diff --git a/launchers/connector/build.gradle.kts b/launchers/connector/build.gradle.kts
index 83032393..c3676805 100644
--- a/launchers/connector/build.gradle.kts
+++ b/launchers/connector/build.gradle.kts
@@ -85,3 +85,11 @@ tasks.withType<com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar> {
     dependsOn(distTar, distZip)
     mustRunAfter(distTar, distZip)
 }
+
+tasks.withType<JavaCompile> {
+
+    options.isDebug = true
+
+    options.compilerArgs.add("-g")
+
+}
diff --git a/system-tests/helm/README.md b/system-tests/helm/README.md
new file mode 100644
index 00000000..a7431c6f
--- /dev/null
+++ b/system-tests/helm/README.md
@@ -0,0 +1,114 @@
+# MVD on Kubernetes
+We have demonstrated a containerized deployment of the MVD in [system-tests/README.md](../README.md). In this section, 
+we will be deploying the MVD on [kubernetes](https://kubernetes.io/docs/home/).
+In addition, we will be using [Helm](https://helm.sh/docs/) to manage all the Kubernetes YAML files.
+
+
+## Install Tools
+For the deployment purpose we will need,
+* A kubernetes cluster, for which we have used [kind](https://kind.sigs.k8s.io/) (version 0.20.0). Follow the official [user guide](https://kind.sigs.k8s.io/docs/user/quick-start/)
+  to install `kind` in your local environment.
+* [Kubectl](https://kubernetes.io/docs/reference/kubectl/), to communicate with the kubernetes cluster. Install `kubectl` 
+  following the [kubernetes documentation](https://kubernetes.io/docs/tasks/tools/)
+* Helm, to manage our kubernetes components. We have used Helm-3 (version v3.14.2). For the installation,
+  follow the [instructions](https://helm.sh/docs/intro/install/) provided in their official website.
+
+
+## MVD build tasks
+Build `MVD` by running the following command from the root of the `MVD` project folder:
+```bash
+./gradlew build 
+```
+Then execute the following commands from the `MVD` root folder, to build the connector JAR and registration service JAR:
+```bash
+./gradlