
-        @prefix : <GraphAsset?local=Dataspace> .
-        @base <GraphAsset?local=Dataspace> .
-    # -- Agent-Specific Settings
-    agent:
-      # -- Refers to an external matchmaking agent, set to a url string
-      matchmaking: {}
-      # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
-      default:
-        - dataspace.ttl
-        - https://w3id.org/catenax/ontology.ttl
-      # -- The synchronization interval in ms to update the federated data catalogue
-      synchronization: -1
-      # -- The list of remote connector IDS URLs to synchronize with
-      connectors: []
-      # -- Names the visible contract under which new skills are published (if not otherwise specified)
-      skillcontract: Contract?partner=Skill
-      # -- Sets the maximal batch size when delegating to agents and services
-      maxbatchsize: '9223372036854775807'
-      # -- A set of configs for regulating outgoing service calls
-      services:
-        # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
-        allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)'
-        # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
-        deny: 'http://.*'
-        # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given)
-        asset:
-          # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
-          allow: '(edcs?://.*)'
-          # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
-          deny: 'https?://.*'
-
-# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
-postgresql:
-  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
-  primary:
-    persistence:
-      enabled: false
-  readReplicas:
-    persistence:
-      enabled: false
-  auth:
-    database: "edc"
-    username: "user"
-    password: "password"
-vault:
-  azure:
-    name: ""
-    client: ""
-    tenant: ""
-    secret:
-    certificate:
-  secretNames:
-    transferProxyTokenSignerPrivateKey:
-    transferProxyTokenSignerPublicKey:
-    transferProxyTokenEncryptionAesKey:
-
-backendService:
-  httpProxyTokenReceiverUrl: ""
-
-networkPolicy:
-  # -- If `true` network policy will be created to restrict access to control- and dataplane
-  enabled: false
-  # -- Configuration of the controlplane component
-  controlplane:
-    # -- Specify from rule network policy for cp (defaults to all namespaces)
-    from:
-      - namespaceSelector: {}
-  # -- Configuration of the dataplane component
-  dataplane:
-    # -- Specify from rule network policy for dp (defaults to all namespaces)
-    from:
-      - namespaceSelector: {}
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-  # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
-  imagePullSecrets: []
-
-# -- Configurations for Helm tests
-tests:
-  # -- Configure the hook-delete-policy for Helm tests
-  hookDeletePolicy: before-hook-creation,hook-succeeded
diff --git a/charts/agent-connector-memory/README.md b/charts/agent-connector-memory/README.md
deleted file mode 100644
index 75d92e31..00000000
--- a/charts/agent-connector-memory/README.md
+++ /dev/null
@@ -1,373 +0,0 @@
-<!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0.
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
-
--->
-
-# agent-connector-memory
-
-![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square)
-
-A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector using In-Memory Persistence. This is a variant of [the Tractus-X In-Memory Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory) which allows
-to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
-Control Plane and one or several Data Planes. Note that _no_ external dependencies such as HashiCorp Vault are included.
-
-This chart is intended for use with an _existing_ HashiCorp Vault.
-
-**Homepage:** <https://github.com/eclipse-tractusx/knowledge-agents-edc/>
-
-## Setting up your BPNL and the Control Plane's Management API Key
-
-The secure API-Key that is shared between control and agent plane is configured in the following property:
-- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls).
-
-You should set your BPNL in the folloing property:
-- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding.
-
-## Setting up Hashicorp Vault
-
-You should set configure access to required secrets as follows:
-- 'vault.hashicorp.url': URL of the vault API
-- 'vault.hashicorp.token': A valid, generated access token.
-- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1)
-
-### Setting up the transfer token encryption
-
-Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
-you should setup a private/public certificate as well as a symmetric AES key.
-
-- 'vault.secretNames.transferProxyTokenSignerPrivateKey':
-- 'vault.secretNames.transferProxyTokenSignerPublicKey':
-- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
-
-## Setting up SSI
-
-### Preconditions
-
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
-  Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
-- the client ID and client secret corresponding to that account must be known
-
-### Preparatory work
-
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
-
-### Configure the chart
-
-Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
-## Setting up the Agent Planes
-
-Make sure to adapt the Agent Plane's application-facing endpoint security:
-- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt)
-- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key
-- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault
-- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found
-- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true)
-
-Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. 
-- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata.
-- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties.
-- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors.
-- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists.
-
-Be sure to adapt the agent configuration
-- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors.
-- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets.
-- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues.
-- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue.
-
-### Launching the application
-
-As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml)
-to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually.
-Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
-
-```shell
-helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector --version 1.12.18-SNAPSHOT
-```
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| Tractus-X Knowledge Agents Team |  |  |
-
-## Source Code
-
-* <https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector>
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| backendService.httpProxyTokenReceiverUrl | string | `""` |  |
-| controlplane.affinity | object | `{}` |  |
-| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
-| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
-| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
-| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
-| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
-| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` |  |
-| controlplane.debug.enabled | bool | `false` |  |
-| controlplane.debug.port | int | `1044` |  |
-| controlplane.debug.suspendOnStart | bool | `false` |  |
-| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
-| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
-| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
-| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
-| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
-| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls |
-| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls |
-| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
-| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
-| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
-| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
-| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing |
-| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls |
-| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls |
-| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
-| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
-| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
-| controlplane.env.EDC_JSONLD_HTTPS_ENABLED | string | `"true"` |  |
-| controlplane.envConfigMapNames | list | `[]` |  |
-| controlplane.envSecretNames | list | `[]` |  |
-| controlplane.envValueFrom | object | `{}` |  |
-| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
-| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically |
-| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add |
-| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| controlplane.ingresses[0].enabled | bool | `false` |  |
-| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource |
-| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
-| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add |
-| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| controlplane.ingresses[1].enabled | bool | `false` |  |
-| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource |
-| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name |
-| controlplane.initContainers | list | `[]` |  |
-| controlplane.limits.cpu | float | `1.5` |  |
-| controlplane.limits.memory | string | `"512Mi"` |  |
-| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
-| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
-| controlplane.nodeSelector | object | `{}` |  |
-| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
-| controlplane.podAnnotations | object | `{}` | additional annotations for the pod |
-| controlplane.podLabels | object | `{}` | additional labels for the pod |
-| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
-| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
-| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
-| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
-| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
-| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds |
-| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| controlplane.replicaCount | int | `1` |  |
-| controlplane.requests.cpu | string | `"500m"` |  |
-| controlplane.requests.memory | string | `"128Mi"` |  |
-| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
-| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
-| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
-| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
-| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
-| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
-| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
-| controlplane.service.annotations | object | `{}` |  |
-| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
-| controlplane.ssi.miw.url | string | `""` | MIW URL |
-| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. |
-| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
-| controlplane.tolerations | list | `[]` |  |
-| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
-| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
-| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
-| customLabels | object | `{}` | To add some custom labels |
-| dataplanes.dataplane.affinity | object | `{}` |  |
-| dataplanes.dataplane.agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"matchmaking":{},"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
-| dataplanes.dataplane.agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with |
-| dataplanes.dataplane.agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
-| dataplanes.dataplane.agent.matchmaking | object | `{}` | Refers to an external matchmaking agent, set to a url string |
-| dataplanes.dataplane.agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services |
-| dataplanes.dataplane.agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls |
-| dataplanes.dataplane.agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) |
-| dataplanes.dataplane.agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) |
-| dataplanes.dataplane.agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue |
-| dataplanes.dataplane.auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries |
-| dataplanes.dataplane.auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service |
-| dataplanes.dataplane.auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. |
-| dataplanes.dataplane.auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt |
-| dataplanes.dataplane.auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas |
-| dataplanes.dataplane.auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation |
-| dataplanes.dataplane.auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt |
-| dataplanes.dataplane.auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally |
-| dataplanes.dataplane.auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) |
-| dataplanes.dataplane.auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead |
-| dataplanes.dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
-| dataplanes.dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
-| dataplanes.dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
-| dataplanes.dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
-| dataplanes.dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
-| dataplanes.dataplane.aws.accessKeyId | string | `""` |  |
-| dataplanes.dataplane.aws.endpointOverride | string | `""` |  |
-| dataplanes.dataplane.aws.secretAccessKey | string | `""` |  |
-| dataplanes.dataplane.configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
-| dataplanes.dataplane.configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
-| dataplanes.dataplane.debug.enabled | bool | `false` |  |
-| dataplanes.dataplane.debug.port | int | `1044` |  |
-| dataplanes.dataplane.debug.suspendOnStart | bool | `false` |  |
-| dataplanes.dataplane.destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
-| dataplanes.dataplane.endpoints.callback.path | string | `"/callback"` |  |
-| dataplanes.dataplane.endpoints.callback.port | int | `8087` |  |
-| dataplanes.dataplane.endpoints.control.path | string | `"/api/dataplane/control"` |  |
-| dataplanes.dataplane.endpoints.control.port | int | `8083` |  |
-| dataplanes.dataplane.endpoints.default.path | string | `"/api"` |  |
-| dataplanes.dataplane.endpoints.default.port | int | `8080` |  |
-| dataplanes.dataplane.endpoints.metrics.path | string | `"/metrics"` |  |
-| dataplanes.dataplane.endpoints.metrics.port | int | `9090` |  |
-| dataplanes.dataplane.endpoints.proxy.path | string | `"/proxy"` |  |
-| dataplanes.dataplane.endpoints.proxy.port | int | `8186` |  |
-| dataplanes.dataplane.endpoints.public.path | string | `"/api/public"` |  |
-| dataplanes.dataplane.endpoints.public.port | int | `8081` |  |
-| dataplanes.dataplane.env | object | `{}` |  |
-| dataplanes.dataplane.envConfigMapNames | list | `[]` |  |
-| dataplanes.dataplane.envSecretNames | list | `[]` |  |
-| dataplanes.dataplane.envValueFrom | object | `{}` |  |
-| dataplanes.dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
-| dataplanes.dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
-| dataplanes.dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| dataplanes.dataplane.ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} |
-| dataplanes.dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| dataplanes.dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| dataplanes.dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| dataplanes.dataplane.ingresses[0].enabled | bool | `false` |  |
-| dataplanes.dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource |
-| dataplanes.dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| dataplanes.dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| dataplanes.dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| dataplanes.dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
-| dataplanes.dataplane.initContainers | list | `[]` |  |
-| dataplanes.dataplane.limits.cpu | float | `1.5` |  |
-| dataplanes.dataplane.limits.memory | string | `"1024Mi"` |  |
-| dataplanes.dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| dataplanes.dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| dataplanes.dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
-| dataplanes.dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| dataplanes.dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| dataplanes.dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| dataplanes.dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
-| dataplanes.dataplane.name | string | `"agentplane"` | the name of the dataplane |
-| dataplanes.dataplane.nodeSelector | object | `{}` |  |
-| dataplanes.dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
-| dataplanes.dataplane.podAnnotations | object | `{}` | additional annotations for the pod |
-| dataplanes.dataplane.podLabels | object | `{}` | additional labels for the pod |
-| dataplanes.dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
-| dataplanes.dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
-| dataplanes.dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
-| dataplanes.dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
-| dataplanes.dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| dataplanes.dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| dataplanes.dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| dataplanes.dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
-| dataplanes.dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| dataplanes.dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| dataplanes.dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| dataplanes.dataplane.replicaCount | int | `1` |  |
-| dataplanes.dataplane.requests.cpu | string | `"500m"` |  |
-| dataplanes.dataplane.requests.memory | string | `"128Mi"` |  |
-| dataplanes.dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
-| dataplanes.dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
-| dataplanes.dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
-| dataplanes.dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
-| dataplanes.dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
-| dataplanes.dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
-| dataplanes.dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
-| dataplanes.dataplane.service.port | int | `80` |  |
-| dataplanes.dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| dataplanes.dataplane.sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
-| dataplanes.dataplane.tolerations | list | `[]` |  |
-| dataplanes.dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
-| dataplanes.dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
-| dataplanes.dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
-| fullnameOverride | string | `""` |  |
-| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| imageRegistry | string | `"docker.io/"` | Image registry to use |
-| install.vault | bool | `false` |  |
-| nameOverride | string | `""` |  |
-| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component |
-| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) |
-| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component |
-| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
-| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
-| participant.id | string | `""` | BPN Number |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| serviceAccount.name | string | `""` |  |
-| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
-| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
-| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
-| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api |
-| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false |
-| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false |
-| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false |
-| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
-| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
-| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
diff --git a/charts/agent-connector-memory/templates/configmap-controlplane.yaml b/charts/agent-connector-memory/templates/configmap-controlplane.yaml
deleted file mode 100644
index d69e0de8..00000000
--- a/charts/agent-connector-memory/templates/configmap-controlplane.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  namespace: {{ .Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-data:
-  opentelemetry.properties: |-
-    {{- .Values.controlplane.opentelemetry | nindent 4 }}
-
-  logging.properties: |-
-    {{- .Values.controlplane.logging | nindent 4 }}
diff --git a/charts/agent-connector-memory/templates/deployment-controlplane.yaml b/charts/agent-connector-memory/templates/deployment-controlplane.yaml
deleted file mode 100644
index f379c8ec..00000000
--- a/charts/agent-connector-memory/templates/deployment-controlplane.yaml
+++ /dev/null
@@ -1,302 +0,0 @@
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.controlplane.autoscaling.enabled }}
-  replicas: {{ .Values.controlplane.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.controlplane.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }}
-        {{- with .Values.controlplane.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "txdc.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
-      initContainers:
-        {{- toYaml .Values.controlplane.initContainers | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.controlplane.securityContext | nindent 12 }}
-
-          # either use the specified image, or use the default one
-          {{- if .Values.controlplane.image.repository }}
-          image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default "0.5.1" }}"
-          {{- else }}
-          image: "tractusx/edc-controlplane-memory-hashicorp-vault:{{ .Values.controlplane.image.tag | default "0.5.1" }}"
-          {{- end }}
-          imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }}
-          ports:
-          {{- range $key,$value := .Values.controlplane.endpoints }}
-            - name: {{ $key }}
-              containerPort: {{ $value.port }}
-              protocol: TCP
-          {{- end }}
-          {{- if .Values.controlplane.livenessProbe.enabled }}
-          livenessProbe:
-            httpGet:
-              path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness
-              port: {{ .Values.controlplane.endpoints.default.port }}
-            initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }}
-            successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }}
-          {{- end }}
-          {{- if .Values.controlplane.readinessProbe.enabled }}
-          readinessProbe:
-            httpGet:
-              path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness
-              port: {{ .Values.controlplane.endpoints.default.port }}
-            initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }}
-            successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controlplane.resources | nindent 12 }}
-          env:
-          {{- if .Values.controlplane.debug.enabled }}
-            - name: "JAVA_TOOL_OPTIONS"
-            {{- if .Values.controlplane.debug.suspendOnStart }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }}
-            {{- else }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }}
-            {{- end }}
-          {{- end }}
-
-            ########################
-            ## ID CONFIGURATION ##
-            ########################
-            - name: EDC_PARTICIPANT_ID
-              value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
-
-            ##########################
-            # SSI / MIW CONFIGURATION
-            ##########################
-            - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.controlplane.ssi.miw.url | quote }}
-            - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.controlplane.ssi.miw.authorityId | quote }}
-            - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.controlplane.ssi.oauth.client.id | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }}
-            - name: "TX_SSI_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-
-            #######
-            # API #
-            #######
-            - name: "EDC_API_AUTH_KEY"
-              value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }}
-            - name: "WEB_HTTP_DEFAULT_PORT"
-              value: {{ .Values.controlplane.endpoints.default.port | quote }}
-            - name: "WEB_HTTP_DEFAULT_PATH"
-              value: {{ .Values.controlplane.endpoints.default.path | quote }}
-            - name: "WEB_HTTP_MANAGEMENT_PORT"
-              value: {{ .Values.controlplane.endpoints.management.port | quote }}
-            - name: "WEB_HTTP_MANAGEMENT_PATH"
-              value: {{ .Values.controlplane.endpoints.management.path | quote }}
-            - name: "WEB_HTTP_CONTROL_PORT"
-              value: {{ .Values.controlplane.endpoints.control.port | quote }}
-            - name: "WEB_HTTP_CONTROL_PATH"
-              value: {{ .Values.controlplane.endpoints.control.path | quote }}
-            - name: "WEB_HTTP_PROTOCOL_PORT"
-              value: {{ .Values.controlplane.endpoints.protocol.port | quote }}
-            - name: "WEB_HTTP_PROTOCOL_PATH"
-              value: {{ .Values.controlplane.endpoints.protocol.path | quote }}
-
-            #########
-            ## DSP ##
-            #########
-
-            - name: "EDC_DSP_CALLBACK_ADDRESS"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-            - name: "EDC_OAUTH_PROVIDER_AUDIENCE"
-              value: "idsc:IDS_CONNECTORS_ALL"
-            - name: "EDC_OAUTH_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }}
-
-            ################
-            ## DATA PLANE ##
-            ################
-
-          {{- range $dataplane_name, $dataplane := .Values.dataplanes }}
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_URL" (upper $dataplane.name) | quote }}
-              value: {{ include "txdc.dataplane.url.control" (dict "dataplane" $dataplane "root" $) }}/transfer
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_SOURCETYPES" (upper $dataplane.name) | quote }}
-              value: {{ $dataplane.sourceTypes }}
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_DESTINATIONTYPES" (upper $dataplane.name) | quote }}
-              value: {{ $dataplane.destinationTypes }}
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_PROPERTIES" (upper $dataplane.name) | quote }}
-              value: |-
-                {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" (dict "dataplane" $dataplane "root" $)) }}
-          {{- end }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer
-            - name: "EDC_TRANSFER_PROXY_ENDPOINT"
-              value: {{ include "txdc.dataplane.url.public" (dict "dataplane" .Values.dataplanes.dataplane "root" $) }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }}
-            {{- end }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }}
-            {{- end }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver
-            {{- if .Values.backendService.httpProxyTokenReceiverUrl }}
-            - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT"
-              value: {{ .Values.backendService.httpProxyTokenReceiverUrl | quote }}
-            {{- end }}
-
-            ###########
-            ## VAULT ##
-            ###########
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault
-            - name: "EDC_VAULT_HASHICORP_URL"
-              value: {{ tpl .Values.vault.hashicorp.url . | quote }}
-            - name: "EDC_VAULT_HASHICORP_TOKEN"
-              value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }}
-            - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS"
-              value: {{ .Values.vault.hashicorp.timeout | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED"
-              value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK"
-              value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH"
-              value: {{ .Values.vault.hashicorp.paths.secret | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
-              value: {{ .Values.vault.hashicorp.paths.health | quote }}
-
-            #####################
-            ## DATA ENCRYPTION ##
-            #####################
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/data-encryption
-            - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }}
-            - name: "EDC_DATA_ENCRYPTION_ALGORITHM"
-              value: "AES"
-
-            ###########################
-            ## AAS WRAPPER EXTENSION ##
-            ###########################
-            - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER"
-              value: "0"
-            - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT"
-              value: "0"
-
-            ###########################
-            ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ##
-            ###########################
-            - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION"
-              value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }}
-
-            ######################################
-            ## Additional environment variables ##
-            ######################################
-            - name: "EDC_CONNECTOR_NAME"
-              value: {{ include "txdc.fullname" .}}-controlplane
-          {{- range $key, $value := .Values.controlplane.envValueFrom }}
-            - name: {{ $key | quote }}
-              valueFrom:
-                {{- tpl (toYaml $value) $ | nindent 16 }}
-          {{- end }}
-          {{- range $key, $value := .Values.controlplane.env }}
-            - name: {{ $key | quote }}
-              value: {{ $value | quote }}
-          {{- end }}
-          {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }}
-          envFrom:
-          {{- range $value := .Values.controlplane.envSecretNames }}
-            - secretRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- range $value := .Values.controlplane.envConfigMapNames }}
-            - configMapRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- end }}
-          volumeMounts:
-            - name: "configuration"
-              mountPath: "/app/opentelemetry.properties"
-              subPath: "opentelemetry.properties"
-            - name: "configuration"
-              mountPath: "/app/logging.properties"
-              subPath: "logging.properties"
-            - name: "tmp"
-              mountPath: "/tmp"
-      volumes:
-        - name: "configuration"
-          configMap:
-            name: {{ include "txdc.fullname" . }}-controlplane
-            items:
-              - key: "opentelemetry.properties"
-                path: "opentelemetry.properties"
-              - key: "logging.properties"
-                path: "logging.properties"
-        - name: "tmp"
-          emptyDir: { }
-      {{- with .Values.controlplane.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controlplane.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controlplane.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/charts/agent-connector-memory/templates/deployment-dataplane.yaml b/charts/agent-connector-memory/templates/deployment-dataplane.yaml
deleted file mode 100644
index 1d9d10bc..00000000
--- a/charts/agent-connector-memory/templates/deployment-dataplane.yaml
+++ /dev/null
@@ -1,351 +0,0 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-spec:
-  {{- if not $dataplane.autoscaling.enabled }}
-  replicas: {{ $dataplane.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }}
-  template:
-    metadata:
-      {{- with $dataplane.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }}
-        {{- with $dataplane.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with $root.Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "txdc.serviceAccountName" $root }}
-      securityContext:
-        {{- toYaml $dataplane.podSecurityContext | nindent 8 }}
-      initContainers:
-        {{- toYaml $dataplane.initContainers | nindent 8 }}
-      containers:
-        - name: {{ $root.Chart.Name }}
-          securityContext:
-            {{- toYaml $dataplane.securityContext | nindent 12 }}
-          {{- if $dataplane.image.repository }}
-          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.5.0" }}"
-          {{- else if $dataplane.agent }}
-          image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}"
-          {{- else }}
-          image: "tractusx/edc-dataplane-hashicorp-vault:{{ $dataplane.image.tag | default "0.5.0" }}"
-          {{- end }}
-          imagePullPolicy: {{ $dataplane.image.pullPolicy }}
-          ports:
-          {{- range $key,$value := $dataplane.endpoints }}
-            - name: {{ $key }}
-              containerPort: {{ $value.port }}
-              protocol: TCP
-          {{- end }}
-          {{- if $dataplane.livenessProbe.enabled }}
-          livenessProbe:
-            httpGet:
-              path: {{ $dataplane.endpoints.default.path }}/check/liveness
-              port: {{ $dataplane.endpoints.default.port }}
-            initialDelaySeconds: {{ $dataplane.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ $dataplane.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ $dataplane.livenessProbe.timeoutSeconds }}
-            failureThreshold: {{ $dataplane.livenessProbe.failureThreshold }}
-            successThreshold: {{ $dataplane.livenessProbe.successThreshold }}
-          {{- end }}
-          {{- if $dataplane.readinessProbe.enabled }}
-          readinessProbe:
-            httpGet:
-              path: {{ $dataplane.endpoints.default.path }}/check/readiness
-              port: {{ $dataplane.endpoints.default.port }}
-            initialDelaySeconds: {{ $dataplane.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ $dataplane.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ $dataplane.readinessProbe.timeoutSeconds }}
-            failureThreshold: {{ $dataplane.readinessProbe.failureThreshold }}
-            successThreshold: {{ $dataplane.readinessProbe.successThreshold }}
-          {{- end }}
-          resources:
-            {{- toYaml $dataplane.resources | nindent 12 }}
-          env:
-          {{- if $dataplane.debug.enabled }}
-            - name: "JAVA_TOOL_OPTIONS"
-            {{- if and $dataplane.debug.enabled $dataplane.debug.suspendOnStart }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" $dataplane.debug.port }}
-            {{- else }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" $dataplane.debug.port }}
-            {{- end }}
-          {{- end }}
-
-            #######
-            # API #
-            #######
-            - name: "WEB_HTTP_DEFAULT_PORT"
-              value: {{ $dataplane.endpoints.default.port | quote }}
-            - name: "WEB_HTTP_DEFAULT_PATH"
-              value: {{ $dataplane.endpoints.default.path | quote }}
-            - name: "WEB_HTTP_CONTROL_PORT"
-              value: {{ $dataplane.endpoints.control.port | quote }}
-            - name: "WEB_HTTP_CONTROL_PATH"
-              value: {{ $dataplane.endpoints.control.path | quote }}
-            - name: "WEB_HTTP_PUBLIC_PORT"
-              value: {{ $dataplane.endpoints.public.port | quote }}
-            - name: "WEB_HTTP_PUBLIC_PATH"
-              value: {{ $dataplane.endpoints.public.path | quote }}
-            - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT"
-              value: {{ include "txdc.controlplane.url.validation" $root}}
-
-            ###################
-            # AUTH (JWT)      #
-            ###################
-          {{- if $dataplane.auth }}
-          {{- range $auth, $authDef := $dataplane.auth }} 
-            - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }}
-              value: {{ $authDef.type | required "Authentication Service needs a type" | quote }}
-            - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }}
-              value: {{ $authDef.context | required "Authentication Service needs a context" | quote }}
-          {{- if $authDef.exclude }}
-            - name: {{ printf "TRACTUSX_AUTH_%s_EXCLUDE" (upper $auth) | quote }}
-              value: {{ $authDef.exclude | quote }}
-          {{- end }}
-          {{- if $authDef.register }}
-            - name: {{ printf "TRACTUSX_AUTH_%s_REGISTER" (upper $auth) | quote }}
-              value: {{ $authDef.register | quote }}
-          {{- end }}
-          {{- if $authDef.apiCode }}   
-            - name: {{ printf "TRACTUSX_AUTH_%s_APICODE" (upper $auth) | quote }}
-              value: {{ $authDef.apiCode | quote }}
-          {{- end }}
-          {{- if $authDef.vaultKey }}   
-            - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }}
-              value: {{ $authDef.vaultKey | quote }}
-          {{- end }}
-          {{- if $authDef.publicKey }}   
-            - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }}
-              value: {{ $authDef.publicKey | quote }}
-          {{- end }}
-          {{- if $authDef.checkExpiry }}   
-            - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }}
-              value: {{ $authDef.checkExpiry | quote }}
-          {{- end }}
-          {{- end }}
-          {{- end }}
-
-          {{- if $dataplane.endpoints.callback }}
-
-            ###################
-            # AGENT CALLBACK  #
-            ###################
-            - name: "WEB_HTTP_CALLBACK_PORT"
-              value: {{ $dataplane.endpoints.callback.port | quote }}
-            - name: "WEB_HTTP_CALLBACK_PATH"
-              value: {{ $dataplane.endpoints.callback.path | quote }}
-            - name: "CX_AGENT_CALLBACK"
-              value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }}
-            - name: "EDC_API_AUTH_KEY"
-              value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
-            - name: "EDC_PARTICIPANT_ID"
-              value: {{ $root.Values.participant.id | quote }}
-            - name: "CX_AGENT_CONTROLPLANE_PROTOCOL"
-              value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }}
-            - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT"
-              value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }}
-          {{- end }}
-
-          {{- if $dataplane.agent }}
-            - name: "CX_AGENT_EDC_VERSION"
-              value: {{ $dataplane.agent.edcVersion | default $root.Values.controlplane.image.tag | quote }}
-          {{- end }}
-
-          {{- if $dataplane.agent.matchmaking }}
-            - name: "CX_AGENT_MATCHMAKING"
-              value: {{ $dataplane.agent.matchmaking | quote }}
-          {{- end }}
-
-          {{- if $dataplane.agent.default }}
-
-            ###############
-            # AGENT INIT  #
-            ###############
-            - name: "CX_AGENT_ASSET_FILE"
-              value: {{ join "," $dataplane.agent.default | quote }} 
-            - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT"
-              value: {{ $dataplane.agent.skillcontract | quote }}
-          {{- end }}
-
-          {{- if $dataplane.agent.services }}
-
-            ###################
-            # AGENT SERVICES #
-            ###################
-          {{- if $dataplane.agent.services.allow }}
-            - name: "CX_AGENT_SERVICE_ALLOW"
-              value: {{ $dataplane.agent.services.allow | quote }} 
-          {{- end }}
-          {{- if $dataplane.agent.services.deny }}
-            - name: "CX_AGENT_SERVICE_DENY"
-              value: {{ $dataplane.agent.services.deny | quote }} 
-          {{- end }}
-          {{- if $dataplane.agent.services.asset }}
-          {{- if $dataplane.agent.services.asset.allow }}
-            - name: "CX_AGENT_SERVICE_ASSET_ALLOW"
-              value: {{ $dataplane.agent.services.asset.allow | quote }} 
-          {{- end }}
-          {{- if $dataplane.agent.services.asset.deny }}
-            - name: "CX_AGENT_SERVICE_ASSET_DENY"
-              value: {{ $dataplane.agent.services.asset.deny | quote }} 
-          {{- end }}
-          {{- end }}
-          {{- end }}
-          
-          {{- if $dataplane.agent.connectors }}
-
-            ###################
-            # AGENT SYNC      #
-            ###################
-            - name: "CX_AGENT_DATASPACE_REMOTES"
-              value: {{ join "," $dataplane.agent.connectors | quote }} 
-            - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION"
-              value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }}
-            - name: "CX_AGENT_FEDERATION_BATCH_MAX"
-              value: {{ $dataplane.agent.maxbatchsize | quote }} 
-          {{- end }}
-
-            #######
-            # AWS #
-            #######
-            {{- if $dataplane.aws.endpointOverride }}
-            - name: "EDC_AWS_ENDPOINT_OVERRIDE"
-              value: {{ $dataplane.aws.endpointOverride | quote }}
-            {{- end   }}
-            {{- if $dataplane.aws.secretAccessKey }}
-            - name: "AWS_SECRET_ACCESS_KEY"
-              value: {{ $dataplane.aws.secretAccessKey | quote }}
-            {{- end }}
-            {{- if $dataplane.aws.accessKeyId }}
-            - name: "AWS_ACCESS_KEY_ID"
-              value: {{ $dataplane.aws.accessKeyId | quote }}
-            {{- end }}
-
-            ###########
-            ## VAULT ##
-            ###########
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault
-            - name: "EDC_VAULT_HASHICORP_URL"
-              value: {{ tpl $root.Values.vault.hashicorp.url $root | required ".Values.vault.hashicorp.url is required" | quote }}
-            - name: "EDC_VAULT_HASHICORP_TOKEN"
-              value: {{ $root.Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }}
-            - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS"
-              value: {{ $root.Values.vault.hashicorp.timeout | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED"
-              value: {{ $root.Values.vault.hashicorp.healthCheck.enabled | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK"
-              value: {{ $root.Values.vault.hashicorp.healthCheck.standbyOk | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH"
-              value: {{ $root.Values.vault.hashicorp.paths.secret | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
-              value: {{ $root.Values.vault.hashicorp.paths.health | quote }}
-
-            ######################################
-            ## Additional environment variables ##
-            ######################################
-            - name: "EDC_CONNECTOR_NAME"
-              value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }}
-          {{- range $key, $value := $dataplane.envValueFrom }}
-            - name: {{ $key | quote }}
-              valueFrom:
-                {{- tpl (toYaml $value) $ | nindent 16 }}
-          {{- end }}
-          {{- range $key, $value := $dataplane.env }}
-            - name: {{ $key | quote }}
-              value: {{ $value | quote }}
-          {{- end }}
-          {{- if and (or $dataplane.envSecretNames $dataplane.envConfigMapNames) (or (gt (len $dataplane.envSecretNames) 0) (gt (len $dataplane.envConfigMapNames) 0)) }}
-          envFrom:
-          {{- range $value := $dataplane.envSecretNames }}
-            - secretRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- range $value := $dataplane.envConfigMapNames }}
-            - configMapRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- end }}
-          volumeMounts:
-            - name: "configuration"
-              mountPath: "/app/opentelemetry.properties"
-              subPath: "opentelemetry.properties"
-            - name: "configuration"
-              mountPath: "/app/logging.properties"
-              subPath: "logging.properties"
-            - name: "tmp"
-              mountPath: "/tmp"
-
-            {{- range $config_name, $config_value := $dataplane.configs }}
-            - name: "configuration"
-              mountPath: {{ printf "/app/%s" $config_name | quote }}
-              subPath: {{ printf "%s" $config_name | quote }}
-            {{- end }}
-      volumes:
-        - name: "configuration"
-          configMap:
-            name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }}
-            items:
-              - key: "opentelemetry.properties"
-                path: "opentelemetry.properties"
-              - key: "logging.properties"
-                path: "logging.properties"
-            {{- range $config_name, $config_value := $dataplane.configs }}
-              - key: {{ printf "%s" $config_name | quote }}
-                path: {{ printf "%s" $config_name | quote }}
-            {{- end }}
-        - name: "tmp"
-          emptyDir: { }
-      {{- with $dataplane.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with $dataplane.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with $dataplane.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector-memory/templates/hpa-controlplane.yaml b/charts/agent-connector-memory/templates/hpa-controlplane.yaml
deleted file mode 100644
index 50c1dbb5..00000000
--- a/charts/agent-connector-memory/templates/hpa-controlplane.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-{{- if .Values.controlplane.autoscaling.enabled }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "txdc.fullname" . }}-controlplane
-  minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
diff --git a/charts/agent-connector-memory/templates/hpa-dataplane.yaml b/charts/agent-connector-memory/templates/hpa-dataplane.yaml
deleted file mode 100644
index d9c0f6c2..00000000
--- a/charts/agent-connector-memory/templates/hpa-dataplane.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
-{{- if $dataplane.autoscaling.enabled }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
-  minReplicas: {{ $dataplane.autoscaling.minReplicas }}
-  maxReplicas: {{ $dataplane.autoscaling.maxReplicas }}
-  metrics:
-    {{- if $dataplane.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ $dataplane.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if $dataplane.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector-memory/templates/ingress-controlplane.yaml b/charts/agent-connector-memory/templates/ingress-controlplane.yaml
deleted file mode 100644
index 47806a8d..00000000
--- a/charts/agent-connector-memory/templates/ingress-controlplane.yaml
+++ /dev/null
@@ -1,99 +0,0 @@
-{{- $fullName := include "txdc.fullname" . }}
-{{- $controlLabels := include "txdc.controlplane.labels" . }}
-{{- $controlEdcEndpoints := .Values.controlplane.endpoints }}
-{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
-{{- $namespace := .Release.Namespace }}
-
-{{- range .Values.controlplane.ingresses }}
-{{- if and .enabled .endpoints }}
-{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }}
-{{- $annotations := .annotations | default dict }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- if semverCompare ">=1.19-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1beta1
-{{- else }}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $controlIngressName }}
-  namespace: {{ $namespace | default "default" | quote }}
-  labels:
-    {{- $controlLabels | nindent 4 }}
-  annotations:
-    {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }}
-    {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }}
-    {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}}
-    {{- end }}
-    {{- end }}
-    {{- if .certManager }}
-    {{- if .certManager.issuer }}
-    {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}}
-    {{- end }}
-    {{- if .certManager.clusterIssuer }}
-    {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}}
-    {{- end }}
-    {{- end }}
-    {{- with $annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }}
-  ingressClassName: {{ .className }}
-  {{- end }}
-  {{- if .hostname }}
-  {{- if .tls.enabled }}
-  tls:
-    - hosts:
-        - {{ .hostname }}
-      {{- if .tls.secretName }}
-      secretName: {{ .tls.secretName }}
-      {{- else }}
-      secretName: {{ $controlIngressName }}-tls
-      {{- end }}
-  {{- end }}
-  rules:
-    - host: {{ .hostname }}
-      http:
-        paths:
-          {{- $ingressEdcEndpoints := .endpoints }}
-          {{- range  $name, $mapping := $controlEdcEndpoints }}
-          {{- if (has $name $ingressEdcEndpoints) }}
-          - path: {{ $mapping.path }}
-            pathType: Prefix
-            backend:
-              {{- if semverCompare ">=1.19-0" $gitVersion }}
-              service:
-                name: {{ $fullName }}-controlplane
-                port:
-                  number: {{ $mapping.port }}
-              {{- else }}
-              {{- end }}
-        {{- end }}
-  {{- end }}
-  {{- end }}
-{{- end }}{{- /* end: if .enabled */}}
-{{- end }}{{- /* end: range .Values.ingresses */}}
diff --git a/charts/agent-connector-memory/templates/ingress-dataplane.yaml b/charts/agent-connector-memory/templates/ingress-dataplane.yaml
deleted file mode 100644
index 7d03fbff..00000000
--- a/charts/agent-connector-memory/templates/ingress-dataplane.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
-{{- $fullName := include "txdc.fullname" . }}
-{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
-{{- $namespace := .Release.Namespace }}
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
-{{- $dataEdcEndpoints := $dataplane.endpoints }}
-{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-
-{{- range $dataplane.ingresses }}
-{{- if and .enabled .endpoints }}
-{{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }}
-{{- $annotations := .annotations | default dict }}
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- if semverCompare ">=1.19-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1beta1
-{{- else }}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $dataIngressName }}
-  namespace: {{ $namespace | default "default" | quote }}
-  labels:
-    {{- $dataLabels | nindent 2 }}
-  annotations:
-    {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }}
-    {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }}
-    {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}}
-    {{- end }}
-    {{- end }}
-    {{- if .certManager }}
-    {{- if .certManager.issuer }}
-    {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}}
-    {{- end }}
-    {{- if .certManager.clusterIssuer }}
-    {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}}
-    {{- end }}
-    {{- end }}
-    {{- with $annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }}
-  ingressClassName: {{ .className }}
-  {{- end }}
-  {{- if .hostname }}
-  {{- if .tls.enabled }}
-  tls:
-    - hosts:
-        - {{ .hostname }}
-      {{- if .tls.secretName }}
-      secretName: {{ .tls.secretName }}
-      {{- else }}
-      secretName: {{ $dataIngressName }}-tls
-      {{- end }}
-  {{- end }}
-  rules:
-    - host: {{ .hostname }}
-      http:
-        paths:
-          {{- $ingressEdcEndpoints := .endpoints }}
-          {{- range  $name, $mapping := $dataEdcEndpoints }}
-          {{- if (has $name $ingressEdcEndpoints) }}
-          - path: {{ $mapping.path }}
-            pathType: Prefix
-            backend:
-              {{- if semverCompare ">=1.19-0" $gitVersion }}
-              service:
-                name: {{ $fullName }}-{{ $dataplane.name }}
-                port:
-                  number: {{ $mapping.port }}
-              {{- else }}
-              {{- end }}
-        {{- end }}
-  {{- end }}
-  {{- end }}
-{{- end }}{{- /* end: if .enabled */}}
-{{- end }}{{- /* end: range .Values.ingresses */}}
-{{- end }}{{- /* end: range .Values.dataplanes */}}
diff --git a/charts/agent-connector-memory/templates/networkpolicy.yaml b/charts/agent-connector-memory/templates/networkpolicy.yaml
deleted file mode 100644
index 05b59029..00000000
--- a/charts/agent-connector-memory/templates/networkpolicy.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-{{- if eq (.Values.networkPolicy.enabled | toString) "true" }}
-{{- range tuple "controlplane" "dataplane" }}
-{{- $name := . }}
----
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ include "txdc.fullname" $ }}-{{ $name }}
-  labels:
-    {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }}
-  ingress:
-    - from:
-      {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }}
-      ports:
-      {{- range $key,$value := (index $.Values $name "endpoints") }}
-        - port: {{ $value.port }}
-          protocol: TCP
-      {{- end }}
-  policyTypes:
-    - Ingress
----
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector-memory/templates/service-controlplane.yaml b/charts/agent-connector-memory/templates/service-controlplane.yaml
deleted file mode 100644
index e993b46d..00000000
--- a/charts/agent-connector-memory/templates/service-controlplane.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  namespace: {{ .Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.controlplane.service.type }}
-  ports:
-    - port: {{ .Values.controlplane.endpoints.default.port }}
-      targetPort: default
-      protocol: TCP
-      name: default
-    - port: {{ .Values.controlplane.endpoints.control.port }}
-      targetPort: control
-      protocol: TCP
-      name: control
-    - port: {{ .Values.controlplane.endpoints.management.port }}
-      targetPort: management
-      protocol: TCP
-      name: management
-    - port: {{ .Values.controlplane.endpoints.protocol.port }}
-      targetPort: protocol
-      protocol: TCP
-      name: protocol
-    - port: {{ .Values.controlplane.endpoints.metrics.port }}
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
-  selector:
-    {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }}
diff --git a/charts/agent-connector-memory/templates/service-dataplane.yaml b/charts/agent-connector-memory/templates/service-dataplane.yaml
deleted file mode 100644
index 71619f89..00000000
--- a/charts/agent-connector-memory/templates/service-dataplane.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
-  namespace: {{ $root.Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-spec:
-  type: {{ $dataplane.service.type }}
-  ports:
-    - port: {{ $dataplane.endpoints.default.port }}
-      targetPort: default
-      protocol: TCP
-      name: default
-    - port: {{ $dataplane.endpoints.control.port }}
-      targetPort: control
-      protocol: TCP
-      name: control
-    - port: {{ $dataplane.endpoints.public.port }}
-      targetPort: public
-      protocol: TCP
-      name: public
-    - port: {{ $dataplane.endpoints.metrics.port }}
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
-    - port: {{ $dataplane.endpoints.proxy.port }}
-      targetPort: proxy
-      protocol: TCP
-      name: proxy
-  {{- if $dataplane.endpoints.callback }}
-    - port: {{ $dataplane.endpoints.callback.port }}
-      targetPort: callback
-      protocol: TCP
-      name: callback
-  {{- end }}
-  selector:
-    {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector-memory/templates/serviceaccount.yaml b/charts/agent-connector-memory/templates/serviceaccount.yaml
deleted file mode 100644
index f94ad14e..00000000
--- a/charts/agent-connector-memory/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "txdc.serviceAccountName" . }}
-  labels:
-    {{- include "txdc.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- with .Values.serviceAccount.imagePullSecrets }}
-imagePullSecrets:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml b/charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml
deleted file mode 100644
index 2147c743..00000000
--- a/charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- $root := . -}}
-{{- $allcommands := (dict "commands" (list)) -}}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes -}}
-{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path  | append $allcommands.commands | set $allcommands "commands" -}}
-{{- end }}
-
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{include "txdc.fullname" .}}test-dataplane-readiness"
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" .Values.dataplanes.dataplane "root" $root) | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-    "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }}
-spec:
-  containers:
-    - name: wget
-      image: curlimages/curl
-      command: [ '/bin/sh','-c' ]
-      args: [ {{ join "&&" $allcommands.commands | quote }} ]
-  restartPolicy: Never
diff --git a/charts/agent-connector-memory/values.yaml b/charts/agent-connector-memory/values.yaml
deleted file mode 100644
index 8ea8603c..00000000
--- a/charts/agent-connector-memory/values.yaml
+++ /dev/null
@@ -1,624 +0,0 @@
-#
-#  Copyright (c) 2023,2024 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
----
-# Default values for agent-connector.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-install:
-  vault: false
-fullnameOverride: ""
-nameOverride: ""
-# -- Image registry to use
-imageRegistry: docker.io/
-# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
-imagePullSecrets: []
-# -- To add some custom labels
-customLabels: {}
-
-participant:
-  # -- BPN Number
-  id: ""
-
-controlplane:
-  image:
-    # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically
-    repository: ""
-    # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
-    pullPolicy: IfNotPresent
-    # -- Overrides the image tag whose default is the chart appVersion
-    tag: ""
-  initContainers: []
-  debug:
-    enabled: false
-    port: 1044
-    suspendOnStart: false
-  livenessProbe:
-    # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-    enabled: true
-    # -- seconds to wait before performing the first liveness check
-    initialDelaySeconds: 30
-    # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-    periodSeconds: 10
-    # -- number of seconds after which the probe times out
-    timeoutSeconds: 5
-    # -- when a probe fails kubernetes will try 6 times before giving up
-    failureThreshold: 6
-    # -- number of consecutive successes for the probe to be considered successful after having failed
-    successThreshold: 1
-  readinessProbe:
-    # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-    enabled: true
-    # -- seconds to wait before performing the first readiness check
-    initialDelaySeconds: 30
-    # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds
-    periodSeconds: 10
-    # -- number of seconds after which the probe times out
-    timeoutSeconds: 5
-    # -- when a probe fails kubernetes will try 6 times before giving up
-    failureThreshold: 6
-    # -- number of consecutive successes for the probe to be considered successful after having failed
-    successThreshold: 1
-  # -- endpoints of the control plane
-  endpoints:
-    # -- default api for health checks, should not be added to any ingress
-    default:
-      # -- port for incoming api calls
-      port: 8080
-      # -- path for incoming api calls
-      path: /api
-    # -- data management api, used by internal users, can be added to an ingress and must not be internet facing
-    management:
-      # -- port for incoming api calls
-      port: 8081
-      # -- path for incoming api calls
-      path: /management
-      # -- authentication key, must be attached to each 'X-Api-Key' request header
-      authKey: ""
-    # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
-    control:
-      # -- port for incoming api calls
-      port: 8083
-      # -- path for incoming api calls
-      path: /control
-    # -- dsp api, used for inter connector communication and must be internet facing
-    protocol:
-      # -- port for incoming api calls
-      port: 8084
-      # -- path for incoming api calls
-      path: /api/v1/dsp
-    # -- metrics api, used for application metrics, must not be internet facing
-    metrics:
-      # -- port for incoming api calls
-      port: 9090
-      # -- path for incoming api calls
-      path: /metrics
-
-  businessPartnerValidation:
-    log:
-      agreementValidation: true
-
-  # SSI configuration
-  ssi:
-    miw:
-      # -- MIW URL
-      url: ""
-      # -- The BPN of the issuer authority
-      authorityId: ""
-    oauth:
-      # -- The URL (of KeyCloak), where access tokens can be obtained
-      tokenurl: ""
-      client:
-        # -- The client ID for KeyCloak
-        id: ""
-        # -- The alias under which the client secret is stored in the vault.
-        secretAlias: ""
-
-  service:
-    # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
-    type: ClusterIP
-    annotations: {}
-  # -- additional labels for the pod
-  podLabels: {}
-  # -- additional annotations for the pod
-  podAnnotations: {}
-  # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
-  podSecurityContext:
-    seccompProfile:
-      # -- Restrict a Container's Syscalls with seccomp
-      type: RuntimeDefault
-    # -- Runs all processes within a pod with a special uid
-    runAsUser: 10001
-    # -- Processes within a pod will belong to this guid
-    runAsGroup: 10001
-    # -- The owner for volumes and any files created within volumes will belong to this guid
-    fsGroup: 10001
-  # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
-  securityContext:
-    capabilities:
-      # -- Specifies which capabilities to drop to reduce syscall attack surface
-      drop:
-        - ALL
-      # -- Specifies which capabilities to add to issue specialized syscalls
-      add: []
-    # -- Whether the root filesystem is mounted in read-only mode
-    readOnlyRootFilesystem: true
-    # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
-    allowPrivilegeEscalation: false
-    # -- Requires the container to run without root privileges
-    runAsNonRoot: true
-    # -- The container's process will run with the specified uid
-    runAsUser: 10001
-  # Extra environment variables that will be pass onto deployment pods
-  env: {
-    EDC_JSONLD_HTTPS_ENABLED: "true"
-  }  #  ENV_NAME: value
-
-  # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
-  # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
-  envValueFrom: {}
-  #  ENV_NAME:
-  #    configMapKeyRef:
-  #      name: configmap-name
-  #      key: value_key
-  #    secretKeyRef:
-  #      name: secret-name
-  #      key: value_key
-
-  # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
-  envSecretNames: []
-  #  - first-secret
-  #  - second-secret
-
-  # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
-  envConfigMapNames: []
-  #  - first-config-map
-  #  - second-config-map
-
-  ## Ingress declaration to expose the network service.
-  ingresses:
-    ## Public / Internet facing Ingress
-    - enabled: false
-      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-      hostname: "edc-control.local"
-      # -- Additional ingress annotations to add
-      annotations: {}
-      # -- EDC endpoints exposed by this ingress resource
-      endpoints:
-        - protocol
-      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-      className: ""
-      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-      tls:
-        # -- Enables TLS on the ingress resource
-        enabled: false
-        # -- If present overwrites the default secret name
-        secretName: ""
-      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-      certManager:
-        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-        issuer: ""
-        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-        clusterIssuer: ""
-    ## Private / Intranet facing Ingress
-    - enabled: false
-      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-      hostname: "edc-control.intranet"
-      # -- Additional ingress annotations to add
-      annotations: {}
-      # -- EDC endpoints exposed by this ingress resource
-      endpoints:
-        - management
-        - control
-      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-      className: ""
-      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-      tls:
-        # -- Enables TLS on the ingress resource
-        enabled: false
-        # -- If present overwrites the default secret name
-        secretName: ""
-      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-      certManager:
-        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-        issuer: ""
-        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-        clusterIssuer: ""
-  # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
-  volumeMounts: []
-  # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
-  volumes: []
-  # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-  resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  limits:
-    cpu: 1.5
-    memory: 512Mi
-  requests:
-    cpu: 500m
-    memory: 128Mi
-  replicaCount: 1
-  autoscaling:
-    # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
-    enabled: false
-    # -- Minimal replicas if resource consumption falls below resource threshholds
-    minReplicas: 1
-    # -- Maximum replicas if resource consumption exceeds resource threshholds
-    maxReplicas: 100
-    # -- targetAverageUtilization of cpu provided to a pod
-    targetCPUUtilizationPercentage: 80
-    # -- targetAverageUtilization of memory provided to a pod
-    targetMemoryUtilizationPercentage: 80
-  # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
-  opentelemetry: |-
-    otel.javaagent.enabled=false
-    otel.javaagent.debug=false
-  # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
-  logging: |-
-    .level=INFO
-    org.eclipse.edc.level=ALL
-    handlers=java.util.logging.ConsoleHandler
-    java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-    java.util.logging.ConsoleHandler.level=ALL
-    java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-  # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
-  nodeSelector: {}
-  # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
-  tolerations: []
-  # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
-  affinity: {}
-  url:
-    # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used)
-    protocol: ""
-dataplanes:
-  dataplane:
-    # -- the name of the dataplane
-    name: "agentplane"
-    # -- a comma-separated list of supported asset types
-    sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"
-    # -- a comma-separated list of supported transfer types
-    destinationTypes: "HttpProxy,AmazonS3"
-    image:
-      # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically
-      repository: ""
-      # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
-      pullPolicy: IfNotPresent
-      # -- Overrides the image tag whose default is the chart appVersion
-      tag: ""
-    initContainers: []
-    debug:
-      enabled: false
-      port: 1044
-      suspendOnStart: false
-    livenessProbe:
-      # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-      enabled: true
-      # -- seconds to wait before performing the first liveness check
-      initialDelaySeconds: 30
-      # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-      periodSeconds: 10
-      # -- number of seconds after which the probe times out
-      timeoutSeconds: 5
-      # -- when a probe fails kubernetes will try 6 times before giving up
-      failureThreshold: 6
-      # -- number of consecutive successes for the probe to be considered successful after having failed
-      successThreshold: 1
-    readinessProbe:
-      # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-      enabled: true
-      # -- seconds to wait before performing the first readiness check
-      initialDelaySeconds: 30
-      # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-      periodSeconds: 10
-      # -- number of seconds after which the probe times out
-      timeoutSeconds: 5
-      # -- when a probe fails kubernetes will try 6 times before giving up
-      failureThreshold: 6
-      # -- number of consecutive successes for the probe to be considered successful after having failed
-      successThreshold: 1
-    service:
-      # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
-      type: ClusterIP
-      port: 80
-    endpoints:
-      default:
-        port: 8080
-        path: /api
-      public:
-        port: 8081
-        path: /api/public
-      control:
-        port: 8083
-        path: /api/dataplane/control
-      proxy:
-        port: 8186
-        path: /proxy
-      callback:
-        port: 8087
-        path: /callback
-      metrics:
-        port: 9090
-        path: /metrics
-    # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
-    auth:
-      # -- the default authentication service
-      default:
-        # -- the type of the default authentication service (api-key, jwt or composite)
-        type: api-key
-        # -- the context(s) of the default authentication service separated by commas
-        context: default
-        # -- excluded paths for liveness checks and validation
-        exclude: ".*/(check|validation).*"
-        # -- controls whether this service should be registered as the default EDC authentication service globally
-        register: false
-        # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart.
-        apiCode: "69609650"
-        # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead
-        vaultKey:
-        # -- public key for checking the validity of jwt tokens, set this when type=jwt
-        publicKey:
-        # -- controls whether the expiry date of jwt tokens is checked when type=jwt
-        checkExpiry: true
-    aws:
-      endpointOverride: ""
-      accessKeyId: ""
-      secretAccessKey: ""
-    # -- additional labels for the pod
-    podLabels: {}
-    # -- additional annotations for the pod
-    podAnnotations: {}
-    # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
-    podSecurityContext:
-      seccompProfile:
-        # -- Restrict a Container's Syscalls with seccomp
-        type: RuntimeDefault
-      # -- Runs all processes within a pod with a special uid
-      runAsUser: 10001
-      # -- Processes within a pod will belong to this guid
-      runAsGroup: 10001
-      # -- The owner for volumes and any files created within volumes will belong to this guid
-      fsGroup: 10001
-    # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
-    securityContext:
-      capabilities:
-        # -- Specifies which capabilities to drop to reduce syscall attack surface
-        drop:
-          - ALL
-        # -- Specifies which capabilities to add to issue specialized syscalls
-        add: []
-      # -- Whether the root filesystem is mounted in read-only mode
-      readOnlyRootFilesystem: true
-      # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
-      allowPrivilegeEscalation: false
-      # -- Requires the container to run without root privileges
-      runAsNonRoot: true
-      # -- The container's process will run with the specified uid
-      runAsUser: 10001
-    # Extra environment variables that will be pass onto deployment pods
-    env: {}
-    #  ENV_NAME: value
-
-    # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
-    # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
-    envValueFrom: {}
-    #  ENV_NAME:
-    #    configMapKeyRef:
-    #      name: configmap-name
-    #      key: value_key
-    #    secretKeyRef:
-    #      name: secret-name
-    #      key: value_key
-
-    # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
-    envSecretNames: []
-    #  - first-secret
-    #  - second-secret
-
-    # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
-    envConfigMapNames: []
-    #  - first-config-map
-    #  - second-config-map
-
-    ## Ingress declaration to expose the network service.
-    ingresses:
-      ## Public / Internet facing Ingress
-      - enabled: false
-        # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-        hostname: "edc-data.local"
-        # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"}
-        annotations:
-            # Sample settings for more demanding use cases
-            # nginx.org/proxy-connect-timeout: "30s"
-            # nginx.org/proxy-read-timeout: "360s"
-            # nginx.org/client-max-body-size: "10m"
-        # -- EDC endpoints exposed by this ingress resource
-        endpoints:
-          - public
-        # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-        className: ""
-        # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-        tls:
-          # -- Enables TLS on the ingress resource
-          enabled: false
-          # -- If present overwrites the default secret name
-          secretName: ""
-        ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-        certManager:
-          # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-          issuer: ""
-          # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-          clusterIssuer: ""
-    # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
-    volumeMounts: []
-    # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
-    volumes: []
-    # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-    resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    limits:
-      cpu: 1.5
-      memory: 1024Mi
-    requests:
-      cpu: 500m
-      memory: 128Mi
-    replicaCount: 1
-    autoscaling:
-      # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
-      enabled: false
-      # -- Minimal replicas if resource consumption falls below resource threshholds
-      minReplicas: 1
-      # -- Maximum replicas if resource consumption exceeds resource threshholds
-      maxReplicas: 100
-      # -- targetAverageUtilization of cpu provided to a pod
-      targetCPUUtilizationPercentage: 80
-      # -- targetAverageUtilization of memory provided to a pod
-      targetMemoryUtilizationPercentage: 80
-    # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
-    opentelemetry: |-
-      otel.javaagent.enabled=false
-      otel.javaagent.debug=false
-    # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
-    logging: |-
-      .level=INFO
-      org.eclipse.edc.level=ALL
-      handlers=java.util.logging.ConsoleHandler
-      java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-      java.util.logging.ConsoleHandler.level=ALL
-      java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-    # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
-    nodeSelector: {}
-    # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
-    tolerations: []
-    # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
-    affinity: {}
-    url:
-      # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
-      public: ""
-    # -- A set of additional configuration files
-    configs:
-      # -- An example of an empty graph in ttl syntax
-      dataspace.ttl: |
-        #################################################################
-        # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT
-        #################################################################
-        @prefix : <GraphAsset?local=Dataspace> .
-        @base <GraphAsset?local=Dataspace> .
-    # -- Agent-Specific Settings
-    agent:
-      # -- Refers to an external matchmaking agent, set to a url string
-      matchmaking: {}
-      # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
-      default:
-        - dataspace.ttl
-        - https://w3id.org/catenax/ontology.ttl
-      # -- The synchronization interval in ms to update the federated data catalogue
-      synchronization: -1
-      # -- The list of remote connector IDS URLs to synchronize with
-      connectors: []
-      # -- Names the visible contract under which new skills are published (if not otherwise specified)
-      skillcontract: Contract?partner=Skill
-      # -- Sets the maximal batch size when delegating to agents and services
-      maxbatchsize: '9223372036854775807'
-      # -- A set of configs for regulating outgoing service calls
-      services:
-        # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
-        allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)'
-        # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
-        deny: 'http://.*'
-        # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given)
-        asset:
-          # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
-          allow: '(edcs?://.*)'
-          # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
-          deny: 'https?://.*'
-
-# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
-vault:
-  injector:
-    enabled: false
-  server:
-    dev:
-      enabled: true
-      devRootToken: "root"
-    postStart:    # must be set externally!
-  hashicorp:
-    # -- URL to the vault service, needs to be changed if install.vault=false
-    url: "http://{{ .Release.Name }}-vault:8200"
-    # -- Access token to the vault service needs to be changed if install.vault=false
-    token: ""
-    timeout: 30
-    healthCheck:
-      enabled: true
-      standbyOk: true
-    paths:
-      # -- Path to secrets needs to be changed if install.vault=false
-      secret: /v1/secret
-      # -- Default health api
-      health: /v1/sys/health
-  secretNames:
-    # -- sign handed out tokens with this key
-    transferProxyTokenSignerPrivateKey:
-    # -- sign handed out tokens with this certificate
-    transferProxyTokenSignerPublicKey:
-    # -- encrypt handed out tokens with this symmetric key
-    transferProxyTokenEncryptionAesKey:
-backendService:
-  httpProxyTokenReceiverUrl: ""
-
-networkPolicy:
-  # -- If `true` network policy will be created to restrict access to control- and dataplane
-  enabled: false
-  # -- Configuration of the controlplane component
-  controlplane:
-    # -- Specify from rule network policy for cp (defaults to all namespaces)
-    from:
-      - namespaceSelector: {}
-  # -- Configuration of the dataplane component
-  dataplane:
-    # -- Specify from rule network policy for dp (defaults to all namespaces)
-    from:
-      - namespaceSelector: {}
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-  # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
-  imagePullSecrets: []
-
-# -- Configurations for Helm tests
-tests:
-  # -- Configure the hook-delete-policy for Helm tests
-  hookDeletePolicy: before-hook-creation,hook-succeeded
diff --git a/charts/agent-connector/.helmignore b/charts/agent-connector/.helmignore
deleted file mode 100644
index 9a12504f..00000000
--- a/charts/agent-connector/.helmignore
+++ /dev/null
@@ -1,45 +0,0 @@
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
-#
-# See the NOTICE file(s) distributed with this work for additional
-# information regarding copyright ownership.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Apache License, Version 2.0 which is available at
-# https://www.apache.org/licenses/LICENSE-2.0.
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
-# Doc Templates
-README.md.gotmpl
-# Accept only values.yaml
-values?*.yaml
-values?*.yml
\ No newline at end of file
diff --git a/charts/agent-connector/Chart.yaml b/charts/agent-connector/Chart.yaml
deleted file mode 100644
index 187476ab..00000000
--- a/charts/agent-connector/Chart.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-#
-#  Copyright (c) 2023,2024 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v2
-name: agent-connector
-description: |
-  A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector. This is a variant of [the Tractus-X Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector) which allows
-  to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
-  Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and HashiCorp Vault are included.
-
-  This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ HashiCorp Vault.
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.12.18-SNAPSHOT
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.12.18-SNAPSHOT"
-home: https://github.com/eclipse-tractusx/knowledge-agents-edc/
-sources:
-  - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector
-dependencies:
-  # HashiCorp Vault
-  - name: vault
-    alias: vault
-    version: 0.20.0
-    repository: https://helm.releases.hashicorp.com
-    condition: install.vault
-  # PostgreSQL
-  - name: postgresql
-    alias: postgresql
-    version: 12.1.6
-    repository: https://charts.bitnami.com/bitnami
-    condition: install.postgresql
-maintainers:
-  - name: 'Tractus-X Knowledge Agents Team'
diff --git a/charts/agent-connector/LICENSE b/charts/agent-connector/LICENSE
deleted file mode 100644
index d6456956..00000000
--- a/charts/agent-connector/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
diff --git a/charts/agent-connector/README.md b/charts/agent-connector/README.md
deleted file mode 100644
index 2fc16142..00000000
--- a/charts/agent-connector/README.md
+++ /dev/null
@@ -1,382 +0,0 @@
-<!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0.
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
-
--->
-
-# agent-connector
-
-![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square)
-
-A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector. This is a variant of [the Tractus-X Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector) which allows
-to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
-Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and HashiCorp Vault are included.
-
-This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ HashiCorp Vault.
-
-**Homepage:** <https://github.com/eclipse-tractusx/knowledge-agents-edc/>
-
-## Setting up your BPNL and the Control Plane's Management API Key
-
-The secure API-Key that is shared between control and agent plane is configured in the following property:
-- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls).
-
-You should set your BPNL in the folloing property:
-- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding.
-
-## Setting up Hashicorp Vault
-
-You should set configure access to required secrets as follows:
-- 'vault.hashicorp.url': URL of the vault API
-- 'vault.hashicorp.token': A valid, generated access token.
-- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1)
-
-### Setting up the transfer token encryption
-
-Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
-you should setup a private/public certificate as well as a symmetric AES key.
-
-- 'vault.secretNames.transferProxyTokenSignerPrivateKey':
-- 'vault.secretNames.transferProxyTokenSignerPublicKey':
-- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
-
-## Setting up SSI
-
-### Preconditions
-
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
-  Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
-- the client ID and client secret corresponding to that account must be known
-
-### Preparatory work
-
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
-
-### Configure the chart
-
-Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
-## Setting up the Agent Planes
-
-Make sure to adapt the Agent Plane's application-facing endpoint security:
-- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt)
-- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key
-- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault
-- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found
-- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true)
-
-Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. 
-- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata.
-- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties.
-- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors.
-- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists.
-
-Be sure to adapt the agent configuration
-- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors.
-- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets.
-- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues.
-- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue.
-
-### Launching the application
-
-As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml)
-to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually.
-Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
-
-```shell
-helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector --version 1.12.18-SNAPSHOT
-```
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| Tractus-X Knowledge Agents Team |  |  |
-
-## Source Code
-
-* <https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector>
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.1.6 |
-| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| backendService.httpProxyTokenReceiverUrl | string | `""` |  |
-| controlplane.affinity | object | `{}` |  |
-| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
-| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
-| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
-| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
-| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
-| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` |  |
-| controlplane.debug.enabled | bool | `false` |  |
-| controlplane.debug.port | int | `1044` |  |
-| controlplane.debug.suspendOnStart | bool | `false` |  |
-| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
-| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
-| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
-| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
-| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress |
-| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls |
-| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls |
-| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
-| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
-| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
-| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
-| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing |
-| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls |
-| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls |
-| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
-| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
-| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
-| controlplane.env.EDC_JSONLD_HTTPS_ENABLED | string | `"true"` |  |
-| controlplane.envConfigMapNames | list | `[]` |  |
-| controlplane.envSecretNames | list | `[]` |  |
-| controlplane.envValueFrom | object | `{}` |  |
-| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
-| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically |
-| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add |
-| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| controlplane.ingresses[0].enabled | bool | `false` |  |
-| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource |
-| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
-| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add |
-| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| controlplane.ingresses[1].enabled | bool | `false` |  |
-| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource |
-| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name |
-| controlplane.initContainers | list | `[]` |  |
-| controlplane.limits.cpu | float | `1.5` |  |
-| controlplane.limits.memory | string | `"512Mi"` |  |
-| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
-| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
-| controlplane.nodeSelector | object | `{}` |  |
-| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
-| controlplane.podAnnotations | object | `{}` | additional annotations for the pod |
-| controlplane.podLabels | object | `{}` | additional labels for the pod |
-| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
-| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
-| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
-| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
-| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
-| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds |
-| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| controlplane.replicaCount | int | `1` |  |
-| controlplane.requests.cpu | string | `"500m"` |  |
-| controlplane.requests.memory | string | `"128Mi"` |  |
-| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
-| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
-| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
-| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
-| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
-| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
-| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
-| controlplane.service.annotations | object | `{}` |  |
-| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
-| controlplane.ssi.miw.url | string | `""` | MIW URL |
-| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. |
-| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
-| controlplane.tolerations | list | `[]` |  |
-| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
-| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
-| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
-| customLabels | object | `{}` | To add some custom labels |
-| dataplanes.dataplane.affinity | object | `{}` |  |
-| dataplanes.dataplane.agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"matchmaking":{},"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
-| dataplanes.dataplane.agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with |
-| dataplanes.dataplane.agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
-| dataplanes.dataplane.agent.matchmaking | object | `{}` | Refers to an external matchmaking agent, set to a url string |
-| dataplanes.dataplane.agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services |
-| dataplanes.dataplane.agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls |
-| dataplanes.dataplane.agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) |
-| dataplanes.dataplane.agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
-| dataplanes.dataplane.agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) |
-| dataplanes.dataplane.agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue |
-| dataplanes.dataplane.auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries |
-| dataplanes.dataplane.auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service |
-| dataplanes.dataplane.auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. |
-| dataplanes.dataplane.auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt |
-| dataplanes.dataplane.auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas |
-| dataplanes.dataplane.auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation |
-| dataplanes.dataplane.auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt |
-| dataplanes.dataplane.auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally |
-| dataplanes.dataplane.auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) |
-| dataplanes.dataplane.auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead |
-| dataplanes.dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
-| dataplanes.dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
-| dataplanes.dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
-| dataplanes.dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
-| dataplanes.dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
-| dataplanes.dataplane.aws.accessKeyId | string | `""` |  |
-| dataplanes.dataplane.aws.endpointOverride | string | `""` |  |
-| dataplanes.dataplane.aws.secretAccessKey | string | `""` |  |
-| dataplanes.dataplane.configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
-| dataplanes.dataplane.configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
-| dataplanes.dataplane.debug.enabled | bool | `false` |  |
-| dataplanes.dataplane.debug.port | int | `1044` |  |
-| dataplanes.dataplane.debug.suspendOnStart | bool | `false` |  |
-| dataplanes.dataplane.destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
-| dataplanes.dataplane.endpoints.callback.path | string | `"/callback"` |  |
-| dataplanes.dataplane.endpoints.callback.port | int | `8087` |  |
-| dataplanes.dataplane.endpoints.control.path | string | `"/api/dataplane/control"` |  |
-| dataplanes.dataplane.endpoints.control.port | int | `8083` |  |
-| dataplanes.dataplane.endpoints.default.path | string | `"/api"` |  |
-| dataplanes.dataplane.endpoints.default.port | int | `8080` |  |
-| dataplanes.dataplane.endpoints.metrics.path | string | `"/metrics"` |  |
-| dataplanes.dataplane.endpoints.metrics.port | int | `9090` |  |
-| dataplanes.dataplane.endpoints.proxy.path | string | `"/proxy"` |  |
-| dataplanes.dataplane.endpoints.proxy.port | int | `8186` |  |
-| dataplanes.dataplane.endpoints.public.path | string | `"/api/public"` |  |
-| dataplanes.dataplane.endpoints.public.port | int | `8081` |  |
-| dataplanes.dataplane.env | object | `{}` |  |
-| dataplanes.dataplane.envConfigMapNames | list | `[]` |  |
-| dataplanes.dataplane.envSecretNames | list | `[]` |  |
-| dataplanes.dataplane.envValueFrom | object | `{}` |  |
-| dataplanes.dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
-| dataplanes.dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
-| dataplanes.dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| dataplanes.dataplane.ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} |
-| dataplanes.dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
-| dataplanes.dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
-| dataplanes.dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
-| dataplanes.dataplane.ingresses[0].enabled | bool | `false` |  |
-| dataplanes.dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource |
-| dataplanes.dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
-| dataplanes.dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
-| dataplanes.dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
-| dataplanes.dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
-| dataplanes.dataplane.initContainers | list | `[]` |  |
-| dataplanes.dataplane.limits.cpu | float | `1.5` |  |
-| dataplanes.dataplane.limits.memory | string | `"1024Mi"` |  |
-| dataplanes.dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| dataplanes.dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| dataplanes.dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
-| dataplanes.dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| dataplanes.dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| dataplanes.dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| dataplanes.dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
-| dataplanes.dataplane.name | string | `"agentplane"` | the name of the dataplane |
-| dataplanes.dataplane.nodeSelector | object | `{}` |  |
-| dataplanes.dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
-| dataplanes.dataplane.podAnnotations | object | `{}` | additional annotations for the pod |
-| dataplanes.dataplane.podLabels | object | `{}` | additional labels for the pod |
-| dataplanes.dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
-| dataplanes.dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
-| dataplanes.dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
-| dataplanes.dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
-| dataplanes.dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
-| dataplanes.dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| dataplanes.dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
-| dataplanes.dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
-| dataplanes.dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
-| dataplanes.dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
-| dataplanes.dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
-| dataplanes.dataplane.replicaCount | int | `1` |  |
-| dataplanes.dataplane.requests.cpu | string | `"500m"` |  |
-| dataplanes.dataplane.requests.memory | string | `"128Mi"` |  |
-| dataplanes.dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
-| dataplanes.dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
-| dataplanes.dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
-| dataplanes.dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
-| dataplanes.dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
-| dataplanes.dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
-| dataplanes.dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
-| dataplanes.dataplane.service.port | int | `80` |  |
-| dataplanes.dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| dataplanes.dataplane.sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
-| dataplanes.dataplane.tolerations | list | `[]` |  |
-| dataplanes.dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
-| dataplanes.dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
-| dataplanes.dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
-| fullnameOverride | string | `""` |  |
-| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| imageRegistry | string | `"docker.io/"` | Image registry to use |
-| install.postgresql | bool | `false` |  |
-| install.vault | bool | `false` |  |
-| nameOverride | string | `""` |  |
-| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component |
-| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) |
-| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component |
-| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
-| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
-| participant.id | string | `""` | BPN Number |
-| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
-| serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
-| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
-| serviceAccount.name | string | `""` |  |
-| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
-| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
-| vault.hashicorp.healthCheck.enabled | bool | `true` |  |
-| vault.hashicorp.healthCheck.standbyOk | bool | `true` |  |
-| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api |
-| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false |
-| vault.hashicorp.timeout | int | `30` |  |
-| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false |
-| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false |
-| vault.injector.enabled | bool | `false` |  |
-| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
-| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
-| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
-| vault.server.dev.devRootToken | string | `"root"` |  |
-| vault.server.dev.enabled | bool | `true` |  |
-| vault.server.postStart | string | `nil` |  |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
diff --git a/charts/agent-connector/templates/_helpers.tpl b/charts/agent-connector/templates/_helpers.tpl
deleted file mode 100644
index 8e0a20ae..00000000
--- a/charts/agent-connector/templates/_helpers.tpl
+++ /dev/null
@@ -1,199 +0,0 @@
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "txdc.name" -}}
-{{- default .Chart.Name .Values.nameOverride | replace "+" "_"  | trunc 63 | trimSuffix "-" -}}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "txdc.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "txdc.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Control Common labels
-*/}}
-{{- define "txdc.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Control Common labels
-*/}}
-{{- define "txdc.controlplane.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" . }}
-{{ include "txdc.controlplane.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/component: edc-controlplane
-app.kubernetes.io/part-of: edc
-{{- end }}
-
-{{/*
-Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
-*/}}
-{{- define "txdc.dataplane.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" .root }}
-{{ include "txdc.dataplane.selectorLabels" . }}
-{{- if .root.Chart.AppVersion }}
-app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .root.Release.Service }}
-app.kubernetes.io/component: edc-dataplane
-app.kubernetes.io/part-of: edc
-{{- end }}
-
-{{/*
-Control Selector labels
-*/}}
-{{- define "txdc.controlplane.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane
-app.kubernetes.io/instance: {{ .Release.Name }}-controlplane
-{{- end }}
-
-{{/*
-Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
-*/}}
-{{- define "txdc.dataplane.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }}
-app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "txdc.controlplane.serviceaccount.name" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "txdc.dataplane.serviceaccount.name" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Control DSP URL
-*/}}
-{{- define "txdc.controlplane.url.protocol" -}}
-{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}}
-{{- .Values.controlplane.url.protocol }}
-{{- else }}{{/* else when dsp api url has not been specified explicitly */}}
-{{- with (index .Values.controlplane.ingresses 0) }}
-{{- if .enabled }}{{/* if ingress enabled */}}
-{{- if .tls.enabled }}{{/* if TLS enabled */}}
-{{- printf "https://%s" .hostname -}}
-{{- else }}{{/* else when TLS not enabled */}}
-{{- printf "http://%s" .hostname -}}
-{{- end }}{{/* end if tls */}}
-{{- else }}{{/* else when ingress not enabled */}}
-{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
-{{- end }}{{/* end if ingress */}}
-{{- end }}{{/* end with ingress */}}
-{{- end }}{{/* end if .Values.controlplane.url.protocol */}}
-{{- end }}
-
-{{/*
-Validation URL
-*/}}
-{{- define "txdc.controlplane.url.validation" -}}
-{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}}
-{{- end }}
-
-{{/*
-Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
-*/}}
-{{- define "txdc.dataplane.url.control" -}}
-{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}}
-{{- end }}
-
-{{/*
-Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
-*/}}
-{{- define "txdc.dataplane.url.public" -}}
-{{- $dataplane := .dataplane -}}
-{{- $root := .root -}}
-{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}}
-{{- .dataplane.url.public }}
-{{- else }}{{/* else when public api url has not been specified explicitly */}}
-{{- with (index .dataplane.ingresses 0) }}
-{{- if .enabled }}{{/* if ingress enabled */}}
-{{- if .tls.enabled }}{{/* if TLS enabled */}}
-{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}}
-{{- else }}{{/* else when TLS not enabled */}}
-{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}}
-{{- end }}{{/* end if tls */}}
-{{- else }}{{/* else when ingress not enabled */}}
-{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}}
-{{- end }}{{/* end if ingress */}}
-{{- end }}{{/* end with ingress */}}
-{{- end }}{{/* end if .url.public */}}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "txdc.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector/templates/configmap-controlplane.yaml b/charts/agent-connector/templates/configmap-controlplane.yaml
deleted file mode 100644
index d69e0de8..00000000
--- a/charts/agent-connector/templates/configmap-controlplane.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  namespace: {{ .Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-data:
-  opentelemetry.properties: |-
-    {{- .Values.controlplane.opentelemetry | nindent 4 }}
-
-  logging.properties: |-
-    {{- .Values.controlplane.logging | nindent 4 }}
diff --git a/charts/agent-connector/templates/deployment-controlplane.yaml b/charts/agent-connector/templates/deployment-controlplane.yaml
deleted file mode 100644
index 45d94c86..00000000
--- a/charts/agent-connector/templates/deployment-controlplane.yaml
+++ /dev/null
@@ -1,366 +0,0 @@
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.controlplane.autoscaling.enabled }}
-  replicas: {{ .Values.controlplane.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.controlplane.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }}
-        {{- with .Values.controlplane.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "txdc.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
-      initContainers:
-        {{- toYaml .Values.controlplane.initContainers | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.controlplane.securityContext | nindent 12 }}
-
-          # either use the specified image, or use the default one
-          {{- if .Values.controlplane.image.repository }}
-          image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default "0.5.1" }}"
-          {{- else }}
-          image: "tractusx/edc-controlplane-postgresql-hashicorp-vault:{{ .Values.controlplane.image.tag | default "0.5.1" }}"
-          {{- end }}
-          imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }}
-          ports:
-          {{- range $key,$value := .Values.controlplane.endpoints }}
-            - name: {{ $key }}
-              containerPort: {{ $value.port }}
-              protocol: TCP
-          {{- end }}
-          {{- if .Values.controlplane.livenessProbe.enabled }}
-          livenessProbe:
-            httpGet:
-              path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness
-              port: {{ .Values.controlplane.endpoints.default.port }}
-            initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }}
-            successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }}
-          {{- end }}
-          {{- if .Values.controlplane.readinessProbe.enabled }}
-          readinessProbe:
-            httpGet:
-              path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness
-              port: {{ .Values.controlplane.endpoints.default.port }}
-            initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }}
-            failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }}
-            successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }}
-          {{- end }}
-          resources:
-            {{- toYaml .Values.controlplane.resources | nindent 12 }}
-          env:
-          {{- if .Values.controlplane.debug.enabled }}
-            - name: "JAVA_TOOL_OPTIONS"
-            {{- if .Values.controlplane.debug.suspendOnStart }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }}
-            {{- else }}
-              value: >-
-                {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }}
-            {{- end }}
-          {{- end }}
-
-            ########################
-            ## ID CONFIGURATION ##
-            ########################
-            - name: EDC_PARTICIPANT_ID
-              value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
-
-            ##########################
-            # SSI / MIW CONFIGURATION
-            ##########################
-            - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.controlplane.ssi.miw.url | quote }}
-            - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.controlplane.ssi.miw.authorityId | quote }}
-            - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.controlplane.ssi.oauth.client.id | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }}
-            - name: "TX_SSI_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-
-            #######
-            # API #
-            #######
-            - name: "EDC_API_AUTH_KEY"
-              value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }}
-            - name: "WEB_HTTP_DEFAULT_PORT"
-              value: {{ .Values.controlplane.endpoints.default.port | quote }}
-            - name: "WEB_HTTP_DEFAULT_PATH"
-              value: {{ .Values.controlplane.endpoints.default.path | quote }}
-            - name: "WEB_HTTP_MANAGEMENT_PORT"
-              value: {{ .Values.controlplane.endpoints.management.port | quote }}
-            - name: "WEB_HTTP_MANAGEMENT_PATH"
-              value: {{ .Values.controlplane.endpoints.management.path | quote }}
-            - name: "WEB_HTTP_CONTROL_PORT"
-              value: {{ .Values.controlplane.endpoints.control.port | quote }}
-            - name: "WEB_HTTP_CONTROL_PATH"
-              value: {{ .Values.controlplane.endpoints.control.path | quote }}
-            - name: "WEB_HTTP_PROTOCOL_PORT"
-              value: {{ .Values.controlplane.endpoints.protocol.port | quote }}
-            - name: "WEB_HTTP_PROTOCOL_PATH"
-              value: {{ .Values.controlplane.endpoints.protocol.path | quote }}
-
-            #########
-            ## DSP ##
-            #########
-
-            - name: "EDC_DSP_CALLBACK_ADDRESS"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-            - name: "EDC_OAUTH_PROVIDER_AUDIENCE"
-              value: "idsc:IDS_CONNECTORS_ALL"
-            - name: "EDC_OAUTH_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }}
-
-            ################
-            ## POSTGRESQL ##
-            ################
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/asset-index-sql
-            - name: "EDC_DATASOURCE_ASSET_NAME"
-              value: "asset"
-            - name: "EDC_DATASOURCE_ASSET_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_ASSET_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_ASSET_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-definition-store-sql
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_NAME"
-              value: "contractdefinition"
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTDEFINITION_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-negotiation-store-sql
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME"
-              value: "contractnegotiation"
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/policy-store-sql
-            - name: "EDC_DATASOURCE_POLICY_NAME"
-              value: "policy"
-            - name: "EDC_DATASOURCE_POLICY_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_POLICY_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_POLICY_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/transfer-process-store-sql
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_NAME"
-              value: "transferprocess"
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql
-            - name: "EDC_DATASOURCE_EDR_NAME"
-              value: "edr"
-            - name: "EDC_DATASOURCE_EDR_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_EDR_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_EDR_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
-            ################
-            ## DATA PLANE ##
-            ################
-
-          {{- range $dataplane_name, $dataplane := .Values.dataplanes }}
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_URL" (upper $dataplane.name) | quote }}
-              value: {{ include "txdc.dataplane.url.control" (dict "dataplane" $dataplane "root" $) }}/transfer
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_SOURCETYPES" (upper $dataplane.name) | quote }}
-              value: {{ $dataplane.sourceTypes }}
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_DESTINATIONTYPES" (upper $dataplane.name) | quote }}
-              value: {{ $dataplane.destinationTypes }}
-            - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_PROPERTIES" (upper $dataplane.name) | quote }}
-              value: |-
-                {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" (dict "dataplane" $dataplane "root" $)) }}
-          {{- end }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer
-            - name: "EDC_TRANSFER_PROXY_ENDPOINT"
-              value: {{ include "txdc.dataplane.url.public" (dict "dataplane" .Values.dataplanes.dataplane "root" $) }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }}
-            {{- end }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }}
-            {{- end }}
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver
-            {{- if .Values.backendService.httpProxyTokenReceiverUrl }}
-            - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT"
-              value: {{ .Values.backendService.httpProxyTokenReceiverUrl | quote }}
-            {{- end }}
-
-            ###########
-            ## VAULT ##
-            ###########
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault
-            - name: "EDC_VAULT_HASHICORP_URL"
-              value: {{ tpl .Values.vault.hashicorp.url . | quote }}
-            - name: "EDC_VAULT_HASHICORP_TOKEN"
-              value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }}
-            - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS"
-              value: {{ .Values.vault.hashicorp.timeout | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED"
-              value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK"
-              value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH"
-              value: {{ .Values.vault.hashicorp.paths.secret | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
-              value: {{ .Values.vault.hashicorp.paths.health | quote }}
-
-            #####################
-            ## DATA ENCRYPTION ##
-            #####################
-
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/data-encryption
-            - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }}
-            - name: "EDC_DATA_ENCRYPTION_ALGORITHM"
-              value: "AES"
-
-            ###########################
-            ## AAS WRAPPER EXTENSION ##
-            ###########################
-            - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER"
-              value: "0"
-            - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT"
-              value: "0"
-
-            ###########################
-            ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ##
-            ###########################
-            - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION"
-              value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }}
-
-            ######################################
-            ## Additional environment variables ##
-            ######################################
-            - name: "EDC_CONNECTOR_NAME"
-              value: {{ include "txdc.fullname" .}}-controlplane
-          {{- range $key, $value := .Values.controlplane.envValueFrom }}
-            - name: {{ $key | quote }}
-              valueFrom:
-                {{- tpl (toYaml $value) $ | nindent 16 }}
-          {{- end }}
-          {{- range $key, $value := .Values.controlplane.env }}
-            - name: {{ $key | quote }}
-              value: {{ $value | quote }}
-          {{- end }}
-          {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }}
-          envFrom:
-          {{- range $value := .Values.controlplane.envSecretNames }}
-            - secretRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- range $value := .Values.controlplane.envConfigMapNames }}
-            - configMapRef:
-                name: {{ $value | quote }}
-          {{- end }}
-          {{- end }}
-          volumeMounts:
-            - name: "configuration"
-              mountPath: "/app/opentelemetry.properties"
-              subPath: "opentelemetry.properties"
-            - name: "configuration"
-              mountPath: "/app/logging.properties"
-              subPath: "logging.properties"
-            - name: "tmp"
-              mountPath: "/tmp"
-      volumes:
-        - name: "configuration"
-          configMap:
-            name: {{ include "txdc.fullname" . }}-controlplane
-            items:
-              - key: "opentelemetry.properties"
-                path: "opentelemetry.properties"
-              - key: "logging.properties"
-                path: "logging.properties"
-        - name: "tmp"
-          emptyDir: { }
-      {{- with .Values.controlplane.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controlplane.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.controlplane.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/charts/agent-connector/templates/hpa-controlplane.yaml b/charts/agent-connector/templates/hpa-controlplane.yaml
deleted file mode 100644
index 50c1dbb5..00000000
--- a/charts/agent-connector/templates/hpa-controlplane.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-{{- if .Values.controlplane.autoscaling.enabled }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: autoscaling/v2beta1
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "txdc.fullname" . }}-controlplane
-  minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}
diff --git a/charts/agent-connector/templates/ingress-controlplane.yaml b/charts/agent-connector/templates/ingress-controlplane.yaml
deleted file mode 100644
index 47806a8d..00000000
--- a/charts/agent-connector/templates/ingress-controlplane.yaml
+++ /dev/null
@@ -1,99 +0,0 @@
-{{- $fullName := include "txdc.fullname" . }}
-{{- $controlLabels := include "txdc.controlplane.labels" . }}
-{{- $controlEdcEndpoints := .Values.controlplane.endpoints }}
-{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
-{{- $namespace := .Release.Namespace }}
-
-{{- range .Values.controlplane.ingresses }}
-{{- if and .enabled .endpoints }}
-{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }}
-{{- $annotations := .annotations | default dict }}
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- if semverCompare ">=1.19-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" $gitVersion }}
-apiVersion: networking.k8s.io/v1beta1
-{{- else }}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $controlIngressName }}
-  namespace: {{ $namespace | default "default" | quote }}
-  labels:
-    {{- $controlLabels | nindent 4 }}
-  annotations:
-    {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }}
-    {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }}
-    {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}}
-    {{- end }}
-    {{- end }}
-    {{- if .certManager }}
-    {{- if .certManager.issuer }}
-    {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}}
-    {{- end }}
-    {{- if .certManager.clusterIssuer }}
-    {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}}
-    {{- end }}
-    {{- end }}
-    {{- with $annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }}
-  ingressClassName: {{ .className }}
-  {{- end }}
-  {{- if .hostname }}
-  {{- if .tls.enabled }}
-  tls:
-    - hosts:
-        - {{ .hostname }}
-      {{- if .tls.secretName }}
-      secretName: {{ .tls.secretName }}
-      {{- else }}
-      secretName: {{ $controlIngressName }}-tls
-      {{- end }}
-  {{- end }}
-  rules:
-    - host: {{ .hostname }}
-      http:
-        paths:
-          {{- $ingressEdcEndpoints := .endpoints }}
-          {{- range  $name, $mapping := $controlEdcEndpoints }}
-          {{- if (has $name $ingressEdcEndpoints) }}
-          - path: {{ $mapping.path }}
-            pathType: Prefix
-            backend:
-              {{- if semverCompare ">=1.19-0" $gitVersion }}
-              service:
-                name: {{ $fullName }}-controlplane
-                port:
-                  number: {{ $mapping.port }}
-              {{- else }}
-              {{- end }}
-        {{- end }}
-  {{- end }}
-  {{- end }}
-{{- end }}{{- /* end: if .enabled */}}
-{{- end }}{{- /* end: range .Values.ingresses */}}
diff --git a/charts/agent-connector/templates/networkpolicy.yaml b/charts/agent-connector/templates/networkpolicy.yaml
deleted file mode 100644
index 05b59029..00000000
--- a/charts/agent-connector/templates/networkpolicy.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-{{- if eq (.Values.networkPolicy.enabled | toString) "true" }}
-{{- range tuple "controlplane" "dataplane" }}
-{{- $name := . }}
----
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ include "txdc.fullname" $ }}-{{ $name }}
-  labels:
-    {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }}
-spec:
-  podSelector:
-    matchLabels:
-      {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }}
-  ingress:
-    - from:
-      {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }}
-      ports:
-      {{- range $key,$value := (index $.Values $name "endpoints") }}
-        - port: {{ $value.port }}
-          protocol: TCP
-      {{- end }}
-  policyTypes:
-    - Ingress
----
-{{- end }}
-{{- end }}
diff --git a/charts/agent-connector/templates/service-controlplane.yaml b/charts/agent-connector/templates/service-controlplane.yaml
deleted file mode 100644
index e993b46d..00000000
--- a/charts/agent-connector/templates/service-controlplane.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-#
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "txdc.fullname" . }}-controlplane
-  namespace: {{ .Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.controlplane.service.type }}
-  ports:
-    - port: {{ .Values.controlplane.endpoints.default.port }}
-      targetPort: default
-      protocol: TCP
-      name: default
-    - port: {{ .Values.controlplane.endpoints.control.port }}
-      targetPort: control
-      protocol: TCP
-      name: control
-    - port: {{ .Values.controlplane.endpoints.management.port }}
-      targetPort: management
-      protocol: TCP
-      name: management
-    - port: {{ .Values.controlplane.endpoints.protocol.port }}
-      targetPort: protocol
-      protocol: TCP
-      name: protocol
-    - port: {{ .Values.controlplane.endpoints.metrics.port }}
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
-  selector:
-    {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }}
diff --git a/charts/agent-connector/templates/service-dataplane.yaml b/charts/agent-connector/templates/service-dataplane.yaml
deleted file mode 100644
index 71619f89..00000000
--- a/charts/agent-connector/templates/service-dataplane.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
----
-#
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
-  namespace: {{ $root.Release.Namespace | default "default" | quote }}
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-spec:
-  type: {{ $dataplane.service.type }}
-  ports:
-    - port: {{ $dataplane.endpoints.default.port }}
-      targetPort: default
-      protocol: TCP
-      name: default
-    - port: {{ $dataplane.endpoints.control.port }}
-      targetPort: control
-      protocol: TCP
-      name: control
-    - port: {{ $dataplane.endpoints.public.port }}
-      targetPort: public
-      protocol: TCP
-      name: public
-    - port: {{ $dataplane.endpoints.metrics.port }}
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
-    - port: {{ $dataplane.endpoints.proxy.port }}
-      targetPort: proxy
-      protocol: TCP
-      name: proxy
-  {{- if $dataplane.endpoints.callback }}
-    - port: {{ $dataplane.endpoints.callback.port }}
-      targetPort: callback
-      protocol: TCP
-      name: callback
-  {{- end }}
-  selector:
-    {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector/templates/tests/test-dataplane-readiness.yaml b/charts/agent-connector/templates/tests/test-dataplane-readiness.yaml
deleted file mode 100644
index 2147c743..00000000
--- a/charts/agent-connector/templates/tests/test-dataplane-readiness.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-{{- $root := . -}}
-{{- $allcommands := (dict "commands" (list)) -}}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes -}}
-{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path  | append $allcommands.commands | set $allcommands "commands" -}}
-{{- end }}
-
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{include "txdc.fullname" .}}test-dataplane-readiness"
-  labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" .Values.dataplanes.dataplane "root" $root) | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-    "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }}
-spec:
-  containers:
-    - name: wget
-      image: curlimages/curl
-      command: [ '/bin/sh','-c' ]
-      args: [ {{ join "&&" $allcommands.commands | quote }} ]
-  restartPolicy: Never
diff --git a/charts/agent-connector/values.yaml b/charts/agent-connector/values.yaml
deleted file mode 100644
index a74346e6..00000000
--- a/charts/agent-connector/values.yaml
+++ /dev/null
@@ -1,636 +0,0 @@
----
-#
-#  Copyright (c) 2023,2024 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-# Default values for agent-connector.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-install:
-  postgresql: false
-  vault: false
-fullnameOverride: ""
-nameOverride: ""
-# -- Image registry to use
-imageRegistry: docker.io/
-# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
-imagePullSecrets: []
-# -- To add some custom labels
-customLabels: {}
-
-participant:
-  # -- BPN Number
-  id: ""
-
-controlplane:
-  image:
-    # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically
-    repository: ""
-    # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
-    pullPolicy: IfNotPresent
-    # -- Overrides the image tag whose default is the chart appVersion
-    tag: ""
-  initContainers: []
-  debug:
-    enabled: false
-    port: 1044
-    suspendOnStart: false
-  livenessProbe:
-    # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-    enabled: true
-    # -- seconds to wait before performing the first liveness check
-    initialDelaySeconds: 30
-    # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-    periodSeconds: 10
-    # -- number of seconds after which the probe times out
-    timeoutSeconds: 5
-    # -- when a probe fails kubernetes will try 6 times before giving up
-    failureThreshold: 6
-    # -- number of consecutive successes for the probe to be considered successful after having failed
-    successThreshold: 1
-  readinessProbe:
-    # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-    enabled: true
-    # -- seconds to wait before performing the first readiness check
-    initialDelaySeconds: 30
-    # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds
-    periodSeconds: 10
-    # -- number of seconds after which the probe times out
-    timeoutSeconds: 5
-    # -- when a probe fails kubernetes will try 6 times before giving up
-    failureThreshold: 6
-    # -- number of consecutive successes for the probe to be considered successful after having failed
-    successThreshold: 1
-  # -- endpoints of the control plane
-  endpoints:
-    # -- default api for health checks, should not be added to any ingress
-    default:
-      # -- port for incoming api calls
-      port: 8080
-      # -- path for incoming api calls
-      path: /api
-    # -- data management api, used by internal users, can be added to an ingress and must not be internet facing
-    management:
-      # -- port for incoming api calls
-      port: 8081
-      # -- path for incoming api calls
-      path: /management
-      # -- authentication key, must be attached to each 'X-Api-Key' request header
-      authKey: ""
-    # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
-    control:
-      # -- port for incoming api calls
-      port: 8083
-      # -- path for incoming api calls
-      path: /control
-    # -- dsp api, used for inter connector communication and must be internet facing
-    protocol:
-      # -- port for incoming api calls
-      port: 8084
-      # -- path for incoming api calls
-      path: /api/v1/dsp
-    # -- metrics api, used for application metrics, must not be internet facing
-    metrics:
-      # -- port for incoming api calls
-      port: 9090
-      # -- path for incoming api calls
-      path: /metrics
-
-  businessPartnerValidation:
-    log:
-      agreementValidation: true
-
-  # SSI configuration
-  ssi:
-    miw:
-      # -- MIW URL
-      url: ""
-      # -- The BPN of the issuer authority
-      authorityId: ""
-    oauth:
-      # -- The URL (of KeyCloak), where access tokens can be obtained
-      tokenurl: ""
-      client:
-        # -- The client ID for KeyCloak
-        id: ""
-        # -- The alias under which the client secret is stored in the vault.
-        secretAlias: ""
-
-  service:
-    # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
-    type: ClusterIP
-    annotations: {}
-  # -- additional labels for the pod
-  podLabels: {}
-  # -- additional annotations for the pod
-  podAnnotations: {}
-  # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
-  podSecurityContext:
-    seccompProfile:
-      # -- Restrict a Container's Syscalls with seccomp
-      type: RuntimeDefault
-    # -- Runs all processes within a pod with a special uid
-    runAsUser: 10001
-    # -- Processes within a pod will belong to this guid
-    runAsGroup: 10001
-    # -- The owner for volumes and any files created within volumes will belong to this guid
-    fsGroup: 10001
-  # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
-  securityContext:
-    capabilities:
-      # -- Specifies which capabilities to drop to reduce syscall attack surface
-      drop:
-        - ALL
-      # -- Specifies which capabilities to add to issue specialized syscalls
-      add: []
-    # -- Whether the root filesystem is mounted in read-only mode
-    readOnlyRootFilesystem: true
-    # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
-    allowPrivilegeEscalation: false
-    # -- Requires the container to run without root privileges
-    runAsNonRoot: true
-    # -- The container's process will run with the specified uid
-    runAsUser: 10001
-  # Extra environment variables that will be pass onto deployment pods
-  env: {
-    EDC_JSONLD_HTTPS_ENABLED: "true"
-  }
-  #  ENV_NAME: value
-
-  # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
-  # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
-  envValueFrom: {}
-  #  ENV_NAME:
-  #    configMapKeyRef:
-  #      name: configmap-name
-  #      key: value_key
-  #    secretKeyRef:
-  #      name: secret-name
-  #      key: value_key
-
-  # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
-  envSecretNames: []
-  #  - first-secret
-  #  - second-secret
-
-  # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
-  envConfigMapNames: []
-  #  - first-config-map
-  #  - second-config-map
-
-  ## Ingress declaration to expose the network service.
-  ingresses:
-    ## Public / Internet facing Ingress
-    - enabled: false
-      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-      hostname: "edc-control.local"
-      # -- Additional ingress annotations to add
-      annotations: {}
-      # -- EDC endpoints exposed by this ingress resource
-      endpoints:
-        - protocol
-      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-      className: ""
-      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-      tls:
-        # -- Enables TLS on the ingress resource
-        enabled: false
-        # -- If present overwrites the default secret name
-        secretName: ""
-      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-      certManager:
-        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-        issuer: ""
-        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-        clusterIssuer: ""
-    ## Private / Intranet facing Ingress
-    - enabled: false
-      # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-      hostname: "edc-control.intranet"
-      # -- Additional ingress annotations to add
-      annotations: {}
-      # -- EDC endpoints exposed by this ingress resource
-      endpoints:
-        - management
-        - control
-      # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-      className: ""
-      # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-      tls:
-        # -- Enables TLS on the ingress resource
-        enabled: false
-        # -- If present overwrites the default secret name
-        secretName: ""
-      ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-      certManager:
-        # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-        issuer: ""
-        # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-        clusterIssuer: ""
-  # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
-  volumeMounts: []
-  # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
-  volumes: []
-  # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-  resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  limits:
-    cpu: 1.5
-    memory: 512Mi
-  requests:
-    cpu: 500m
-    memory: 128Mi
-  replicaCount: 1
-  autoscaling:
-    # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
-    enabled: false
-    # -- Minimal replicas if resource consumption falls below resource threshholds
-    minReplicas: 1
-    # -- Maximum replicas if resource consumption exceeds resource threshholds
-    maxReplicas: 100
-    # -- targetAverageUtilization of cpu provided to a pod
-    targetCPUUtilizationPercentage: 80
-    # -- targetAverageUtilization of memory provided to a pod
-    targetMemoryUtilizationPercentage: 80
-  # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
-  opentelemetry: |-
-    otel.javaagent.enabled=false
-    otel.javaagent.debug=false
-  # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
-  logging: |-
-    .level=INFO
-    org.eclipse.edc.level=ALL
-    handlers=java.util.logging.ConsoleHandler
-    java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-    java.util.logging.ConsoleHandler.level=ALL
-    java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-  # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
-  nodeSelector: {}
-  # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
-  tolerations: []
-  # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
-  affinity: {}
-  url:
-    # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used)
-    protocol: ""
-dataplanes:
-  dataplane:
-    # -- the name of the dataplane
-    name: "agentplane"
-    # -- a comma-separated list of supported asset types
-    sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"
-    # -- a comma-separated list of supported transfer types
-    destinationTypes: "HttpProxy,AmazonS3"
-    image:
-      # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically
-      repository: ""
-      # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
-      pullPolicy: IfNotPresent
-      # -- Overrides the image tag whose default is the chart appVersion
-      tag: ""
-    initContainers: []
-    debug:
-      enabled: false
-      port: 1044
-      suspendOnStart: false
-    livenessProbe:
-      # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-      enabled: true
-      # -- seconds to wait before performing the first liveness check
-      initialDelaySeconds: 30
-      # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-      periodSeconds: 10
-      # -- number of seconds after which the probe times out
-      timeoutSeconds: 5
-      # -- when a probe fails kubernetes will try 6 times before giving up
-      failureThreshold: 6
-      # -- number of consecutive successes for the probe to be considered successful after having failed
-      successThreshold: 1
-    readinessProbe:
-      # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-      enabled: true
-      # -- seconds to wait before performing the first readiness check
-      initialDelaySeconds: 30
-      # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
-      periodSeconds: 10
-      # -- number of seconds after which the probe times out
-      timeoutSeconds: 5
-      # -- when a probe fails kubernetes will try 6 times before giving up
-      failureThreshold: 6
-      # -- number of consecutive successes for the probe to be considered successful after having failed
-      successThreshold: 1
-    service:
-      # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
-      type: ClusterIP
-      port: 80
-    endpoints:
-      default:
-        port: 8080
-        path: /api
-      public:
-        port: 8081
-        path: /api/public
-      control:
-        port: 8083
-        path: /api/dataplane/control
-      proxy:
-        port: 8186
-        path: /proxy
-      callback:
-        port: 8087
-        path: /callback
-      metrics:
-        port: 9090
-        path: /metrics
-    # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
-    auth:
-      # -- the default authentication service
-      default:
-        # -- the type of the default authentication service (api-key, jwt or composite)
-        type: api-key
-        # -- the context(s) of the default authentication service separated by commas
-        context: default
-        # -- excluded paths for liveness checks and validation
-        exclude: ".*/(check|validation).*"
-        # -- controls whether this service should be registered as the default EDC authentication service globally
-        register: false
-        # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart.
-        apiCode: "69609650"
-        # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead
-        vaultKey:
-        # -- public key for checking the validity of jwt tokens, set this when type=jwt
-        publicKey:
-        # -- controls whether the expiry date of jwt tokens is checked when type=jwt
-        checkExpiry: true
-    aws:
-      endpointOverride: ""
-      accessKeyId: ""
-      secretAccessKey: ""
-    # -- additional labels for the pod
-    podLabels: {}
-    # -- additional annotations for the pod
-    podAnnotations: {}
-    # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
-    podSecurityContext:
-      seccompProfile:
-        # -- Restrict a Container's Syscalls with seccomp
-        type: RuntimeDefault
-      # -- Runs all processes within a pod with a special uid
-      runAsUser: 10001
-      # -- Processes within a pod will belong to this guid
-      runAsGroup: 10001
-      # -- The owner for volumes and any files created within volumes will belong to this guid
-      fsGroup: 10001
-    # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
-    securityContext:
-      capabilities:
-        # -- Specifies which capabilities to drop to reduce syscall attack surface
-        drop:
-          - ALL
-        # -- Specifies which capabilities to add to issue specialized syscalls
-        add: []
-      # -- Whether the root filesystem is mounted in read-only mode
-      readOnlyRootFilesystem: true
-      # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
-      allowPrivilegeEscalation: false
-      # -- Requires the container to run without root privileges
-      runAsNonRoot: true
-      # -- The container's process will run with the specified uid
-      runAsUser: 10001
-    # Extra environment variables that will be pass onto deployment pods
-    env: {}
-    #  ENV_NAME: value
-
-    # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
-    # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
-    envValueFrom: {}
-    #  ENV_NAME:
-    #    configMapKeyRef:
-    #      name: configmap-name
-    #      key: value_key
-    #    secretKeyRef:
-    #      name: secret-name
-    #      key: value_key
-
-    # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
-    envSecretNames: []
-    #  - first-secret
-    #  - second-secret
-
-    # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
-    envConfigMapNames: []
-    #  - first-config-map
-    #  - second-config-map
-
-    ## Ingress declaration to expose the network service.
-    ingresses:
-      ## Public / Internet facing Ingress
-      - enabled: false
-        # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-        hostname: "edc-data.local"
-        # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"}
-        annotations:
-            # Sample settings for more demanding use cases
-            # nginx.org/proxy-connect-timeout: "30s"
-            # nginx.org/proxy-read-timeout: "360s"
-            # nginx.org/client-max-body-size: "10m"
-        # -- EDC endpoints exposed by this ingress resource
-        endpoints:
-          - public
-        # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
-        className: ""
-        # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
-        tls:
-          # -- Enables TLS on the ingress resource
-          enabled: false
-          # -- If present overwrites the default secret name
-          secretName: ""
-        ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
-        certManager:
-          # -- If preset enables certificate generation via cert-manager namespace scoped issuer
-          issuer: ""
-          # -- If preset enables certificate generation via cert-manager cluster-wide issuer
-          clusterIssuer: ""
-    # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
-    volumeMounts: []
-    # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
-    volumes: []
-    # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-    resources: {}
-    # We usually recommend not to specify default resources and to leave this as a conscious
-    # choice for the user. This also increases chances charts run on environments with little
-    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    limits:
-      cpu: 1.5
-      memory: 1024Mi
-    requests:
-      cpu: 500m
-      memory: 128Mi
-    replicaCount: 1
-    autoscaling:
-      # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
-      enabled: false
-      # -- Minimal replicas if resource consumption falls below resource threshholds
-      minReplicas: 1
-      # -- Maximum replicas if resource consumption exceeds resource threshholds
-      maxReplicas: 100
-      # -- targetAverageUtilization of cpu provided to a pod
-      targetCPUUtilizationPercentage: 80
-      # -- targetAverageUtilization of memory provided to a pod
-      targetMemoryUtilizationPercentage: 80
-    # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
-    opentelemetry: |-
-      otel.javaagent.enabled=false
-      otel.javaagent.debug=false
-    # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
-    logging: |-
-      .level=INFO
-      org.eclipse.edc.level=ALL
-      handlers=java.util.logging.ConsoleHandler
-      java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
-      java.util.logging.ConsoleHandler.level=ALL
-      java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
-    # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
-    nodeSelector: {}
-    # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
-    tolerations: []
-    # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
-    affinity: {}
-    url:
-      # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
-      public: ""
-    # -- A set of additional configuration files
-    configs:
-      # -- An example of an empty graph in ttl syntax
-      dataspace.ttl: |
-        #################################################################
-        # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT
-        #################################################################
-        @prefix : <GraphAsset?local=Dataspace> .
-        @base <GraphAsset?local=Dataspace> .
-    # -- Agent-Specific Settings
-    agent:
-      # -- Refers to an external matchmaking agent, set to a url string
-      matchmaking: {}
-      # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
-      default:
-        - dataspace.ttl
-        - https://w3id.org/catenax/ontology.ttl
-      # -- The synchronization interval in ms to update the federated data catalogue
-      synchronization: -1
-      # -- The list of remote connector IDS URLs to synchronize with
-      connectors: []
-      # -- Names the visible contract under which new skills are published (if not otherwise specified)
-      skillcontract: Contract?partner=Skill
-      # -- Sets the maximal batch size when delegating to agents and services
-      maxbatchsize: '9223372036854775807'
-      # -- A set of configs for regulating outgoing service calls
-      services:
-        # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
-        allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)'
-        # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
-        deny: 'http://.*'
-        # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given)
-        asset:
-          # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
-          allow: '(edcs?://.*)'
-          # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
-          deny: 'https?://.*'
-
-# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
-postgresql:
-  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
-  primary:
-    persistence:
-      enabled: false
-  readReplicas:
-    persistence:
-      enabled: false
-  auth:
-    database: "edc"
-    username: "user"
-    password: "password"
-vault:
-  injector:
-    enabled: false
-  server:
-    dev:
-      enabled: true
-      devRootToken: "root"
-    postStart:    # must be set externally!
-  hashicorp:
-    # -- URL to the vault service, needs to be changed if install.vault=false
-    url: "http://{{ .Release.Name }}-vault:8200"
-    # -- Access token to the vault service needs to be changed if install.vault=false
-    token: ""
-    timeout: 30
-    healthCheck:
-      enabled: true
-      standbyOk: true
-    paths:
-      # -- Path to secrets needs to be changed if install.vault=false
-      secret: /v1/secret
-      # -- Default health api
-      health: /v1/sys/health
-  secretNames:
-    # -- sign handed out tokens with this key
-    transferProxyTokenSignerPrivateKey:
-    # -- sign handed out tokens with this certificate
-    transferProxyTokenSignerPublicKey:
-    # -- encrypt handed out tokens with this symmetric key
-    transferProxyTokenEncryptionAesKey:
-backendService:
-  httpProxyTokenReceiverUrl: ""
-
-networkPolicy:
-  # -- If `true` network policy will be created to restrict access to control- and dataplane
-  enabled: false
-  # -- Configuration of the controlplane component
-  controlplane:
-    # -- Specify from rule network policy for cp (defaults to all namespaces)
-    from:
-      - namespaceSelector: {}
-  # -- Configuration of the dataplane component
-  dataplane:
-    # -- Specify from rule network policy for dp (defaults to all namespaces)
-    from:
-      - namespaceSelector: {}
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-  # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
-  imagePullSecrets: []
-
-# -- Configurations for Helm tests
-tests:
-  # -- Configure the hook-delete-policy for Helm tests
-  hookDeletePolicy: before-hook-creation,hook-succeeded
diff --git a/charts/agent-connector-azure-vault/.helmignore b/charts/agent-plane-azure-vault/.helmignore
similarity index 94%
rename from charts/agent-connector-azure-vault/.helmignore
rename to charts/agent-plane-azure-vault/.helmignore
index 9a12504f..49603135 100644
--- a/charts/agent-connector-azure-vault/.helmignore
+++ b/charts/agent-plane-azure-vault/.helmignore
@@ -1,4 +1,4 @@
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
diff --git a/charts/agent-connector-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml
similarity index 73%
rename from charts/agent-connector-azure-vault/Chart.yaml
rename to charts/agent-plane-azure-vault/Chart.yaml
index 1684030f..b979c33a 100644
--- a/charts/agent-connector-azure-vault/Chart.yaml
+++ b/charts/agent-plane-azure-vault/Chart.yaml
@@ -3,7 +3,7 @@
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -23,13 +23,12 @@
 
 ---
 apiVersion: v2
-name: agent-connector-azure-vault
+name: agent-plane-azure-vault
 description: |
-  A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector configured against Azure Vault. This is a variant of [the Tractus-X Azure Vault Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-azure-vault) which allows
-  to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
-  Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included.
+  A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running
+  Control Plane.
 
-  This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault.
+  This chart is intended for use with an _existing_ Azure Vault and Tractusx Connector.
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -42,12 +41,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.12.18-SNAPSHOT
+version: 1.12.19-SNAPSHOT
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.12.18-SNAPSHOT"
+appVersion: "1.12.19-SNAPSHOT"
 home: https://github.com/eclipse-tractusx/knowledge-agents-edc/
 sources:
   - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector
@@ -55,7 +54,7 @@ dependencies:
   # PostgreSQL
   - name: postgresql
     alias: postgresql
-    version: 12.1.6
+    version: "15.2.1"
     repository: https://charts.bitnami.com/bitnami
     condition: install.postgresql
 maintainers:
diff --git a/charts/agent-connector-azure-vault/LICENSE b/charts/agent-plane-azure-vault/LICENSE
similarity index 100%
rename from charts/agent-connector-azure-vault/LICENSE
rename to charts/agent-plane-azure-vault/LICENSE
diff --git a/charts/agent-plane-azure-vault/README.md b/charts/agent-plane-azure-vault/README.md
new file mode 100644
index 00000000..085d6511
--- /dev/null
+++ b/charts/agent-plane-azure-vault/README.md
@@ -0,0 +1,239 @@
+<!--
+ * Copyright (c) 2024 T-Systems International GmbH
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+
+-->
+
+# agent-plane-azure-vault
+
+![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square)
+
+A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running
+Control Plane.
+
+This chart is intended for use with an _existing_ Azure Vault and Tractusx Connector.
+
+**Homepage:** <https://github.com/eclipse-tractusx/knowledge-agents-edc/>
+
+## Setting up the Agent Planes
+
+Make sure to adapt the Agent Plane's application-facing endpoint security:
+- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt)
+- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key
+- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault
+- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found
+- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true)
+
+Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. 
+- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata.
+- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties.
+- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors.
+- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists.
+
+Be sure to adapt the agent configuration
+- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors.
+- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets.
+- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues.
+- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue.
+
+### Launching the application
+
+As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml)
+to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually.
+Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
+
+```shell
+helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
+helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT
+```
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Tractus-X Knowledge Agents Team |  |  |
+
+## Source Code
+
+* <https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
+| agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with |
+| agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
+| agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services |
+| agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls |
+| agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
+| agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) |
+| agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
+| agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
+| agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
+| agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) |
+| agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue |
+| auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries |
+| auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service |
+| auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. |
+| auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt |
+| auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas |
+| auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation |
+| auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt |
+| auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally |
+| auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) |
+| auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead |
+| autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
+| autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
+| autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
+| aws.accessKeyId | string | `""` |  |
+| aws.endpointOverride | string | `""` |  |
+| aws.secretAccessKey | string | `""` |  |
+| configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
+| configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
+| connector | string | `""` | Name of the connector deployment |
+| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment |
+| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
+| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
+| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
+| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
+| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
+| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
+| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
+| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
+| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
+| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
+| customLabels | object | `{}` | To add some custom labels |
+| debug.enabled | bool | `false` |  |
+| debug.port | int | `1044` |  |
+| debug.suspendOnStart | bool | `false` |  |
+| destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
+| endpoints.callback.path | string | `"/callback"` |  |
+| endpoints.callback.port | int | `8087` |  |
+| endpoints.default.path | string | `"/api"` |  |
+| endpoints.default.port | int | `8080` |  |
+| endpoints.public.path | string | `"/api/public"` |  |
+| endpoints.public.port | int | `8081` |  |
+| endpoints.signaling.path | string | `"/api/signaling"` |  |
+| endpoints.signaling.port | int | `8083` |  |
+| env | object | `{}` |  |
+| envConfigMapNames | list | `[]` |  |
+| envSecretNames | list | `[]` |  |
+| envValueFrom | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| iatp.id | string | `"did:web:changeme"` |  |
+| iatp.sts.dim.url | string | `nil` |  |
+| iatp.sts.oauth.client.id | string | `nil` |  |
+| iatp.sts.oauth.client.secret_alias | string | `nil` |  |
+| iatp.sts.oauth.token_url | string | `nil` |  |
+| iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime |
+| image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
+| image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
+| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
+| imageRegistry | string | `"docker.io/"` | Image registry to use |
+| ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} |
+| ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
+| ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
+| ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
+| ingresses[0].enabled | bool | `false` |  |
+| ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource |
+| ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
+| ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
+| ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
+| ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
+| initContainers | list | `[]` |  |
+| install.postgresql | bool | `false` |  |
+| install.vault | bool | `false` |  |
+| limits.cpu | float | `1.5` |  |
+| limits.memory | string | `"1024Mi"` |  |
+| livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
+| livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
+| livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
+| livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
+| livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
+| logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
+| name | string | `"agentplane"` | the name of the dataplane |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
+| participant.id | string | `""` | BPN Number |
+| podAnnotations | object | `{}` | additional annotations for the pod |
+| podLabels | object | `{}` | additional labels for the pod |
+| podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
+| podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
+| podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
+| podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
+| postgresql.auth.database | string | `"edc"` |  |
+| postgresql.auth.password | string | `"password"` |  |
+| postgresql.auth.username | string | `"user"` |  |
+| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` |  |
+| postgresql.primary.persistence.enabled | bool | `false` |  |
+| postgresql.readReplicas.persistence.enabled | bool | `false` |  |
+| readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
+| readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
+| readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
+| readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
+| readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
+| replicaCount | int | `1` |  |
+| requests.cpu | string | `"500m"` |  |
+| requests.memory | string | `"128Mi"` |  |
+| resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
+| securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
+| securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
+| securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
+| securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
+| securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
+| serviceAccount.name | string | `""` |  |
+| sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
+| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
+| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
+| token.refresh.expiry_seconds | int | `300` |  |
+| token.refresh.expiry_tolerance_seconds | int | `10` |  |
+| token.refresh.refresh_endpoint | string | `nil` |  |
+| token.signer.privatekey_alias | string | `nil` |  |
+| token.verifier.publickey_alias | string | `nil` |  |
+| tolerations | list | `[]` |  |
+| url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
+| vault | object | `{"azure":{"certificate":null,"client":null,"name":"<AZURE_NAME>","secret":null,"tenant":null},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null}}` | Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden |
+| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
+| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
+| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
+| volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
+| volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
diff --git a/charts/agent-connector/README.md.gotmpl b/charts/agent-plane-azure-vault/README.md.gotmpl
similarity index 63%
rename from charts/agent-connector/README.md.gotmpl
rename to charts/agent-plane-azure-vault/README.md.gotmpl
index fcba6066..3c808f17 100644
--- a/charts/agent-connector/README.md.gotmpl
+++ b/charts/agent-plane-azure-vault/README.md.gotmpl
@@ -1,5 +1,6 @@
 <!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2024 T-Systems International GmbH
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -28,55 +29,6 @@
 
 {{ template "chart.homepageLine" . }}
 
-## Setting up your BPNL and the Control Plane's Management API Key
-
-The secure API-Key that is shared between control and agent plane is configured in the following property:
-- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls).
-
-You should set your BPNL in the folloing property:
-- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding.
-
-## Setting up Hashicorp Vault
-
-You should set configure access to required secrets as follows:
-- 'vault.hashicorp.url': URL of the vault API
-- 'vault.hashicorp.token': A valid, generated access token.
-- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1)
-
-### Setting up the transfer token encryption
-
-Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
-you should setup a private/public certificate as well as a symmetric AES key.
- 
-- 'vault.secretNames.transferProxyTokenSignerPrivateKey': 
-- 'vault.secretNames.transferProxyTokenSignerPublicKey':
-- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
-
-## Setting up SSI
-
-### Preconditions
-
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
-  Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
-- the client ID and client secret corresponding to that account must be known
-
-### Preparatory work
-
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
-
-### Configure the chart
-
-Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
 ## Setting up the Agent Planes
 
 Make sure to adapt the Agent Plane's application-facing endpoint security:
@@ -106,7 +58,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
 
 ```shell
 helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector --version {{ .Version }}
+helm install my-release eclipse-tractusx/agent-plane --version {{ .Version }}
 ```
 
 {{ template "chart.maintainersSection" . }}
diff --git a/charts/agent-connector-memory/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml
similarity index 64%
rename from charts/agent-connector-memory/ci/integration-values.yaml
rename to charts/agent-plane-azure-vault/ci/integration-values.yaml
index 37cc28cb..4e733ada 100644
--- a/charts/agent-connector-memory/ci/integration-values.yaml
+++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml
@@ -1,9 +1,9 @@
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -24,26 +24,24 @@
 install:
   postgresql: true
 
+participant:
+  id: "BPNL0000000DUMMY"
+
+# image:
+#  repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault
+#  tag: 1.12.19-SNAPSHOT
+
 controlplane:
   endpoints:
     management:
       authKey: "bla"
-  ssi:
-    miw:
-      url: "https://managed-identity-wallets.int"
-      authorityId: "BPNL0000000DUMMY"
-    oauth:
-      tokenurl: "https://keycloak/auth/realms/REALM/protocol/openid-connect/token"
-      client:
-        id: "serviceaccount"
-        secretAlias: "miw-secret"
 
 vault:
   azure:
     name: "AZURE_NAME"
-    tenant: "AZURE_TENANT"
-    client: "AZURE_CLIENT"
-    secret: "AZURE_SECRET"
+    tenant: ""
+    client: ""
+    secret: ""
   hashicorp:
     url: "https://vault.demo"
     token: "VAULT_TOKEN"
@@ -53,5 +51,21 @@ vault:
     transferProxyTokenSignerPrivateKey: "key"
     transferProxyTokenSignerPublicKey: "cert"
     transferProxyTokenEncryptionAesKey: "symmetric-key"
-participant:
-  id: "BPNL0000000DUMMY"
+
+token:
+  signer:
+    # alias under which the private key is stored in the vault (JWK or PEM format)
+    privatekey_alias: "key"
+  verifier:
+    # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+    publickey_alias: "cert"
+
+iatp:
+  sts:
+    oauth:
+      token_url: "http://keycloak/oauth/token"
+      client:
+        id: "dummy"
+        secret_alias: "dummy"
+    dim:
+      url: "http://sts.server"
diff --git a/charts/agent-connector-memory/templates/NOTES.txt b/charts/agent-plane-azure-vault/templates/NOTES.txt
similarity index 50%
rename from charts/agent-connector-memory/templates/NOTES.txt
rename to charts/agent-plane-azure-vault/templates/NOTES.txt
index a9709f70..ddd034b6 100644
--- a/charts/agent-connector-memory/templates/NOTES.txt
+++ b/charts/agent-plane-azure-vault/templates/NOTES.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -15,50 +15,27 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-1. Get the control plane URL by running these commands:
-{{ with index .Values.controlplane.ingresses 0}}
-{{- if .enabled }}
-{{- range .paths }}
-  http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
-{{- end }}
-{{- else if contains "NodePort" $.Values.controlplane.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane)
-  export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }}
-{{- else if contains "ClusterIP" $.Values.controlplane.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-  echo "Visit http://127.0.0.1:8080 to use your application"
-{{- end }}
-{{- end }}
-
 2. Get the data plane URL(s) by running these commands:
-{{- range $dataplane_name, $dataplane := .Values.repositories }}
+{{- $dataplane_name := .Values.name }}
+{{- $dataplane := .Values }}
 {{ with index $dataplane.ingresses 0}}
 {{- if .enabled }}
 {{- range .paths }}
   http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
 {{- end }}
 {{- else if contains "NodePort" $dataplane.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }})
+  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txap.fullname" $ }}-{{ $dataplane.name }})
   export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" $dataplane.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txap.fullname" $ }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txap.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ $dataplane.service.port }}
 {{- else if contains "ClusterIP" $dataplane.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txap.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
   echo "Visit http://127.0.0.1:8080 to use your application"
 {{- end }}
 {{- end }}
-{{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl
similarity index 55%
rename from charts/agent-connector-azure-vault/templates/_helpers.tpl
rename to charts/agent-plane-azure-vault/templates/_helpers.tpl
index a6fcc117..d809d091 100644
--- a/charts/agent-connector-azure-vault/templates/_helpers.tpl
+++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl
@@ -1,9 +1,9 @@
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -20,11 +20,10 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #
-
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "txdc.name" -}}
+{{- define "txap.name" -}}
 {{- default .Chart.Name .Values.nameOverride | replace "+" "_"  | trunc 63 | trimSuffix "-" -}}
 {{- end }}
 
@@ -33,7 +32,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "txdc.fullname" -}}
+{{- define "txap.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -47,84 +46,64 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 
 {{/*
-Create chart name and version as used by the chart label.
+Create a default fully qualified app name for the connector.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
 */}}
-{{- define "txdc.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- define "txap.connector.fullname" -}}
+{{- if .Values.connector }}
+{{- printf "%s-%s" .Release.Name .Values.connector | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
 {{- end }}
 
 {{/*
-Control Common labels
+Create chart name and version as used by the chart label.
 */}}
-{{- define "txdc.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- define "txap.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Control Common labels
 */}}
-{{- define "txdc.controlplane.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" . }}
-{{ include "txdc.controlplane.selectorLabels" . }}
+{{- define "txap.labels" -}}
+helm.sh/chart: {{ include "txap.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/component: edc-controlplane
-app.kubernetes.io/part-of: edc
 {{- end }}
 
 {{/*
 Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" .root }}
-{{ include "txdc.dataplane.selectorLabels" . }}
-{{- if .root.Chart.AppVersion }}
-app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }}
+{{- define "txap.dataplane.labels" -}}
+helm.sh/chart: {{ include "txap.chart" . }}
+{{ include "txap.dataplane.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/managed-by: {{ .root.Release.Service }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/component: edc-dataplane
 app.kubernetes.io/part-of: edc
 {{- end }}
 
-{{/*
-Control Selector labels
-*/}}
-{{- define "txdc.controlplane.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane
-app.kubernetes.io/instance: {{ .Release.Name }}-controlplane
-{{- end }}
-
 {{/*
 Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }}
-app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }}
+{{- define "txap.dataplane.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "txap.name" . }}-{{ .Values.name }}
+app.kubernetes.io/instance: {{ .Release.Name }}-{{ .Values.name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "txdc.controlplane.serviceaccount.name" -}}
+{{- define "txap.dataplane.serviceaccount.name" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "txdc.dataplane.serviceaccount.name" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
+{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
@@ -133,8 +112,8 @@ Create the name of the service account to use
 {{/*
 Control DSP URL
 */}}
-{{- define "txdc.controlplane.url.protocol" -}}
-{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}}
+{{- define "txap.controlplane.url.protocol" -}}
+{{- if (and .Values.controlplane.url .Values.controlplane.url.protocol) }}{{/* if dsp api url has been specified explicitly */}}
 {{- .Values.controlplane.url.protocol }}
 {{- else }}{{/* else when dsp api url has not been specified explicitly */}}
 {{- with (index .Values.controlplane.ingresses 0) }}
@@ -145,7 +124,7 @@ Control DSP URL
 {{- printf "http://%s" .hostname -}}
 {{- end }}{{/* end if tls */}}
 {{- else }}{{/* else when ingress not enabled */}}
-{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
+{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
 {{- end }}{{/* end if ingress */}}
 {{- end }}{{/* end with ingress */}}
 {{- end }}{{/* end if .Values.controlplane.url.protocol */}}
@@ -154,47 +133,70 @@ Control DSP URL
 {{/*
 Validation URL
 */}}
-{{- define "txdc.controlplane.url.validation" -}}
-{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}}
+{{- define "txap.controlplane.url.control" -}}
+{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}}
+{{- end }}
+
+{{/*
+Validation URL
+*/}}
+{{- define "txap.controlplane.url.management" -}}
+{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}}
 {{- end }}
 
 {{/*
 Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.url.control" -}}
-{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}}
+{{- define "txap.dataplane.url.signaling" -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}}
 {{- end }}
 
 {{/*
-Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
+Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.url.public" -}}
-{{- $dataplane := .dataplane -}}
-{{- $root := .root -}}
-{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}}
-{{- .dataplane.url.public }}
+{{- define "txap.dataplane.url.callback" -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.callback.port .Values.endpoints.callback.path -}}
+{{- end }}
+
+{{/*
+Data Public URL
+*/}}
+{{- define "txap.dataplane.url.public" -}}
+{{- if .Values.url.public }}{{/* if public api url has been specified explicitly */}}
+{{- .Values.url.public }}
 {{- else }}{{/* else when public api url has not been specified explicitly */}}
-{{- with (index .dataplane.ingresses 0) }}
+{{- with (index  .Values.ingresses 0) }}
 {{- if .enabled }}{{/* if ingress enabled */}}
 {{- if .tls.enabled }}{{/* if TLS enabled */}}
-{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}}
+{{- printf "https://%s%s" .hostname $.Values.endpoints.public.path -}}
 {{- else }}{{/* else when TLS not enabled */}}
-{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}}
+{{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}}
 {{- end }}{{/* end if tls */}}
 {{- else }}{{/* else when ingress not enabled */}}
-{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" $ ) $.Values.name $.Values.endpoints.public.port $.Values.endpoints.public.path -}}
 {{- end }}{{/* end if ingress */}}
 {{- end }}{{/* end with ingress */}}
-{{- end }}{{/* end if .url.public */}}
+{{- end }}{{/* end if .Values.url.public */}}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "txdc.serviceAccountName" -}}
+{{- define "txap.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "txap.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+join a map
+*/}}
+{{- define "txap.remotes" -}}
+{{- $res := dict "servers" (list) -}}
+{{- range $bpn, $connector := .Values.agent.connectors -}}
+{{- $noop := printf "%s=%s" $bpn $connector | append $res.servers | set $res "servers" -}}
+{{- end -}}
+{{- join "," $res.servers }}
+{{- end -}}
diff --git a/charts/agent-connector/templates/configmap-dataplane.yaml b/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml
similarity index 62%
rename from charts/agent-connector/templates/configmap-dataplane.yaml
rename to charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml
index b5dda6ea..e85ddbd8 100644
--- a/charts/agent-connector/templates/configmap-dataplane.yaml
+++ b/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml
@@ -1,12 +1,9 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 ---
 #
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2024 T-Systems International GmbH
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -23,13 +20,14 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }}
-  namespace: {{ $root.Release.Namespace | default "default" | quote }}
+  name: {{ include "txap.fullname" . }}-{{- $dataplane_name }}
+  namespace: {{ .Release.Namespace | default "default" | quote }}
   labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
 data:
   opentelemetry.properties: |-
     {{- $dataplane.opentelemetry | nindent 4 }}
@@ -42,4 +40,3 @@ data:
   {{ $config_value | nindent 4 }}
   {{- end }}
 
-{{- end }}
diff --git a/charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml
similarity index 62%
rename from charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml
rename to charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml
index ac1c1bdc..0f4d7833 100644
--- a/charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml
+++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml
@@ -1,12 +1,12 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 ---
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -26,16 +26,16 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
+  name: {{ include "txap.fullname" . }}-{{ $dataplane.name }}
   labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
 spec:
   {{- if not $dataplane.autoscaling.enabled }}
   replicas: {{ $dataplane.replicaCount }}
   {{- end }}
   selector:
     matchLabels:
-      {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }}
+      {{- include "txap.dataplane.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- with $dataplane.podAnnotations }}
@@ -43,30 +43,28 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }}
+        {{- include "txap.dataplane.selectorLabels" . | nindent 8 }}
         {{- with $dataplane.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
-      {{- with $root.Values.imagePullSecrets }}
+      {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "txdc.serviceAccountName" $root }}
+      serviceAccountName: {{ include "txap.serviceAccountName" . }}
       securityContext:
         {{- toYaml $dataplane.podSecurityContext | nindent 8 }}
       initContainers:
         {{- toYaml $dataplane.initContainers | nindent 8 }}
       containers:
-        - name: {{ $root.Chart.Name }}
+        - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml $dataplane.securityContext | nindent 12 }}
           {{- if $dataplane.image.repository }}
-          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.5.0" }}"
-          {{- else if $dataplane.agent }}
-          image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}"
+          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
           {{- else }}
-          image: "tractusx/edc-dataplane-azure-vault:{{ $dataplane.image.tag | default "0.5.0" }}"
+          image: "{{ .Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
           {{- end }}
           imagePullPolicy: {{ $dataplane.image.pullPolicy }}
           ports:
@@ -111,29 +109,97 @@ spec:
             {{- end }}
           {{- end }}
 
+            ########################
+            ## ID CONFIGURATION ##
+            ########################
+            - name: EDC_PARTICIPANT_ID
+              value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
+            - name: "EDC_IAM_ISSUER_ID"
+              value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}}
+
             #######
             # API #
             #######
+            - name: "EDC_API_AUTH_KEY"
+              value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
+
             - name: "WEB_HTTP_DEFAULT_PORT"
               value: {{ $dataplane.endpoints.default.port | quote }}
             - name: "WEB_HTTP_DEFAULT_PATH"
               value: {{ $dataplane.endpoints.default.path | quote }}
-            - name: "WEB_HTTP_CONTROL_PORT"
-              value: {{ $dataplane.endpoints.control.port | quote }}
-            - name: "WEB_HTTP_CONTROL_PATH"
-              value: {{ $dataplane.endpoints.control.path | quote }}
             - name: "WEB_HTTP_PUBLIC_PORT"
               value: {{ $dataplane.endpoints.public.port | quote }}
             - name: "WEB_HTTP_PUBLIC_PATH"
               value: {{ $dataplane.endpoints.public.path | quote }}
+            - name: "WEB_HTTP_SIGNALING_PORT"
+              value: {{ $dataplane.endpoints.signaling.port | quote }}
+            - name: "WEB_HTTP_SIGNALING_PATH"
+              value: {{ $dataplane.endpoints.signaling.path | quote }}
+            - name: "WEB_HTTP_CALLBACK_PORT"
+              value: {{ $dataplane.endpoints.callback.port | quote }}
+            - name: "WEB_HTTP_CALLBACK_PATH"
+              value: {{ $dataplane.endpoints.callback.path | quote }}
+
             - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT"
-              value: {{ include "txdc.controlplane.url.validation" $root}}
+              value: {{ include "txap.controlplane.url.control" .}}/token
+
+            ###########
+            ## VAULT ##
+            ###########
+
+            {{- if .Values.vault.azure.client }}
+            - name: "AZURE_CLIENT_ID"
+              value: {{ .Values.vault.azure.client | quote  }}
+            {{- end }}
+            {{- if .Values.vault.azure.tenant }}
+            - name: "AZURE_TENANT_ID"
+              value: {{ .Values.vault.azure.tenant | quote }}
+            {{- end }}
+            - name: "EDC_VAULT_NAME"
+              value: {{ .Values.vault.azure.name | quote }}
+            # only set the env var if config value not null
+            {{- if .Values.vault.azure.secret }}
+            - name: "AZURE_CLIENT_SECRET"
+              value: {{ .Values.vault.azure.secret | quote }}
+            {{- end }}
+            # only set the env var if config value not null
+            {{- if .Values.vault.azure.certificate }}
+            - name: "AZURE_CLIENT_CERTIFICATE"
+              value: {{ .Values.vault.azure.certificate | quote }}
+            {{- end }}
+
+            ##################
+            ## TOKEN REFRESH
+            ##################
+            {{- if $dataplane.token.refresh.expiry_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY"
+              value: {{ $dataplane.token.refresh.expiry_seconds | quote}}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.expiry_tolerance_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE"
+              value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.refresh_endpoint }}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ $dataplane.token.refresh.refresh_endpoint }}
+            {{- else}}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ include "txap.dataplane.url.public" . }}/token
+            {{- end}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
+              value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
+              value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }}
 
             ###################
             # AUTH (JWT)      #
             ###################
           {{- if $dataplane.auth }}
-          {{- range $auth, $authDef := $dataplane.auth }} 
+          {{- range $auth, $authDef := $dataplane.auth }}
             - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }}
               value: {{ $authDef.type | required "Authentication Service needs a type" | quote }}
             - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }}
@@ -154,61 +220,68 @@ spec:
             - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }}
               value: {{ $authDef.vaultKey | quote }}
           {{- end }}
-          {{- if $authDef.publicKey }}   
+          {{- if $authDef.publicKey }}
             - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }}
               value: {{ $authDef.publicKey | quote }}
           {{- end }}
-          {{- if $authDef.checkExpiry }}   
+          {{- if $authDef.checkExpiry }}
             - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }}
               value: {{ $authDef.checkExpiry | quote }}
           {{- end }}
           {{- end }}
           {{- end }}
 
-          {{- if $dataplane.endpoints.callback }}
+            #############################
+            ## IATP / STS / DIM CONFIG ##
+            #############################
+            - name: "EDC_IAM_STS_OAUTH_TOKEN_URL"
+              value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}}
+            - name: "EDC_IAM_STS_OAUTH_CLIENT_ID"
+              value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}}
+            - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS"
+              value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}}
+            - name: "EDC_IAM_STS_DIM_URL"
+              value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}}
+            {{- range $index, $issuer := .Values.iatp.trustedIssuers }}
+            - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID"
+              value: {{ $issuer | quote }}
+            {{- end }}
+
+            #########################
+            ## DATA PLANE PUBLIC API
+            ########################
+            - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL"
+              value: {{ include "txap.dataplane.url.public" . }}
 
             ###################
             # AGENT CALLBACK  #
             ###################
-            - name: "WEB_HTTP_CALLBACK_PORT"
-              value: {{ $dataplane.endpoints.callback.port | quote }}
-            - name: "WEB_HTTP_CALLBACK_PATH"
-              value: {{ $dataplane.endpoints.callback.path | quote }}
             - name: "CX_AGENT_CALLBACK"
-              value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }}
-            - name: "EDC_API_AUTH_KEY"
-              value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
-            - name: "EDC_PARTICIPANT_ID"
-              value: {{ $root.Values.participant.id | quote }}
+              value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started
             - name: "CX_AGENT_CONTROLPLANE_PROTOCOL"
-              value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }}
+              value: {{ include "txap.controlplane.url.protocol" . }}
             - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT"
-              value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }}
-          {{- end }}
-
-          {{- if $dataplane.agent }}
-            - name: "CX_AGENT_EDC_VERSION"
-              value: {{ $dataplane.agent.edcVersion | default $root.Values.controlplane.image.tag | quote }}
-          {{- end }}
-
+              value: {{ include "txap.controlplane.url.management" . }}
+ 
           {{- if $dataplane.agent.matchmaking }}
             - name: "CX_AGENT_MATCHMAKING"
               value: {{ $dataplane.agent.matchmaking | quote }}
           {{- end }}
 
-          {{- if $dataplane.agent.default }}
+          {{- if $dataplane.agent.skillcontract }}
+            - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT"
+              value: {{ $dataplane.agent.skillcontract | quote }}
+          {{- end }}
 
+          {{- if $dataplane.agent.default }}
             ###############
             # AGENT INIT  #
             ###############
             - name: "CX_AGENT_ASSET_FILE"
               value: {{ join "," $dataplane.agent.default | quote }} 
-            - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT"
-              value: {{ $dataplane.agent.skillcontract | quote }}
           {{- end }}
 
           {{- if $dataplane.agent.services }}
-
             ###################
             # AGENT SERVICES #
             ###################
@@ -231,20 +304,16 @@ spec:
           {{- end }}
           {{- end }}
           {{- end }}
-
           
-          {{- if $dataplane.agent.connectors }}
-
             ###################
             # AGENT SYNC      #
             ###################
             - name: "CX_AGENT_DATASPACE_REMOTES"
-              value: {{ join "," $dataplane.agent.connectors | quote }} 
+              value: {{ include "txap.remotes" . }}
             - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION"
               value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }}
             - name: "CX_AGENT_FEDERATION_BATCH_MAX"
               value: {{ $dataplane.agent.maxbatchsize | quote }} 
-          {{- end }}
 
             #######
             # AWS #
@@ -262,46 +331,45 @@ spec:
               value: {{ $dataplane.aws.accessKeyId | quote }}
             {{- end }}
 
-            ###############
-            ## EDR CACHE ##
-            ###############
+            ################
+            ## POSTGRESQL ##
+            ################
 
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql
+            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/common/store/sql/edr-index-sql
             - name: "EDC_DATASOURCE_EDR_NAME"
               value: "edr"
             - name: "EDC_DATASOURCE_EDR_USER"
-              value: {{ $root.Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
+              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
             - name: "EDC_DATASOURCE_EDR_PASSWORD"
-              value: {{ $root.Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
+              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
             - name: "EDC_DATASOURCE_EDR_URL"
-              value: {{ tpl $root.Values.postgresql.jdbcUrl $root | quote }}
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
-            ###########
-            ## VAULT ##
-            ###########
+            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/data-plane-store-sql
+            - name: "EDC_DATASOURCE_DATAPLANE_NAME"
+              value: "edr"
+            - name: "EDC_DATASOURCE_DATAPLANE_USER"
+              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
+            - name: "EDC_DATASOURCE_DATAPLANE_PASSWORD"
+              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
+            - name: "EDC_DATASOURCE_DATAPLANE_URL"
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
-            - name: "EDC_VAULT_CLIENTID"
-              value: {{ $root.Values.vault.azure.client | quote  }}
-            - name: "EDC_VAULT_TENANTID"
-              value: {{ $root.Values.vault.azure.tenant | quote }}
-            - name: "EDC_VAULT_NAME"
-              value: {{ $root.Values.vault.azure.name | quote }}
-            # only set the env var if config value not null
-            {{- if $root.Values.vault.azure.secret }}
-            - name: "EDC_VAULT_CLIENTSECRET"
-              value: {{ $root.Values.vault.azure.secret | quote }}
-            {{- end }}
-            # only set the env var if config value not null
-            {{- if $root.Values.vault.azure.certificate }}
-            - name: "EDC_VAULT_CERTIFICATE"
-              value: {{ $root.Values.vault.azure.certificate | quote }}
-            {{- end }}
+            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/accesstokendata-store-sql
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_NAME"
+              value: "edr"
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_USER"
+              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_PASSWORD"
+              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL"
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
             ######################################
             ## Additional environment variables ##
             ######################################
             - name: "EDC_CONNECTOR_NAME"
-              value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }}
+              value: {{ include "txap.fullname" .}}-{{ $dataplane.name }}
           {{- range $key, $value := $dataplane.envValueFrom }}
             - name: {{ $key | quote }}
               valueFrom:
@@ -340,7 +408,7 @@ spec:
       volumes:
         - name: "configuration"
           configMap:
-            name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }}
+            name: {{ include "txap.fullname" . }}-{{ $dataplane_name }}
             items:
               - key: "opentelemetry.properties"
                 path: "opentelemetry.properties"
@@ -364,4 +432,3 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector/templates/hpa-dataplane.yaml b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml
similarity index 81%
rename from charts/agent-connector/templates/hpa-dataplane.yaml
rename to charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml
index d9c0f6c2..322a6745 100644
--- a/charts/agent-connector/templates/hpa-dataplane.yaml
+++ b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml
@@ -1,12 +1,14 @@
 {{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 {{- if $dataplane.autoscaling.enabled }}
 ---
 #
+#  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -26,14 +28,14 @@
 apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
+  name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }}
   labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
+    {{- include "txap.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
     kind: Deployment
-    name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
+    name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }}
   minReplicas: {{ $dataplane.autoscaling.minReplicas }}
   maxReplicas: {{ $dataplane.autoscaling.maxReplicas }}
   metrics:
@@ -49,5 +51,4 @@ spec:
         name: memory
         targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }}
     {{- end }}
-{{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector/templates/ingress-dataplane.yaml b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml
similarity index 89%
rename from charts/agent-connector/templates/ingress-dataplane.yaml
rename to charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml
index 7d03fbff..4302a890 100644
--- a/charts/agent-connector/templates/ingress-dataplane.yaml
+++ b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml
@@ -1,22 +1,21 @@
-{{- $fullName := include "txdc.fullname" . }}
+{{- $fullName := include "txap.fullname" . }}
 {{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
 {{- $namespace := .Release.Namespace }}
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 {{- $dataEdcEndpoints := $dataplane.endpoints }}
-{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-
+{{- $dataLabels := include "txap.dataplane.labels" . | nindent 4 }}
 {{- range $dataplane.ingresses }}
 {{- if and .enabled .endpoints }}
 {{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }}
 {{- $annotations := .annotations | default dict }}
 ---
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -100,4 +99,3 @@ spec:
   {{- end }}
 {{- end }}{{- /* end: if .enabled */}}
 {{- end }}{{- /* end: range .Values.ingresses */}}
-{{- end }}{{- /* end: range .Values.dataplanes */}}
diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml
new file mode 100644
index 00000000..34f5b3ec
--- /dev/null
+++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml
@@ -0,0 +1,48 @@
+---
+#
+#  Copyright (c) 2024 T-Systems International GmbH
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "txap.fullname" . }}-{{ .Values.name }}
+  namespace: {{.Release.Namespace | default "default" | quote }}
+  labels:
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.endpoints.default.port }}
+      targetPort: default
+      protocol: TCP
+      name: default
+    - port: {{ .Values.endpoints.signaling.port }}
+      targetPort: signaling
+      protocol: TCP
+      name: signaling
+    - port: {{ .Values.endpoints.public.port }}
+      targetPort: public
+      protocol: TCP
+      name: public
+    - port: {{ .Values.endpoints.callback.port }}
+      targetPort: callback
+      protocol: TCP
+      name: callback
+  selector:
+    {{- include "txap.dataplane.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/agent-connector/templates/serviceaccount.yaml b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml
similarity index 84%
rename from charts/agent-connector/templates/serviceaccount.yaml
rename to charts/agent-plane-azure-vault/templates/serviceaccount.yaml
index f94ad14e..2daf1e45 100644
--- a/charts/agent-connector/templates/serviceaccount.yaml
+++ b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml
@@ -1,10 +1,11 @@
 {{- if .Values.serviceAccount.create -}}
 ---
 #
+#  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -24,9 +25,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "txdc.serviceAccountName" . }}
+  name: {{ include "txap.serviceAccountName" . }}
   labels:
-    {{- include "txdc.labels" . | nindent 4 }}
+    {{- include "txap.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
diff --git a/charts/agent-connector/templates/tests/test-controlplane-readiness.yaml b/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml
similarity index 65%
rename from charts/agent-connector/templates/tests/test-controlplane-readiness.yaml
rename to charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml
index efd6f3b1..7fa5ba0d 100644
--- a/charts/agent-connector/templates/tests/test-controlplane-readiness.yaml
+++ b/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2023,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -16,14 +16,15 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #
-
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 ---
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{include "txdc.fullname" .}}test-controlplane-readiness"
+  name: "{{include "txap.fullname" .}}test-dataplane-readiness"
   labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
   annotations:
     "helm.sh/hook": test
     "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }}
@@ -31,6 +32,6 @@ spec:
   containers:
     - name: wget
       image: curlimages/curl
-      command: [ 'curl' ]
-      args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ]
+      command: [ '/bin/sh','-c' ]
+      args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ]
   restartPolicy: Never
diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml
new file mode 100644
index 00000000..40d297e1
--- /dev/null
+++ b/charts/agent-plane-azure-vault/values.yaml
@@ -0,0 +1,399 @@
+#
+#  Copyright (c) 2024 T-Systems International GmbH
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+# Default values for agent-plane.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+install:
+  postgresql: false
+  vault: false
+
+fullnameOverride: ""
+nameOverride: ""
+# -- Image registry to use
+imageRegistry: docker.io/
+# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
+imagePullSecrets: []
+# -- To add some custom labels
+customLabels: {}
+
+postgresql:
+  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
+  primary:
+    persistence:
+      enabled: false
+  readReplicas:
+    persistence:
+      enabled: false
+  auth:
+    database: "edc"
+    username: "user"
+    password: "password"
+
+participant:
+  # -- BPN Number
+  id: ""
+
+iatp:
+  # Decentralized IDentifier
+  id: "did:web:changeme"
+  # -- Configures the trusted issuers for this runtime
+  trustedIssuers: []
+  sts:
+    dim:
+      url:
+    oauth:
+      token_url:
+      client:
+        id:
+        secret_alias:
+
+# -- Name of the connector deployment
+connector: ""
+
+# -- References to the control plane deployment
+controlplane:
+  endpoints:
+    # -- data management api, used by internal users, can be added to an ingress and must not be internet facing
+    management:
+      # -- port for incoming api calls
+      port: 8081
+      # -- path for incoming api calls
+      path: /management
+      # -- authentication key, must be attached to each 'X-Api-Key' request header
+      authKey: ""
+    # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
+    control:
+      # -- port for incoming api calls
+      port: 8083
+      # -- path for incoming api calls
+      path: /control
+    # -- dsp api, used for inter connector communication and must be internet facing
+    protocol:
+      # -- port for incoming api calls
+      port: 8084
+      # -- path for incoming api calls
+      path: /api/v1/dsp
+  ingresses:
+    - enabled: false
+
+# -- the name of the dataplane
+name: "agentplane"
+# -- a comma-separated list of supported asset types
+sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"
+# -- a comma-separated list of supported transfer types
+destinationTypes: "HttpProxy,AmazonS3"
+image:
+  # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically
+  repository: ""
+  # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
+  pullPolicy: IfNotPresent
+  # -- Overrides the image tag whose default is the chart appVersion
+  tag: ""
+initContainers: []
+debug:
+  enabled: false
+  port: 1044
+  suspendOnStart: false
+livenessProbe:
+  # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  enabled: true
+  # -- seconds to wait before performing the first liveness check
+  initialDelaySeconds: 30
+  # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
+  periodSeconds: 10
+  # -- number of seconds after which the probe times out
+  timeoutSeconds: 5
+  # -- when a probe fails kubernetes will try 6 times before giving up
+  failureThreshold: 6
+  # -- number of consecutive successes for the probe to be considered successful after having failed
+  successThreshold: 1
+readinessProbe:
+  # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  enabled: true
+  # -- seconds to wait before performing the first readiness check
+  initialDelaySeconds: 30
+  # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
+  periodSeconds: 10
+  # -- number of seconds after which the probe times out
+  timeoutSeconds: 5
+  # -- when a probe fails kubernetes will try 6 times before giving up
+  failureThreshold: 6
+  # -- number of consecutive successes for the probe to be considered successful after having failed
+  successThreshold: 1
+service:
+  # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
+  type: ClusterIP
+  port: 80
+endpoints:
+  default:
+    port: 8080
+    path: /api
+  public:
+    port: 8081
+    path: /api/public
+  signaling:
+    port: 8083
+    path: /api/signaling
+  callback:
+    port: 8087
+    path: /callback
+
+token:
+  refresh:
+    expiry_seconds: 300
+    expiry_tolerance_seconds: 10
+    # optional URL that can be provided where clients go to refresh tokens.
+    refresh_endpoint:
+  signer:
+    # alias under which the private key is stored in the vault (JWK or PEM format)
+    privatekey_alias:
+  verifier:
+    # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+    publickey_alias:
+
+# -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
+auth:
+  # -- the default authentication service
+  default:
+    # -- the type of the default authentication service (api-key, jwt or composite)
+    type: api-key
+    # -- the context(s) of the default authentication service separated by commas
+    context: default
+    # -- excluded paths for liveness checks and validation
+    exclude: ".*/(check|validation).*"
+    # -- controls whether this service should be registered as the default EDC authentication service globally
+    register: false
+    # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart.
+    apiCode: "69609650"
+    # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead
+    vaultKey:
+    # -- public key for checking the validity of jwt tokens, set this when type=jwt
+    publicKey:
+    # -- controls whether the expiry date of jwt tokens is checked when type=jwt
+    checkExpiry: true
+aws:
+  endpointOverride: ""
+  accessKeyId: ""
+  secretAccessKey: ""
+# -- additional labels for the pod
+podLabels: {}
+# -- additional annotations for the pod
+podAnnotations: {}
+# -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
+podSecurityContext:
+  seccompProfile:
+    # -- Restrict a Container's Syscalls with seccomp
+    type: RuntimeDefault
+  # -- Runs all processes within a pod with a special uid
+  runAsUser: 10001
+  # -- Processes within a pod will belong to this guid
+  runAsGroup: 10001
+  # -- The owner for volumes and any files created within volumes will belong to this guid
+  fsGroup: 10001
+# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
+securityContext:
+  capabilities:
+    # -- Specifies which capabilities to drop to reduce syscall attack surface
+    drop:
+      - ALL
+    # -- Specifies which capabilities to add to issue specialized syscalls
+    add: []
+  # -- Whether the root filesystem is mounted in read-only mode
+  readOnlyRootFilesystem: true
+  # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
+  allowPrivilegeEscalation: false
+  # -- Requires the container to run without root privileges
+  runAsNonRoot: true
+  # -- The container's process will run with the specified uid
+  runAsUser: 10001
+# Extra environment variables that will be pass onto deployment pods
+env: {}
+#  ENV_NAME: value
+
+# "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
+# ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
+envValueFrom: {}
+#  ENV_NAME:
+#    configMapKeyRef:
+#      name: configmap-name
+#      key: value_key
+#    secretKeyRef:
+#      name: secret-name
+#      key: value_key
+
+# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
+envSecretNames: []
+#  - first-secret
+#  - second-secret
+
+# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
+envConfigMapNames: []
+#  - first-config-map
+#  - second-config-map
+
+## Ingress declaration to expose the network service.
+ingresses:
+  ## Public / Internet facing Ingress
+  - enabled: false
+    # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
+    hostname: "edc-data.local"
+    # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"}
+    annotations:
+        # Sample settings for more demanding use cases
+        # nginx.org/proxy-connect-timeout: "30s"
+        # nginx.org/proxy-read-timeout: "360s"
+        # nginx.org/client-max-body-size: "10m"
+    # -- EDC endpoints exposed by this ingress resource
+    endpoints:
+      - public
+    # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
+    className: ""
+    # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
+    tls:
+      # -- Enables TLS on the ingress resource
+      enabled: false
+      # -- If present overwrites the default secret name
+      secretName: ""
+    ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
+    certManager:
+      # -- If preset enables certificate generation via cert-manager namespace scoped issuer
+      issuer: ""
+      # -- If preset enables certificate generation via cert-manager cluster-wide issuer
+      clusterIssuer: ""
+# -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
+volumeMounts: []
+# -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
+volumes: []
+# -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
+resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+limits:
+  cpu: 1.5
+  memory: 1024Mi
+requests:
+  cpu: 500m
+  memory: 128Mi
+replicaCount: 1
+autoscaling:
+  # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
+  enabled: false
+  # -- Minimal replicas if resource consumption falls below resource threshholds
+  minReplicas: 1
+  # -- Maximum replicas if resource consumption exceeds resource threshholds
+  maxReplicas: 100
+  # -- targetAverageUtilization of cpu provided to a pod
+  targetCPUUtilizationPercentage: 80
+  # -- targetAverageUtilization of memory provided to a pod
+  targetMemoryUtilizationPercentage: 80
+# -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
+opentelemetry: |-
+  otel.javaagent.enabled=false
+  otel.javaagent.debug=false
+# -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
+logging: |-
+  .level=INFO
+  org.eclipse.edc.level=ALL
+  handlers=java.util.logging.ConsoleHandler
+  java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
+  java.util.logging.ConsoleHandler.level=ALL
+  java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
+# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
+nodeSelector: {}
+# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
+tolerations: []
+# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
+affinity: {}
+url:
+  # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
+  public: ""
+# -- A set of additional configuration files
+configs:
+  # -- An example of an empty graph in ttl syntax
+  dataspace.ttl: |
+    #################################################################
+    # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT
+    #################################################################
+    @prefix : <GraphAsset?local=Dataspace> .
+    @base <GraphAsset?local=Dataspace> .
+# -- Agent-Specific Settings
+agent:
+  # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
+  default:
+    - dataspace.ttl
+    - https://w3id.org/catenax/ontology.ttl
+  # -- The synchronization interval in ms to update the federated data catalogue
+  synchronization: -1
+  # -- A map of partner ids to remote connector IDS URLs to synchronize with
+  connectors: {}
+  # -- Names the visible contract under which new skills are published (if not otherwise specified)
+  skillcontract: Contract?partner=Skill
+  # -- Sets the maximal batch size when delegating to agents and services
+  maxbatchsize: '9223372036854775807'
+  # -- A set of configs for regulating outgoing service calls
+  services:
+    # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
+    allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)'
+    # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
+    deny: 'http://.*'
+    # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given)
+    asset:
+      # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
+      allow: '(edcs?://.*)'
+      # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
+      deny: 'https?://.*'
+
+# -- Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden
+vault:
+  azure:
+    name: "<AZURE_NAME>"
+    client:
+    tenant:
+    secret:
+    certificate:
+
+  secretNames:
+    # -- sign handed out tokens with this key
+    transferProxyTokenSignerPrivateKey:
+    # -- sign handed out tokens with this certificate
+    transferProxyTokenSignerPublicKey:
+    # -- encrypt handed out tokens with this symmetric key
+    transferProxyTokenEncryptionAesKey:
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+  # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
+  imagePullSecrets: []
+
+# -- Configurations for Helm tests
+tests:
+  # -- Configure the hook-delete-policy for Helm tests
+  hookDeletePolicy: before-hook-creation,hook-succeeded
diff --git a/charts/agent-connector-memory/.helmignore b/charts/agent-plane/.helmignore
similarity index 94%
rename from charts/agent-connector-memory/.helmignore
rename to charts/agent-plane/.helmignore
index 9a12504f..49603135 100644
--- a/charts/agent-connector-memory/.helmignore
+++ b/charts/agent-plane/.helmignore
@@ -1,4 +1,4 @@
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
diff --git a/charts/agent-connector-memory/Chart.yaml b/charts/agent-plane/Chart.yaml
similarity index 77%
rename from charts/agent-connector-memory/Chart.yaml
rename to charts/agent-plane/Chart.yaml
index e1c754f5..45d82bef 100644
--- a/charts/agent-connector-memory/Chart.yaml
+++ b/charts/agent-plane/Chart.yaml
@@ -3,7 +3,7 @@
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -23,13 +23,12 @@
 
 ---
 apiVersion: v2
-name: agent-connector-memory
+name: agent-plane
 description: |
-  A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector using In-Memory Persistence. This is a variant of [the Tractus-X In-Memory Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory) which allows
-  to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
-  Control Plane and one or several Data Planes. Note that _no_ external dependencies such as HashiCorp Vault are included.
+  A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running
+  Control Plane.
 
-  This chart is intended for use with an _existing_ HashiCorp Vault.
+  This chart is intended for use with an _existing_ HashiCorp Vault and Tractusx Connector.
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -42,12 +41,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.12.18-SNAPSHOT
+version: 1.12.19-SNAPSHOT
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.12.18-SNAPSHOT"
+appVersion: "1.12.19-SNAPSHOT"
 home: https://github.com/eclipse-tractusx/knowledge-agents-edc/
 sources:
   - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector
@@ -55,8 +54,14 @@ dependencies:
   # HashiCorp Vault
   - name: vault
     alias: vault
-    version: 0.20.0
+    version: 0.27.0
     repository: https://helm.releases.hashicorp.com
     condition: install.vault
+  # PostgreSQL
+  - name: postgresql
+    alias: postgresql
+    version: "15.2.1"
+    repository: https://charts.bitnami.com/bitnami
+    condition: install.postgresql
 maintainers:
   - name: 'Tractus-X Knowledge Agents Team'
diff --git a/charts/agent-connector-memory/LICENSE b/charts/agent-plane/LICENSE
similarity index 100%
rename from charts/agent-connector-memory/LICENSE
rename to charts/agent-plane/LICENSE
diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md
new file mode 100644
index 00000000..69e0e566
--- /dev/null
+++ b/charts/agent-plane/README.md
@@ -0,0 +1,244 @@
+<!--
+ * Copyright (c) 2024 T-Systems International GmbH
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+
+-->
+
+# agent-plane
+
+![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square)
+
+A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running
+Control Plane.
+
+This chart is intended for use with an _existing_ HashiCorp Vault and Tractusx Connector.
+
+**Homepage:** <https://github.com/eclipse-tractusx/knowledge-agents-edc/>
+
+## Setting up the Agent Planes
+
+Make sure to adapt the Agent Plane's application-facing endpoint security:
+- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt)
+- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key
+- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault
+- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found
+- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true)
+
+Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. 
+- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata.
+- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties.
+- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors.
+- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists.
+
+Be sure to adapt the agent configuration
+- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors.
+- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets.
+- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues.
+- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue.
+
+### Launching the application
+
+As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml)
+to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually.
+Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
+
+```shell
+helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
+helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT
+```
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Tractus-X Knowledge Agents Team |  |  |
+
+## Source Code
+
+* <https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 |
+| https://helm.releases.hashicorp.com | vault(vault) | 0.27.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings |
+| agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with |
+| agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue |
+| agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services |
+| agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls |
+| agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
+| agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) |
+| agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) |
+| agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
+| agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) |
+| agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) |
+| agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue |
+| auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries |
+| auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service |
+| auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. |
+| auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt |
+| auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas |
+| auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation |
+| auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt |
+| auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally |
+| auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) |
+| auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead |
+| autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
+| autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
+| autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
+| aws.accessKeyId | string | `""` |  |
+| aws.endpointOverride | string | `""` |  |
+| aws.secretAccessKey | string | `""` |  |
+| configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"}` | A set of additional configuration files |
+| configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : <GraphAsset?local=Dataspace> .\n@base <GraphAsset?local=Dataspace> .\n"` | An example of an empty graph in ttl syntax |
+| connector | string | `""` | Name of the connector deployment |
+| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment |
+| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
+| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
+| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls |
+| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing |
+| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header |
+| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls |
+| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls |
+| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing |
+| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls |
+| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls |
+| customLabels | object | `{}` | To add some custom labels |
+| debug.enabled | bool | `false` |  |
+| debug.port | int | `1044` |  |
+| debug.suspendOnStart | bool | `false` |  |
+| destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types |
+| endpoints.callback.path | string | `"/callback"` |  |
+| endpoints.callback.port | int | `8087` |  |
+| endpoints.default.path | string | `"/api"` |  |
+| endpoints.default.port | int | `8080` |  |
+| endpoints.public.path | string | `"/api/public"` |  |
+| endpoints.public.port | int | `8081` |  |
+| endpoints.signaling.path | string | `"/api/signaling"` |  |
+| endpoints.signaling.port | int | `8083` |  |
+| env | object | `{}` |  |
+| envConfigMapNames | list | `[]` |  |
+| envSecretNames | list | `[]` |  |
+| envValueFrom | object | `{}` |  |
+| fullnameOverride | string | `""` |  |
+| iatp.id | string | `"did:web:changeme"` |  |
+| iatp.sts.dim.url | string | `nil` |  |
+| iatp.sts.oauth.client.id | string | `nil` |  |
+| iatp.sts.oauth.client.secret_alias | string | `nil` |  |
+| iatp.sts.oauth.token_url | string | `nil` |  |
+| iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime |
+| image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
+| image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
+| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
+| imageRegistry | string | `"docker.io/"` | Image registry to use |
+| ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} |
+| ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer |
+| ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
+| ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
+| ingresses[0].enabled | bool | `false` |  |
+| ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource |
+| ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
+| ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
+| ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
+| ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name |
+| initContainers | list | `[]` |  |
+| install.postgresql | bool | `false` |  |
+| install.vault | bool | `false` |  |
+| limits.cpu | float | `1.5` |  |
+| limits.memory | string | `"1024Mi"` |  |
+| livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
+| livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check |
+| livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
+| livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
+| livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
+| logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) |
+| name | string | `"agentplane"` | the name of the dataplane |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics |
+| participant.id | string | `""` | BPN Number |
+| podAnnotations | object | `{}` | additional annotations for the pod |
+| podLabels | object | `{}` | additional labels for the pod |
+| podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment |
+| podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid |
+| podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid |
+| podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp |
+| postgresql.auth.database | string | `"edc"` |  |
+| postgresql.auth.password | string | `"password"` |  |
+| postgresql.auth.username | string | `"user"` |  |
+| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` |  |
+| postgresql.primary.persistence.enabled | bool | `false` |  |
+| postgresql.readReplicas.persistence.enabled | bool | `false` |  |
+| readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up |
+| readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check |
+| readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds |
+| readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed |
+| readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out |
+| replicaCount | int | `1` |  |
+| requests.cpu | string | `"500m"` |  |
+| requests.memory | string | `"128Mi"` |  |
+| resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID |
+| securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls |
+| securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface |
+| securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode |
+| securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges |
+| securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
+| service.port | int | `80` |  |
+| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
+| serviceAccount.name | string | `""` |  |
+| sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types |
+| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
+| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
+| token.refresh.expiry_seconds | int | `300` |  |
+| token.refresh.expiry_tolerance_seconds | int | `10` |  |
+| token.refresh.refresh_endpoint | string | `nil` |  |
+| token.signer.privatekey_alias | string | `nil` |  |
+| token.verifier.publickey_alias | string | `nil` |  |
+| tolerations | list | `[]` |  |
+| url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
+| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
+| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api |
+| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false |
+| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false |
+| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false |
+| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
+| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
+| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
+| volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
+| volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)
diff --git a/charts/agent-connector-memory/README.md.gotmpl b/charts/agent-plane/README.md.gotmpl
similarity index 63%
rename from charts/agent-connector-memory/README.md.gotmpl
rename to charts/agent-plane/README.md.gotmpl
index fcba6066..3c808f17 100644
--- a/charts/agent-connector-memory/README.md.gotmpl
+++ b/charts/agent-plane/README.md.gotmpl
@@ -1,5 +1,6 @@
 <!--
- * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2024 T-Systems International GmbH
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -28,55 +29,6 @@
 
 {{ template "chart.homepageLine" . }}
 
-## Setting up your BPNL and the Control Plane's Management API Key
-
-The secure API-Key that is shared between control and agent plane is configured in the following property:
-- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls).
-
-You should set your BPNL in the folloing property:
-- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding.
-
-## Setting up Hashicorp Vault
-
-You should set configure access to required secrets as follows:
-- 'vault.hashicorp.url': URL of the vault API
-- 'vault.hashicorp.token': A valid, generated access token.
-- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1)
-
-### Setting up the transfer token encryption
-
-Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
-you should setup a private/public certificate as well as a symmetric AES key.
- 
-- 'vault.secretNames.transferProxyTokenSignerPrivateKey': 
-- 'vault.secretNames.transferProxyTokenSignerPublicKey':
-- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
-
-## Setting up SSI
-
-### Preconditions
-
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
-  Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
-- the client ID and client secret corresponding to that account must be known
-
-### Preparatory work
-
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
-
-### Configure the chart
-
-Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
 ## Setting up the Agent Planes
 
 Make sure to adapt the Agent Plane's application-facing endpoint security:
@@ -106,7 +58,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
 
 ```shell
 helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector --version {{ .Version }}
+helm install my-release eclipse-tractusx/agent-plane --version {{ .Version }}
 ```
 
 {{ template "chart.maintainersSection" . }}
diff --git a/charts/agent-connector/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml
similarity index 66%
rename from charts/agent-connector/ci/integration-values.yaml
rename to charts/agent-plane/ci/integration-values.yaml
index 37cc28cb..55de37fd 100644
--- a/charts/agent-connector/ci/integration-values.yaml
+++ b/charts/agent-plane/ci/integration-values.yaml
@@ -1,9 +1,9 @@
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -24,19 +24,17 @@
 install:
   postgresql: true
 
+participant:
+  id: "BPNL0000000DUMMY"
+
+# image:
+#  repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp
+#  tag: 1.12.19-SNAPSHOT
+
 controlplane:
   endpoints:
     management:
       authKey: "bla"
-  ssi:
-    miw:
-      url: "https://managed-identity-wallets.int"
-      authorityId: "BPNL0000000DUMMY"
-    oauth:
-      tokenurl: "https://keycloak/auth/realms/REALM/protocol/openid-connect/token"
-      client:
-        id: "serviceaccount"
-        secretAlias: "miw-secret"
 
 vault:
   azure:
@@ -53,5 +51,21 @@ vault:
     transferProxyTokenSignerPrivateKey: "key"
     transferProxyTokenSignerPublicKey: "cert"
     transferProxyTokenEncryptionAesKey: "symmetric-key"
-participant:
-  id: "BPNL0000000DUMMY"
+
+token:
+  signer:
+    # alias under which the private key is stored in the vault (JWK or PEM format)
+    privatekey_alias: "key"
+  verifier:
+    # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+    publickey_alias: "cert"
+
+iatp:
+  sts:
+    oauth:
+      token_url: "http://keycloak/oauth/token"
+      client:
+        id: "dummy"
+        secret_alias: "dummy"
+    dim:
+      url: "http://sts.server"
diff --git a/charts/agent-connector/templates/NOTES.txt b/charts/agent-plane/templates/NOTES.txt
similarity index 50%
rename from charts/agent-connector/templates/NOTES.txt
rename to charts/agent-plane/templates/NOTES.txt
index 02f84e82..ddd034b6 100644
--- a/charts/agent-connector/templates/NOTES.txt
+++ b/charts/agent-plane/templates/NOTES.txt
@@ -1,4 +1,4 @@
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -15,50 +15,27 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
- 1. Get the control plane URL by running these commands:
-{{ with index .Values.controlplane.ingresses 0}}
-{{- if .enabled }}
-{{- range .paths }}
-  http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
-{{- end }}
-{{- else if contains "NodePort" $.Values.controlplane.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane)
-  export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }}
-{{- else if contains "ClusterIP" $.Values.controlplane.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-  echo "Visit http://127.0.0.1:8080 to use your application"
-{{- end }}
-{{- end }}
-
 2. Get the data plane URL(s) by running these commands:
-{{- range $dataplane_name, $dataplane := .Values.repositories }}
+{{- $dataplane_name := .Values.name }}
+{{- $dataplane := .Values }}
 {{ with index $dataplane.ingresses 0}}
 {{- if .enabled }}
 {{- range .paths }}
   http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
 {{- end }}
 {{- else if contains "NodePort" $dataplane.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }})
+  export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txap.fullname" $ }}-{{ $dataplane.name }})
   export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" $dataplane.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txap.fullname" $ }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txap.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ $dataplane.service.port }}
 {{- else if contains "ClusterIP" $dataplane.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txap.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
   echo "Visit http://127.0.0.1:8080 to use your application"
 {{- end }}
 {{- end }}
-{{- end }}
diff --git a/charts/agent-connector-memory/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl
similarity index 55%
rename from charts/agent-connector-memory/templates/_helpers.tpl
rename to charts/agent-plane/templates/_helpers.tpl
index 8e0a20ae..d809d091 100644
--- a/charts/agent-connector-memory/templates/_helpers.tpl
+++ b/charts/agent-plane/templates/_helpers.tpl
@@ -1,9 +1,9 @@
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -23,7 +23,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "txdc.name" -}}
+{{- define "txap.name" -}}
 {{- default .Chart.Name .Values.nameOverride | replace "+" "_"  | trunc 63 | trimSuffix "-" -}}
 {{- end }}
 
@@ -32,7 +32,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "txdc.fullname" -}}
+{{- define "txap.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -46,84 +46,64 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 
 {{/*
-Create chart name and version as used by the chart label.
+Create a default fully qualified app name for the connector.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
 */}}
-{{- define "txdc.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- define "txap.connector.fullname" -}}
+{{- if .Values.connector }}
+{{- printf "%s-%s" .Release.Name .Values.connector | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
 {{- end }}
 
 {{/*
-Control Common labels
+Create chart name and version as used by the chart label.
 */}}
-{{- define "txdc.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- define "txap.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Control Common labels
 */}}
-{{- define "txdc.controlplane.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" . }}
-{{ include "txdc.controlplane.selectorLabels" . }}
+{{- define "txap.labels" -}}
+helm.sh/chart: {{ include "txap.chart" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
-app.kubernetes.io/component: edc-controlplane
-app.kubernetes.io/part-of: edc
 {{- end }}
 
 {{/*
 Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.labels" -}}
-helm.sh/chart: {{ include "txdc.chart" .root }}
-{{ include "txdc.dataplane.selectorLabels" . }}
-{{- if .root.Chart.AppVersion }}
-app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }}
+{{- define "txap.dataplane.labels" -}}
+helm.sh/chart: {{ include "txap.chart" . }}
+{{ include "txap.dataplane.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-app.kubernetes.io/managed-by: {{ .root.Release.Service }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/component: edc-dataplane
 app.kubernetes.io/part-of: edc
 {{- end }}
 
-{{/*
-Control Selector labels
-*/}}
-{{- define "txdc.controlplane.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane
-app.kubernetes.io/instance: {{ .Release.Name }}-controlplane
-{{- end }}
-
 {{/*
 Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }}
-app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }}
+{{- define "txap.dataplane.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "txap.name" . }}-{{ .Values.name }}
+app.kubernetes.io/instance: {{ .Release.Name }}-{{ .Values.name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "txdc.controlplane.serviceaccount.name" -}}
+{{- define "txap.dataplane.serviceaccount.name" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "txdc.dataplane.serviceaccount.name" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
+{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
@@ -132,8 +112,8 @@ Create the name of the service account to use
 {{/*
 Control DSP URL
 */}}
-{{- define "txdc.controlplane.url.protocol" -}}
-{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}}
+{{- define "txap.controlplane.url.protocol" -}}
+{{- if (and .Values.controlplane.url .Values.controlplane.url.protocol) }}{{/* if dsp api url has been specified explicitly */}}
 {{- .Values.controlplane.url.protocol }}
 {{- else }}{{/* else when dsp api url has not been specified explicitly */}}
 {{- with (index .Values.controlplane.ingresses 0) }}
@@ -144,7 +124,7 @@ Control DSP URL
 {{- printf "http://%s" .hostname -}}
 {{- end }}{{/* end if tls */}}
 {{- else }}{{/* else when ingress not enabled */}}
-{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
+{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}}
 {{- end }}{{/* end if ingress */}}
 {{- end }}{{/* end with ingress */}}
 {{- end }}{{/* end if .Values.controlplane.url.protocol */}}
@@ -153,47 +133,70 @@ Control DSP URL
 {{/*
 Validation URL
 */}}
-{{- define "txdc.controlplane.url.validation" -}}
-{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}}
+{{- define "txap.controlplane.url.control" -}}
+{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}}
+{{- end }}
+
+{{/*
+Validation URL
+*/}}
+{{- define "txap.controlplane.url.management" -}}
+{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}}
+{{- end }}
+
+{{/*
+Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
+*/}}
+{{- define "txap.dataplane.url.signaling" -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}}
 {{- end }}
 
 {{/*
 Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
 */}}
-{{- define "txdc.dataplane.url.control" -}}
-{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}}
+{{- define "txap.dataplane.url.callback" -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.callback.port .Values.endpoints.callback.path -}}
 {{- end }}
 
 {{/*
-Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane)
+Data Public URL
 */}}
-{{- define "txdc.dataplane.url.public" -}}
-{{- $dataplane := .dataplane -}}
-{{- $root := .root -}}
-{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}}
-{{- .dataplane.url.public }}
+{{- define "txap.dataplane.url.public" -}}
+{{- if .Values.url.public }}{{/* if public api url has been specified explicitly */}}
+{{- .Values.url.public }}
 {{- else }}{{/* else when public api url has not been specified explicitly */}}
-{{- with (index .dataplane.ingresses 0) }}
+{{- with (index  .Values.ingresses 0) }}
 {{- if .enabled }}{{/* if ingress enabled */}}
 {{- if .tls.enabled }}{{/* if TLS enabled */}}
-{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}}
+{{- printf "https://%s%s" .hostname $.Values.endpoints.public.path -}}
 {{- else }}{{/* else when TLS not enabled */}}
-{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}}
+{{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}}
 {{- end }}{{/* end if tls */}}
 {{- else }}{{/* else when ingress not enabled */}}
-{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}}
+{{- printf "http://%s-%s:%v%s" (include "txap.fullname" $ ) $.Values.name $.Values.endpoints.public.port $.Values.endpoints.public.path -}}
 {{- end }}{{/* end if ingress */}}
 {{- end }}{{/* end with ingress */}}
-{{- end }}{{/* end if .url.public */}}
+{{- end }}{{/* end if .Values.url.public */}}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "txdc.serviceAccountName" -}}
+{{- define "txap.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "txap.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+join a map
+*/}}
+{{- define "txap.remotes" -}}
+{{- $res := dict "servers" (list) -}}
+{{- range $bpn, $connector := .Values.agent.connectors -}}
+{{- $noop := printf "%s=%s" $bpn $connector | append $res.servers | set $res "servers" -}}
+{{- end -}}
+{{- join "," $res.servers }}
+{{- end -}}
diff --git a/charts/agent-connector-memory/templates/configmap-dataplane.yaml b/charts/agent-plane/templates/configmap-dataplane.yaml
similarity index 62%
rename from charts/agent-connector-memory/templates/configmap-dataplane.yaml
rename to charts/agent-plane/templates/configmap-dataplane.yaml
index b5dda6ea..e85ddbd8 100644
--- a/charts/agent-connector-memory/templates/configmap-dataplane.yaml
+++ b/charts/agent-plane/templates/configmap-dataplane.yaml
@@ -1,12 +1,9 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 ---
 #
-#  Copyright (c) 2023 T-Systems International GmbH
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2024 T-Systems International GmbH
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -23,13 +20,14 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }}
-  namespace: {{ $root.Release.Namespace | default "default" | quote }}
+  name: {{ include "txap.fullname" . }}-{{- $dataplane_name }}
+  namespace: {{ .Release.Namespace | default "default" | quote }}
   labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
 data:
   opentelemetry.properties: |-
     {{- $dataplane.opentelemetry | nindent 4 }}
@@ -42,4 +40,3 @@ data:
   {{ $config_value | nindent 4 }}
   {{- end }}
 
-{{- end }}
diff --git a/charts/agent-connector/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml
similarity index 63%
rename from charts/agent-connector/templates/deployment-dataplane.yaml
rename to charts/agent-plane/templates/deployment-dataplane.yaml
index 88025036..0d374aff 100644
--- a/charts/agent-connector/templates/deployment-dataplane.yaml
+++ b/charts/agent-plane/templates/deployment-dataplane.yaml
@@ -1,12 +1,12 @@
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 ---
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -26,16 +26,16 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
+  name: {{ include "txap.fullname" . }}-{{ $dataplane.name }}
   labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
 spec:
   {{- if not $dataplane.autoscaling.enabled }}
   replicas: {{ $dataplane.replicaCount }}
   {{- end }}
   selector:
     matchLabels:
-      {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }}
+      {{- include "txap.dataplane.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- with $dataplane.podAnnotations }}
@@ -43,30 +43,28 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }}
+        {{- include "txap.dataplane.selectorLabels" . | nindent 8 }}
         {{- with $dataplane.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
-      {{- with $root.Values.imagePullSecrets }}
+      {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      serviceAccountName: {{ include "txdc.serviceAccountName" $root }}
+      serviceAccountName: {{ include "txap.serviceAccountName" . }}
       securityContext:
         {{- toYaml $dataplane.podSecurityContext | nindent 8 }}
       initContainers:
         {{- toYaml $dataplane.initContainers | nindent 8 }}
       containers:
-        - name: {{ $root.Chart.Name }}
+        - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml $dataplane.securityContext | nindent 12 }}
           {{- if $dataplane.image.repository }}
-          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.5.0" }}"
-          {{- else if $dataplane.agent }}
-          image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}"
+          image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
           {{- else }}
-          image: "tractusx/edc-dataplane-hashicorp-vault:{{ $dataplane.image.tag | default "0.5.0" }}"
+          image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default .Chart.AppVersion }}"
           {{- end }}
           imagePullPolicy: {{ $dataplane.image.pullPolicy }}
           ports:
@@ -111,29 +109,92 @@ spec:
             {{- end }}
           {{- end }}
 
+            ########################
+            ## ID CONFIGURATION ##
+            ########################
+            - name: EDC_PARTICIPANT_ID
+              value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
+            - name: "EDC_IAM_ISSUER_ID"
+              value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}}
+
             #######
             # API #
             #######
+            - name: "EDC_API_AUTH_KEY"
+              value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
+
             - name: "WEB_HTTP_DEFAULT_PORT"
               value: {{ $dataplane.endpoints.default.port | quote }}
             - name: "WEB_HTTP_DEFAULT_PATH"
               value: {{ $dataplane.endpoints.default.path | quote }}
-            - name: "WEB_HTTP_CONTROL_PORT"
-              value: {{ $dataplane.endpoints.control.port | quote }}
-            - name: "WEB_HTTP_CONTROL_PATH"
-              value: {{ $dataplane.endpoints.control.path | quote }}
             - name: "WEB_HTTP_PUBLIC_PORT"
               value: {{ $dataplane.endpoints.public.port | quote }}
             - name: "WEB_HTTP_PUBLIC_PATH"
               value: {{ $dataplane.endpoints.public.path | quote }}
+            - name: "WEB_HTTP_SIGNALING_PORT"
+              value: {{ $dataplane.endpoints.signaling.port | quote }}
+            - name: "WEB_HTTP_SIGNALING_PATH"
+              value: {{ $dataplane.endpoints.signaling.path | quote }}
+            - name: "WEB_HTTP_CALLBACK_PORT"
+              value: {{ $dataplane.endpoints.callback.port | quote }}
+            - name: "WEB_HTTP_CALLBACK_PATH"
+              value: {{ $dataplane.endpoints.callback.path | quote }}
+
             - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT"
-              value: {{ include "txdc.controlplane.url.validation" $root}}
+              value: {{ include "txap.controlplane.url.control" .}}/token
+
+            ###########
+            ## VAULT ##
+            ###########
+
+            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault
+            - name: "EDC_VAULT_HASHICORP_URL"
+              value: {{ tpl .Values.vault.hashicorp.url . | required ".Values.vault.hashicorp.url is required" | quote }}
+            - name: "EDC_VAULT_HASHICORP_TOKEN"
+              value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }}
+            - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS"
+              value: {{ .Values.vault.hashicorp.timeout | quote }}
+            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED"
+              value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }}
+            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK"
+              value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }}
+            - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH"
+              value: {{ .Values.vault.hashicorp.paths.secret | quote }}
+            - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
+              value: {{ .Values.vault.hashicorp.paths.health | quote }}
+
+            ##################
+            ## TOKEN REFRESH
+            ##################
+            {{- if $dataplane.token.refresh.expiry_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY"
+              value: {{ $dataplane.token.refresh.expiry_seconds | quote}}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.expiry_tolerance_seconds }}
+            - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE"
+              value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }}
+            {{- end}}
+
+            {{- if $dataplane.token.refresh.refresh_endpoint }}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ $dataplane.token.refresh.refresh_endpoint }}
+            {{- else}}
+            - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT"
+              value: {{ include "txap.dataplane.url.public" . }}/token
+            {{- end}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
+              value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}}
+
+            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
+              value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }}
 
             ###################
             # AUTH (JWT)      #
             ###################
           {{- if $dataplane.auth }}
-          {{- range $auth, $authDef := $dataplane.auth }} 
+          {{- range $auth, $authDef := $dataplane.auth }}
             - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }}
               value: {{ $authDef.type | required "Authentication Service needs a type" | quote }}
             - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }}
@@ -154,61 +215,68 @@ spec:
             - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }}
               value: {{ $authDef.vaultKey | quote }}
           {{- end }}
-          {{- if $authDef.publicKey }}   
+          {{- if $authDef.publicKey }}
             - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }}
               value: {{ $authDef.publicKey | quote }}
           {{- end }}
-          {{- if $authDef.checkExpiry }}   
+          {{- if $authDef.checkExpiry }}
             - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }}
               value: {{ $authDef.checkExpiry | quote }}
           {{- end }}
           {{- end }}
           {{- end }}
 
-          {{- if $dataplane.endpoints.callback }}
+            #############################
+            ## IATP / STS / DIM CONFIG ##
+            #############################
+            - name: "EDC_IAM_STS_OAUTH_TOKEN_URL"
+              value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}}
+            - name: "EDC_IAM_STS_OAUTH_CLIENT_ID"
+              value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}}
+            - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS"
+              value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}}
+            - name: "EDC_IAM_STS_DIM_URL"
+              value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}}
+            {{- range $index, $issuer := .Values.iatp.trustedIssuers }}
+            - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID"
+              value: {{ $issuer | quote }}
+            {{- end }}
+
+            #########################
+            ## DATA PLANE PUBLIC API
+            ########################
+            - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL"
+              value: {{ include "txap.dataplane.url.public" . }}
 
             ###################
             # AGENT CALLBACK  #
             ###################
-            - name: "WEB_HTTP_CALLBACK_PORT"
-              value: {{ $dataplane.endpoints.callback.port | quote }}
-            - name: "WEB_HTTP_CALLBACK_PATH"
-              value: {{ $dataplane.endpoints.callback.path | quote }}
             - name: "CX_AGENT_CALLBACK"
-              value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }}
-            - name: "EDC_API_AUTH_KEY"
-              value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }}
-            - name: "EDC_PARTICIPANT_ID"
-              value: {{ $root.Values.participant.id | quote }}
+              value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started
             - name: "CX_AGENT_CONTROLPLANE_PROTOCOL"
-              value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }}
+              value: {{ include "txap.controlplane.url.protocol" . }}
             - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT"
-              value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }}
-          {{- end }}
-
-          {{- if $dataplane.agent }}
-            - name: "CX_AGENT_EDC_VERSION"
-              value: {{ $dataplane.agent.edcVersion | default $root.Values.controlplane.image.tag | quote }}
-          {{- end }}
-
+              value: {{ include "txap.controlplane.url.management" . }}
+ 
           {{- if $dataplane.agent.matchmaking }}
             - name: "CX_AGENT_MATCHMAKING"
               value: {{ $dataplane.agent.matchmaking | quote }}
           {{- end }}
 
-          {{- if $dataplane.agent.default }}
+          {{- if $dataplane.agent.skillcontract }}
+            - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT"
+              value: {{ $dataplane.agent.skillcontract | quote }}
+          {{- end }}
 
+          {{- if $dataplane.agent.default }}
             ###############
             # AGENT INIT  #
             ###############
             - name: "CX_AGENT_ASSET_FILE"
               value: {{ join "," $dataplane.agent.default | quote }} 
-            - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT"
-              value: {{ $dataplane.agent.skillcontract | quote }}
           {{- end }}
-          
-          {{- if $dataplane.agent.services }}
 
+          {{- if $dataplane.agent.services }}
             ###################
             # AGENT SERVICES #
             ###################
@@ -231,19 +299,16 @@ spec:
           {{- end }}
           {{- end }}
           {{- end }}
-
-          {{- if $dataplane.agent.connectors }}
-
+          
             ###################
             # AGENT SYNC      #
             ###################
             - name: "CX_AGENT_DATASPACE_REMOTES"
-              value: {{ join "," $dataplane.agent.connectors | quote }} 
+              value: {{ include "txap.remotes" . }}
             - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION"
               value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }}
             - name: "CX_AGENT_FEDERATION_BATCH_MAX"
               value: {{ $dataplane.agent.maxbatchsize | quote }} 
-          {{- end }}
 
             #######
             # AWS #
@@ -261,45 +326,45 @@ spec:
               value: {{ $dataplane.aws.accessKeyId | quote }}
             {{- end }}
 
-            ###############
-            ## EDR CACHE ##
-            ###############
+            ################
+            ## POSTGRESQL ##
+            ################
 
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql
+            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/common/store/sql/edr-index-sql
             - name: "EDC_DATASOURCE_EDR_NAME"
               value: "edr"
             - name: "EDC_DATASOURCE_EDR_USER"
-              value: {{ $root.Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
+              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
             - name: "EDC_DATASOURCE_EDR_PASSWORD"
-              value: {{ $root.Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
+              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
             - name: "EDC_DATASOURCE_EDR_URL"
-              value: {{ tpl $root.Values.postgresql.jdbcUrl $root | quote }}
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
-            ###########
-            ## VAULT ##
-            ###########
+            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/data-plane-store-sql
+            - name: "EDC_DATASOURCE_DATAPLANE_NAME"
+              value: "edr"
+            - name: "EDC_DATASOURCE_DATAPLANE_USER"
+              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
+            - name: "EDC_DATASOURCE_DATAPLANE_PASSWORD"
+              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
+            - name: "EDC_DATASOURCE_DATAPLANE_URL"
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault
-            - name: "EDC_VAULT_HASHICORP_URL"
-              value: {{ tpl $root.Values.vault.hashicorp.url $root | required ".Values.vault.hashicorp.url is required" | quote }}
-            - name: "EDC_VAULT_HASHICORP_TOKEN"
-              value: {{ $root.Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }}
-            - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS"
-              value: {{ $root.Values.vault.hashicorp.timeout | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED"
-              value: {{ $root.Values.vault.hashicorp.healthCheck.enabled | quote }}
-            - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK"
-              value: {{ $root.Values.vault.hashicorp.healthCheck.standbyOk | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH"
-              value: {{ $root.Values.vault.hashicorp.paths.secret | quote }}
-            - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
-              value: {{ $root.Values.vault.hashicorp.paths.health | quote }}
+            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/accesstokendata-store-sql
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_NAME"
+              value: "edr"
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_USER"
+              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_PASSWORD"
+              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
+            - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL"
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
             ######################################
             ## Additional environment variables ##
             ######################################
             - name: "EDC_CONNECTOR_NAME"
-              value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }}
+              value: {{ include "txap.fullname" .}}-{{ $dataplane.name }}
           {{- range $key, $value := $dataplane.envValueFrom }}
             - name: {{ $key | quote }}
               valueFrom:
@@ -338,7 +403,7 @@ spec:
       volumes:
         - name: "configuration"
           configMap:
-            name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }}
+            name: {{ include "txap.fullname" . }}-{{ $dataplane_name }}
             items:
               - key: "opentelemetry.properties"
                 path: "opentelemetry.properties"
@@ -362,4 +427,3 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml b/charts/agent-plane/templates/hpa-dataplane.yaml
similarity index 81%
rename from charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml
rename to charts/agent-plane/templates/hpa-dataplane.yaml
index d9c0f6c2..322a6745 100644
--- a/charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml
+++ b/charts/agent-plane/templates/hpa-dataplane.yaml
@@ -1,12 +1,14 @@
 {{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 {{- if $dataplane.autoscaling.enabled }}
 ---
 #
+#  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -26,14 +28,14 @@
 apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
-  name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
+  name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }}
   labels:
-    {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
+    {{- include "txap.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
 spec:
   scaleTargetRef:
     apiVersion: apps/v1
     kind: Deployment
-    name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }}
+    name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }}
   minReplicas: {{ $dataplane.autoscaling.minReplicas }}
   maxReplicas: {{ $dataplane.autoscaling.maxReplicas }}
   metrics:
@@ -49,5 +51,4 @@ spec:
         name: memory
         targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }}
     {{- end }}
-{{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/agent-connector-azure-vault/templates/ingress-dataplane.yaml b/charts/agent-plane/templates/ingress-dataplane.yaml
similarity index 89%
rename from charts/agent-connector-azure-vault/templates/ingress-dataplane.yaml
rename to charts/agent-plane/templates/ingress-dataplane.yaml
index 7d03fbff..4302a890 100644
--- a/charts/agent-connector-azure-vault/templates/ingress-dataplane.yaml
+++ b/charts/agent-plane/templates/ingress-dataplane.yaml
@@ -1,22 +1,21 @@
-{{- $fullName := include "txdc.fullname" . }}
+{{- $fullName := include "txap.fullname" . }}
 {{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
 {{- $namespace := .Release.Namespace }}
-{{ $root := . }}
-{{- range $dataplane_name, $dataplane := .Values.dataplanes }}
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 {{- $dataEdcEndpoints := $dataplane.endpoints }}
-{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }}
-
+{{- $dataLabels := include "txap.dataplane.labels" . | nindent 4 }}
 {{- range $dataplane.ingresses }}
 {{- if and .enabled .endpoints }}
 {{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }}
 {{- $annotations := .annotations | default dict }}
 ---
 #
-#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023,2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -100,4 +99,3 @@ spec:
   {{- end }}
 {{- end }}{{- /* end: if .enabled */}}
 {{- end }}{{- /* end: range .Values.ingresses */}}
-{{- end }}{{- /* end: range .Values.dataplanes */}}
diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml
new file mode 100644
index 00000000..34f5b3ec
--- /dev/null
+++ b/charts/agent-plane/templates/service-dataplane.yaml
@@ -0,0 +1,48 @@
+---
+#
+#  Copyright (c) 2024 T-Systems International GmbH
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "txap.fullname" . }}-{{ .Values.name }}
+  namespace: {{.Release.Namespace | default "default" | quote }}
+  labels:
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.endpoints.default.port }}
+      targetPort: default
+      protocol: TCP
+      name: default
+    - port: {{ .Values.endpoints.signaling.port }}
+      targetPort: signaling
+      protocol: TCP
+      name: signaling
+    - port: {{ .Values.endpoints.public.port }}
+      targetPort: public
+      protocol: TCP
+      name: public
+    - port: {{ .Values.endpoints.callback.port }}
+      targetPort: callback
+      protocol: TCP
+      name: callback
+  selector:
+    {{- include "txap.dataplane.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/agent-connector-azure-vault/templates/serviceaccount.yaml b/charts/agent-plane/templates/serviceaccount.yaml
similarity index 84%
rename from charts/agent-connector-azure-vault/templates/serviceaccount.yaml
rename to charts/agent-plane/templates/serviceaccount.yaml
index f94ad14e..2daf1e45 100644
--- a/charts/agent-connector-azure-vault/templates/serviceaccount.yaml
+++ b/charts/agent-plane/templates/serviceaccount.yaml
@@ -1,10 +1,11 @@
 {{- if .Values.serviceAccount.create -}}
 ---
 #
+#  Copyright (c) 2024 T-Systems International GmbH
 #  Copyright (c) 2023 ZF Friedrichshafen AG
 #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
 #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -24,9 +25,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "txdc.serviceAccountName" . }}
+  name: {{ include "txap.serviceAccountName" . }}
   labels:
-    {{- include "txdc.labels" . | nindent 4 }}
+    {{- include "txap.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
diff --git a/charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml
similarity index 65%
rename from charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml
rename to charts/agent-plane/templates/tests/test-dataplane-readiness.yaml
index efd6f3b1..7fa5ba0d 100644
--- a/charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml
+++ b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#  Copyright (c) 2023,2024 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -16,14 +16,15 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 #
-
+{{ $dataplane_name := .Values.name }}
+{{ $dataplane := .Values }}
 ---
 apiVersion: v1
 kind: Pod
 metadata:
-  name: "{{include "txdc.fullname" .}}test-controlplane-readiness"
+  name: "{{include "txap.fullname" .}}test-dataplane-readiness"
   labels:
-    {{- include "txdc.controlplane.labels" . | nindent 4 }}
+    {{- include "txap.dataplane.labels" . | nindent 4 }}
   annotations:
     "helm.sh/hook": test
     "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }}
@@ -31,6 +32,6 @@ spec:
   containers:
     - name: wget
       image: curlimages/curl
-      command: [ 'curl' ]
-      args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ]
+      command: [ '/bin/sh','-c' ]
+      args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ]
   restartPolicy: Never
diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml
new file mode 100644
index 00000000..ef388318
--- /dev/null
+++ b/charts/agent-plane/values.yaml
@@ -0,0 +1,413 @@
+#
+#  Copyright (c) 2024 T-Systems International GmbH
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+# Default values for agent-plane.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+install:
+  postgresql: false
+  vault: false
+
+fullnameOverride: ""
+nameOverride: ""
+# -- Image registry to use
+imageRegistry: docker.io/
+# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
+imagePullSecrets: []
+# -- To add some custom labels
+customLabels: {}
+
+postgresql:
+  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
+  primary:
+    persistence:
+      enabled: false
+  readReplicas:
+    persistence:
+      enabled: false
+  auth:
+    database: "edc"
+    username: "user"
+    password: "password"
+
+participant:
+  # -- BPN Number
+  id: ""
+
+iatp:
+  # Decentralized IDentifier
+  id: "did:web:changeme"
+  # -- Configures the trusted issuers for this runtime
+  trustedIssuers: []
+  sts:
+    dim:
+      url:
+    oauth:
+      token_url:
+      client:
+        id:
+        secret_alias:
+
+# -- Name of the connector deployment
+connector: ""
+
+# -- References to the control plane deployment
+controlplane:
+  endpoints:
+    # -- data management api, used by internal users, can be added to an ingress and must not be internet facing
+    management:
+      # -- port for incoming api calls
+      port: 8081
+      # -- path for incoming api calls
+      path: /management
+      # -- authentication key, must be attached to each 'X-Api-Key' request header
+      authKey: ""
+    # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
+    control:
+      # -- port for incoming api calls
+      port: 8083
+      # -- path for incoming api calls
+      path: /control
+    # -- dsp api, used for inter connector communication and must be internet facing
+    protocol:
+      # -- port for incoming api calls
+      port: 8084
+      # -- path for incoming api calls
+      path: /api/v1/dsp
+  ingresses:
+    - enabled: false
+
+# -- the name of the dataplane
+name: "agentplane"
+# -- a comma-separated list of supported asset types
+sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"
+# -- a comma-separated list of supported transfer types
+destinationTypes: "HttpProxy,AmazonS3"
+image:
+  # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically
+  repository: ""
+  # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
+  pullPolicy: IfNotPresent
+  # -- Overrides the image tag whose default is the chart appVersion
+  tag: ""
+initContainers: []
+debug:
+  enabled: false
+  port: 1044
+  suspendOnStart: false
+livenessProbe:
+  # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  enabled: true
+  # -- seconds to wait before performing the first liveness check
+  initialDelaySeconds: 30
+  # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
+  periodSeconds: 10
+  # -- number of seconds after which the probe times out
+  timeoutSeconds: 5
+  # -- when a probe fails kubernetes will try 6 times before giving up
+  failureThreshold: 6
+  # -- number of consecutive successes for the probe to be considered successful after having failed
+  successThreshold: 1
+readinessProbe:
+  # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  enabled: true
+  # -- seconds to wait before performing the first readiness check
+  initialDelaySeconds: 30
+  # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
+  periodSeconds: 10
+  # -- number of seconds after which the probe times out
+  timeoutSeconds: 5
+  # -- when a probe fails kubernetes will try 6 times before giving up
+  failureThreshold: 6
+  # -- number of consecutive successes for the probe to be considered successful after having failed
+  successThreshold: 1
+service:
+  # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
+  type: ClusterIP
+  port: 80
+endpoints:
+  default:
+    port: 8080
+    path: /api
+  public:
+    port: 8081
+    path: /api/public
+  signaling:
+    port: 8083
+    path: /api/signaling
+  callback:
+    port: 8087
+    path: /callback
+
+token:
+  refresh:
+    expiry_seconds: 300
+    expiry_tolerance_seconds: 10
+    # optional URL that can be provided where clients go to refresh tokens.
+    refresh_endpoint:
+  signer:
+    # alias under which the private key is stored in the vault (JWK or PEM format)
+    privatekey_alias:
+  verifier:
+    # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+    publickey_alias:
+
+# -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries
+auth:
+  # -- the default authentication service
+  default:
+    # -- the type of the default authentication service (api-key, jwt or composite)
+    type: api-key
+    # -- the context(s) of the default authentication service separated by commas
+    context: default
+    # -- excluded paths for liveness checks and validation
+    exclude: ".*/(check|validation).*"
+    # -- controls whether this service should be registered as the default EDC authentication service globally
+    register: false
+    # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart.
+    apiCode: "69609650"
+    # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead
+    vaultKey:
+    # -- public key for checking the validity of jwt tokens, set this when type=jwt
+    publicKey:
+    # -- controls whether the expiry date of jwt tokens is checked when type=jwt
+    checkExpiry: true
+aws:
+  endpointOverride: ""
+  accessKeyId: ""
+  secretAccessKey: ""
+# -- additional labels for the pod
+podLabels: {}
+# -- additional annotations for the pod
+podAnnotations: {}
+# -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
+podSecurityContext:
+  seccompProfile:
+    # -- Restrict a Container's Syscalls with seccomp
+    type: RuntimeDefault
+  # -- Runs all processes within a pod with a special uid
+  runAsUser: 10001
+  # -- Processes within a pod will belong to this guid
+  runAsGroup: 10001
+  # -- The owner for volumes and any files created within volumes will belong to this guid
+  fsGroup: 10001
+# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
+securityContext:
+  capabilities:
+    # -- Specifies which capabilities to drop to reduce syscall attack surface
+    drop:
+      - ALL
+    # -- Specifies which capabilities to add to issue specialized syscalls
+    add: []
+  # -- Whether the root filesystem is mounted in read-only mode
+  readOnlyRootFilesystem: true
+  # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
+  allowPrivilegeEscalation: false
+  # -- Requires the container to run without root privileges
+  runAsNonRoot: true
+  # -- The container's process will run with the specified uid
+  runAsUser: 10001
+# Extra environment variables that will be pass onto deployment pods
+env: {}
+#  ENV_NAME: value
+
+# "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
+# ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
+envValueFrom: {}
+#  ENV_NAME:
+#    configMapKeyRef:
+#      name: configmap-name
+#      key: value_key
+#    secretKeyRef:
+#      name: secret-name
+#      key: value_key
+
+# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
+envSecretNames: []
+#  - first-secret
+#  - second-secret
+
+# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
+envConfigMapNames: []
+#  - first-config-map
+#  - second-config-map
+
+## Ingress declaration to expose the network service.
+ingresses:
+  ## Public / Internet facing Ingress
+  - enabled: false
+    # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
+    hostname: "edc-data.local"
+    # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"}
+    annotations:
+        # Sample settings for more demanding use cases
+        # nginx.org/proxy-connect-timeout: "30s"
+        # nginx.org/proxy-read-timeout: "360s"
+        # nginx.org/client-max-body-size: "10m"
+    # -- EDC endpoints exposed by this ingress resource
+    endpoints:
+      - public
+    # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
+    className: ""
+    # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
+    tls:
+      # -- Enables TLS on the ingress resource
+      enabled: false
+      # -- If present overwrites the default secret name
+      secretName: ""
+    ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
+    certManager:
+      # -- If preset enables certificate generation via cert-manager namespace scoped issuer
+      issuer: ""
+      # -- If preset enables certificate generation via cert-manager cluster-wide issuer
+      clusterIssuer: ""
+# -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
+volumeMounts: []
+# -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
+volumes: []
+# -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
+resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+limits:
+  cpu: 1.5
+  memory: 1024Mi
+requests:
+  cpu: 500m
+  memory: 128Mi
+replicaCount: 1
+autoscaling:
+  # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
+  enabled: false
+  # -- Minimal replicas if resource consumption falls below resource threshholds
+  minReplicas: 1
+  # -- Maximum replicas if resource consumption exceeds resource threshholds
+  maxReplicas: 100
+  # -- targetAverageUtilization of cpu provided to a pod
+  targetCPUUtilizationPercentage: 80
+  # -- targetAverageUtilization of memory provided to a pod
+  targetMemoryUtilizationPercentage: 80
+# -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics
+opentelemetry: |-
+  otel.javaagent.enabled=false
+  otel.javaagent.debug=false
+# -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
+logging: |-
+  .level=INFO
+  org.eclipse.edc.level=ALL
+  handlers=java.util.logging.ConsoleHandler
+  java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
+  java.util.logging.ConsoleHandler.level=ALL
+  java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
+# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
+nodeSelector: {}
+# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
+tolerations: []
+# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
+affinity: {}
+url:
+  # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used)
+  public: ""
+# -- A set of additional configuration files
+configs:
+  # -- An example of an empty graph in ttl syntax
+  dataspace.ttl: |
+    #################################################################
+    # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT
+    #################################################################
+    @prefix : <GraphAsset?local=Dataspace> .
+    @base <GraphAsset?local=Dataspace> .
+# -- Agent-Specific Settings
+agent:
+  # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue
+  default:
+    - dataspace.ttl
+    - https://w3id.org/catenax/ontology.ttl
+  # -- The synchronization interval in ms to update the federated data catalogue
+  synchronization: -1
+  # -- A map of partner ids to remote connector IDS URLs to synchronize with
+  connectors: {}
+  # -- Names the visible contract under which new skills are published (if not otherwise specified)
+  skillcontract: Contract?partner=Skill
+  # -- Sets the maximal batch size when delegating to agents and services
+  maxbatchsize: '9223372036854775807'
+  # -- A set of configs for regulating outgoing service calls
+  services:
+    # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
+    allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)'
+    # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
+    deny: 'http://.*'
+    # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given)
+    asset:
+      # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
+      allow: '(edcs?://.*)'
+      # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property)
+      deny: 'https?://.*'
+
+# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
+vault:
+  injector:
+    enabled: false
+  server:
+    dev:
+      enabled: true
+      devRootToken: "root"
+    postStart:    # must be set externally!
+  hashicorp:
+    # -- URL to the vault service, needs to be changed if install.vault=false
+    url: "http://{{ .Release.Name }}-vault:8200"
+    # -- Access token to the vault service needs to be changed if install.vault=false
+    token: ""
+    timeout: 30
+    healthCheck:
+      enabled: true
+      standbyOk: true
+    paths:
+      # -- Path to secrets needs to be changed if install.vault=false
+      secret: /v1/secret
+      # -- Default health api
+      health: /v1/sys/health
+  secretNames:
+    # -- sign handed out tokens with this key
+    transferProxyTokenSignerPrivateKey:
+    # -- sign handed out tokens with this certificate
+    transferProxyTokenSignerPublicKey:
+    # -- encrypt handed out tokens with this symmetric key
+    transferProxyTokenEncryptionAesKey:
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+  # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
+  imagePullSecrets: []
+
+# -- Configurations for Helm tests
+tests:
+  # -- Configure the hook-delete-policy for Helm tests
+  hookDeletePolicy: before-hook-creation,hook-succeeded
diff --git a/charts/config/chart-integration-config.yaml b/charts/config/chart-integration-config.yaml
index 175364a9..690637ff 100644
--- a/charts/config/chart-integration-config.yaml
+++ b/charts/config/chart-integration-config.yaml
@@ -18,7 +18,5 @@
 ---
 # Config for testing charts
 validate-maintainers: false
-helm-extra-args:
+helm-extra-set-args: "--set=imageRegistry=kind-registry:5000/"
 chart-repos:
- - helm=https://helm.releases.hashicorp.com
- - bitnami=https://charts.bitnami.com/bitnami
diff --git a/charts/config/chart-testing-config.yaml b/charts/config/chart-testing-config.yaml
index 4363be3e..690637ff 100644
--- a/charts/config/chart-testing-config.yaml
+++ b/charts/config/chart-testing-config.yaml
@@ -18,7 +18,5 @@
 ---
 # Config for testing charts
 validate-maintainers: false
-helm-extra-args: "--set imageRegistry=kind-registry:5000/ --set controlplane.endpoints.management.authKey=test --set vault.hashicorp.token=DUMMY --set participant.id=BPNL0000000DUMMY --set vault.azure.client=AZURE_CLIENT --set vault.azure.tenant=AZURE_TENANT --set vault.azure.name=AZURE_NAME"
+helm-extra-set-args: "--set=imageRegistry=kind-registry:5000/"
 chart-repos:
- - helm=https://helm.releases.hashicorp.com
- - bitnami=https://charts.bitnami.com/bitnami
diff --git a/common/README.md b/common/README.md
index 507d1e67..d22c5248 100644
--- a/common/README.md
+++ b/common/README.md
@@ -57,7 +57,7 @@ add the following dependency to your maven dependencies (gradle should work anal
         <dependency>
           <groupId>org.eclipse.tractusx.edc</groupId>
           <artifactId>auth-jwt</artifactId>
-          <version>1.12.18-SNAPSHOT</version>
+          <version>1.12.19-SNAPSHOT</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/common/auth-jwt/README.md b/common/auth-jwt/README.md
index ca49fcb1..e62de9af 100644
--- a/common/auth-jwt/README.md
+++ b/common/auth-jwt/README.md
@@ -37,7 +37,7 @@ Add the following dependency to your EDC artifact pom:
         <dependency>
             <groupId>org.eclipse.tractusx.agents.edc</groupId>
             <artifactId>auth-jwt</artifactId>
-            <version>1.12.18-SNAPSHOT</version>
+            <version>1.12.19-SNAPSHOT</version>
         </dependency>
 ```
 
diff --git a/common/auth-jwt/pom.xml b/common/auth-jwt/pom.xml
index 35550357..6a95c4a1 100644
--- a/common/auth-jwt/pom.xml
+++ b/common/auth-jwt/pom.xml
@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.eclipse.tractusx.agents</groupId>
         <artifactId>edc</artifactId>
-        <version>1.12.18-SNAPSHOT</version>
+        <version>1.12.19-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
diff --git a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java
index d9a55b51..5f09f50f 100644
--- a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java
+++ b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 //
 // See the NOTICE file(s) distributed with this work for additional
 // information regarding copyright ownership.
@@ -186,7 +186,7 @@ public Builder addKey(String key) {
                         key = null;
                     }
                 } catch (MalformedURLException e) {
-                    monitor.warning("Trying to parse key URL run into error. Ignoring", e);
+                    monitor.debug("Trying to parse key URL run into error. Ignoring", e);
                 }
             }
             if (key != null) {
diff --git a/docs/README.md b/docs/README.md
index a52f3ac8..bb42cdba 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -49,19 +49,14 @@ using different extensions for
 
 ## Connector Setup
 
-The three supported setups are.
-
-- Setup 1: Pure in Memory & Hashicorp Vault **Not intended for production use!**
-  - [Control Plane](https://github.com/eclipse-tractusx/edc-controlplane/edc-controlplane-memory-hashicorp-vault/README.md)
-  - [Agent Plane](../agent-plane/agentplane-hashicorp/README.md)
-      - [Data Plane](https://github.com/eclipse-tractusx/edc-dataplane/edc-dataplane-hashicorp-vault/README.md)
-      - [JWT Auth Extension](../common/jwt-auth/README.md)
-- Setup 2: PostgreSQL & Azure Vault 
+The two supported setups are.
+
+- Setup 1: PostgreSQL & Azure Vault 
     - [Control Plane](https://github.com/eclipse-tractusx/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md)
     - [Agent Plane](../agent-plane/agentplane-azure-vault/README.md)
         - [Data Plane](https://github.com/eclipse-tractusx/edc-dataplane/edc-dataplane-azure-vault/README.md)
         - [JWT Auth Extension](../common/jwt-auth/README.md)
-- Setup 3: PostgreSQL & HashiCorp Vault
+- Setup 2: PostgreSQL & HashiCorp Vault
     - [Control Plane](https://github.com/eclipse-tractusx/edc-controlplane/README.md)
     - [Agent Plane](../agent-plane/agentplane-hashicorp/README.md)
         - [Data Plane](https://github.com/eclipse-tractusx/edc-dataplane/edc-dataplane-hashicorp-vault/README.md)
@@ -69,126 +64,147 @@ The three supported setups are.
 
 ## Helm Deployment
 
-To install a KA-enabled EDC (Setup 1 - Memory & Hashicorp Vault), add the following lines to the dependency section of your Charts.yaml
+To install a KA-enabled EDC (Setup 1 - Postgresql & Hashicorp Vault), add the following lines to the dependency section of your Charts.yaml
 
 ```yaml
 dependencies:
   
-    - name: agent-connector-memory
+    - name: tractusx-connector
       repository: https://eclipse-tractusx.github.io/charts/dev
-      version: 1.12.18-SNAPSHOT
+      version: 0.7.0
       alias: my-connector
-```
-
-To install a KA-enabled EDC (Setup 2 -Postgresql & Azure Vault), add the following lines to the dependency section of your Charts.yaml
-
-```yaml
-dependencies:
-  
-    - name: agent-connector-azure-vault
+    - name: agent-plane
       repository: https://eclipse-tractusx.github.io/charts/dev
-      version: 1.12.18-SNAPSHOT
-      alias: my-connector
+      version: 1.12.19-SNAPSHOT
+      alias: my-agent
 ```
 
-To install a KA-enabled EDC (Setup 3 -Postgresql & Hashicorp Vault), add the following lines to the dependency section of your Charts.yaml
+To install a KA-enabled EDC (Setup 2 - Postgresql & Azure Vault), add the following lines to the dependency section of your Charts.yaml
 
 ```yaml
 dependencies:
   
-    - name: agent-connector
+    - name: tractusx-connector
       repository: https://eclipse-tractusx.github.io/charts/dev
-      version: 1.12.18-SNAPSHOT
+      version: 0.7.0
       alias: my-connector
+    - name: agent-plane-azure-vault
+      repository: https://eclipse-tractusx.github.io/charts/dev
+      version: 1.12.19-SNAPSHOT
+      alias: my-agent
 ```
 
-The configuration in your values.yaml follows the [Tractux-X EDC Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/charts/tractusx-connector/README.md), but provides for several data planes with different source type profiles including special settings for an Agent Plane.
-The agent-connector chart is documented [here](charts/agent-connector/README.md).
+The configuration in your values.yaml follows the [Tractux-X EDC Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/charts/tractusx-connector/README.md).
+A few sections can be copied over 1-1 to the agent-plane which we demonstrate in the following.
+The agent-plane chart is documented [here](charts/agent-plane/README.md).
+The agent-plane-azure-vault chart is documented [here](charts/agent-plane-azure-vault/README.md).
 
 ```yaml
 my-connector:
-  participant:
+  fullnameOverride: my-connector
+  # -- Dataspace Settings
+  participant: &dataspacesettings
     id: BPNL0000000DUMMY
-  nameOverride: my-connector
-  fullnameOverride: "my-connector"
   # -- Self-Sovereign Identity Settings
-  ssi:
-    miw:
-      # -- MIW URL
-      url: *miwUrl
-      # -- The BPN of the issuer authority
-      authorityId: *issuerAuthority
-    oauth:
-      # -- The URL (of KeyCloak), where access tokens can be obtained
-      tokenurl: *keyCloakRealm
-      client:
-        # -- The client ID for KeyCloak
-        id: *keyCloakClient
-        # -- The alias under which the client secret is stored in the vault.
-        secretAlias: "client-secret":
-  # -- The Vault Settings can be Azure or Hashicorp
-  vault: *vaultSettings
-  # -- The Control plane
-  controlplane:
-    ## Ingress declaration to expose the control plane
+  iatp: &ssisettings
+    id: *customerDid
+    trustedIssuers:
+    - *operatingDid
+    sts:
+      dim:
+        url: *dimUrl
+      oauth:
+        token_url: *customerOauth
+        client:
+          id: *customerOauthClient
+          secret_alias: *customerOauthSecret
+  postgresql: &dbsettings
+    jdbcUrl: *customerDbUrl
+    auth:
+      database: *customerDbName
+      username: *customerDbUser
+      password: *customerDbPass
+  vault: &vaultsettings
+    azure: *azureVault
+    hashicorp: *hashicorpVault
+  controlplane: &consumerControlPlane
+    endpoints:
+      management:
+        authKey: *customerApiKey
+    bdrs:
+      server:
+        url: *bdrsUrl
     ingresses:
-      - enabled: true
-        # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-        hostname: "myconnector.public.ip"
-        # -- EDC endpoints exposed by this ingress resource
-        endpoints:
-          - protocol
-          - management
-          - control
-        # -- Enables TLS on the ingress resource
-        tls:
-          enabled: true
-        # -- If you do not have a default cluster issuer
-        certManager:
-          issuer: my-cluster-issuer
-  # -- The Data planes
-  dataplanes:
-    # -- Default data plane is already an agent plane (has the agent section non-empty)
-    dataplane:
-      # -- Additional or default resources 
-      configs: 
-        # -- Overides the default dataspace.ttl to include all important BPNs and connectors
-        dataspace.ttl: |-
-          ################################################
-          # Agent Bootstrap Graph
-          ################################################
-          @prefix cx-common: <https://w3id.org/catenax/ontology/common#> .
-          @prefix bpnl: <bpn:legal:> .
-          @prefix : <GraphAsset?local=Dataspace> .
-          @base <GraphAsset?local=Dataspace> .
-
-          bpnl:BPNL0000000DUMMY cx-common:hasConnector <edcs://myconnector.public.ip>.
-          bpnl:BPNL0000000DUMM2 cx-common:hasConnector <edcs://otherconnector.public.ip>.
-      # -- Agent configuration (if non-zero its an agent plane)
-      agent:
-        # -- Maximal number of tuples processed in one sub-query
-        maxbatchsize: 8
-        # -- Number of seconds between synchronization runs
-        synchronization: 60000
-        # -- URLs of the remote connectors to synchronize the catalogue with
-        connectors: 
-          - https://otherconnector.public.ip
-      ## Ingress declaration to expose data plane
-      ingresses:
-        - enabled: true
-          hostname: "myagent.public.ip"
-          # -- EDC endpoints exposed by this ingress resource
-          endpoints:
-            - public
-            - default
-            - control
-            - callback
-          # -- Enables TLS on the ingress resource
-          tls:
-            enabled: true
-          # -- If you do not have a default cluster issuer
-          certManager:
-            issuer: my-cluster-issuer
+    - enabled: true
+      hostname: my-connector-cp.domain
+      endpoints:
+        - protocol
+        - management
+        - api
+      tls:
+        enabled: true
+      certManager:
+        clusterIssuer: *clusterIssuer
+    env:
+      EDC_DATAPLANE_SELECTOR_AGENTPLANE_URL: http:/my-agent-agentplane:8083/api/signaling/v1/dataflows
+      EDC_DATAPLANE_SELECTOR_AGENTPLANE_SOURCETYPES: cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL
+      EDC_DATAPLANE_SELECTOR_AGENTPLANE_TRANSFERTYPES: HttpData-PULL
+      EDC_DATAPLANE_SELECTOR_AGENTPLANE_DESTINATIONTYPES: HttpProxy
+      EDC_DATAPLANE_SELECTOR_AGENTPLANE_PROPERTIES: '{ "publicApiUrl": "https://my-agent.domain/api/public/" }'
+      EDC_IAM_TRUSTED-ISSUER_0-ISSUER_ID: *operatorDid
+  dataplane:
+    token: &tokensettings
+    env:
+      EDC_IAM_TRUSTED-ISSUER_0-ISSUER_ID: *operatorDid
+
+my-agent:
+  fullnameOverride: my-agent
+  participant: *dataspacesettings
+  iatp: *ssisettings
+  postgresql: *dbsettings
+  vault: *vaultsettings
+  connector: my-connector
+  controlplane: *consumerControlPlane
+  token: *tokensettings
+  auth: {}
+  ingresses:
+  - enabled: true
+    hostname: my-agent.domain
+    endpoints:
+      - public
+      - default
+    tls:
+      enabled: true
+    certManager:
+      clusterIssuer: *clusterIssuer
+  configs:
+    # -- An example of an empty graph in ttl syntax
+    dataspace.ttl: |
+      #################################################################
+      # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT
+      #################################################################
+      @prefix : <GraphAsset?local=Dataspace> .
+      @prefix cx-common: <https://w3id.org/catenax/ontology/common#> .
+      @prefix owl: <http://www.w3.org/2002/07/owl#> .
+      @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+      @prefix xml: <http://www.w3.org/XML/1998/namespace> .
+      @prefix json: <https://json-schema.org/draft/2020-12/schema#> .
+      @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
+      @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+      @prefix bpnl: <bpn:legal:> .
+      @prefix bpns: <bpn:site:> .
+      @base <GraphAsset?local=Dataspace> .
+      
+      bpnl:BPNL000000000OEM cx-common:id "BPNL000000000OEM"^^xsd:string;
+                      cx-common:hasConnector <edcs://partner-connector-cp.partner-domain>.
+  agent:
+    synchronization: 360000
+    connectors: 
+      BPNL000000000OEM: https://partner-connector-cp.partner-domain
+      BPNL0000000DUMMY: https://my-connector-cp.domain
+    services:
+      # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property)
+      allow: '(https|(edcs?))://.*'
 ```
 
 ## Recommended Documentation
@@ -213,6 +229,6 @@ my-connector:
 This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
 
 - SPDX-License-Identifier: Apache-2.0
-- SPDX-FileCopyrightText: 2022,2023 T-Systems International GmbH
-- SPDX-FileCopyrightText: 2022,2023 Contributors to the Eclipse Foundation
+- SPDX-FileCopyrightText: 2022,2024 T-Systems International GmbH
+- SPDX-FileCopyrightText: 2022,2024 Contributors to the Eclipse Foundation
 - Source URL: https://github.com/eclipse-tractusx/knowledge-agents-edc
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index d68fa138..5c76fd08 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,7 +26,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.eclipse.tractusx.agents</groupId>
     <artifactId>edc</artifactId>
-    <version>1.12.18-SNAPSHOT</version>
+    <version>1.12.19-SNAPSHOT</version>
     <packaging>pom</packaging>
     <name>Tractus-X Knowledge Agents EDC Extensions</name>
     <description>EDC-Related Artifacts for Federated Procedure Calls</description>
@@ -37,32 +37,33 @@
         <maven.compiler.target>11</maven.compiler.target>
         <skipTests>false</skipTests>
 
-        <junit.version>5.9.3</junit.version>
-        <mockito.version>5.4.0</mockito.version>
-        <tx.edc.version>0.5.3</tx.edc.version>
-        <edc.version>0.2.1</edc.version>
+        <junit.version>5.10.2</junit.version>
+        <mockito.version>5.2.0</mockito.version>
+        <tx.edc.version>0.7.0</tx.edc.version>
+        <edc.version>0.6.1</edc.version>
         <failsafe.version>3.3.2</failsafe.version>
-        <okhttp.version>4.11.0</okhttp.version>
-        <okio.version>3.4.0</okio.version>
-        <slf4j.version>2.0.7</slf4j.version>
+        <okhttp.version>4.12.0</okhttp.version>
+        <okio.version>3.6.0</okio.version>
+        <slf4j.version>2.0.12</slf4j.version>
         <jakarta.ws.rs-api.version>3.1.0</jakarta.ws.rs-api.version>
-        <jakarta.validation.version>3.0.2</jakarta.validation.version>
-        <com.nimbusds.version>9.31</com.nimbusds.version>
+        <com.nimbusds.version>9.37.3</com.nimbusds.version>
         <javax.servlet-api.version>4.0.1</javax.servlet-api.version>
         <jetty-jakarta-servlet-api.version>5.0.2</jetty-jakarta-servlet-api.version>
-        <org.apache.jena.version>4.8.0</org.apache.jena.version>
-        <com.azure.azure-identity.version>1.10.0</com.azure.azure-identity.version>
-        <com.azure.azure-security-keyvault-secrets.version>4.6.2</com.azure.azure-security-keyvault-secrets.version>
-        <org.yaml.snakeyaml.version>2.0</org.yaml.snakeyaml.version>
-        <net.minidev.jsonsmart.version>2.4.11</net.minidev.jsonsmart.version>
+        <org.apache.jena.version>4.9.0</org.apache.jena.version>
+        <com.azure.azure-identity.version>1.11.4</com.azure.azure-identity.version>
+        <com.azure.azure-security-keyvault-secrets.version>4.8.1</com.azure.azure-security-keyvault-secrets.version>
+        <jackson.version>2.17.0</jackson.version>
+        <org.yaml.snakeyaml.version>2.2</org.yaml.snakeyaml.version>
+        <net.minidev.jsonsmart.version>2.5.0</net.minidev.jsonsmart.version>
         <net.java.dev.jna.version>5.13.0</net.java.dev.jna.version>
         <org.reactivestreams.version>1.0.4</org.reactivestreams.version>
-        <jetbrains.kotlin.version>1.8.0</jetbrains.kotlin.version>
-        <io.micrometer.version>1.11.3</io.micrometer.version>
-        <netty.nio.core-http2.version>4.1.101.Final</netty.nio.core-http2.version>
-        <commons.compress.version>1.24.0</commons.compress.version>
-        <jetty.version>11.0.16</jetty.version>
-        <reactor.netty.version>1.0.39</reactor.netty.version>
+        <jetbrains.kotlin.version>1.9.10</jetbrains.kotlin.version>
+        <io.micrometer.version>1.12.5</io.micrometer.version>
+        <netty.nio.core-http2.version>4.1.108.Final</netty.nio.core-http2.version>
+        <commons.compress.version>1.26.0</commons.compress.version>
+        <jetty.version>11.0.20</jetty.version>
+        <reactor.netty.version>1.0.44</reactor.netty.version>
+        <awssdk.version>2.24.10</awssdk.version>
 
         <!-- Source characteristics -->
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -70,6 +71,7 @@
         <!-- REPO -->
         <repo>tractusx/</repo>
         <platform>linux/amd64</platform>
+        <jvm.agent></jvm.agent>
 
     </properties>
     <modules>
@@ -118,6 +120,7 @@
                     <!-- unfortunately you have to repeat that in all relevant sub-modules -->
                     <configuration>
                         <groups>!online</groups>
+                        <argLine>@{jvm.agent} -Dnet.bytebuddy.experimental=true</argLine><!-- Needed as EqualsVerifier uses Byte Buddy which doesn't support Java 21 -->
                     </configuration>
                 </plugin>
                 <plugin>
diff --git a/upgrade_version.sh b/upgrade_version.sh
index d4df3391..a432f540 100755
--- a/upgrade_version.sh
+++ b/upgrade_version.sh
@@ -16,7 +16,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-OLD_VERSION=1.12.18-SNAPSHOT
+OLD_VERSION=1.12.19-SNAPSHOT
 echo Upgrading from $OLD_VERSION to $1
 PATTERN=s/$OLD_VERSION/$1/g
 LC_ALL=C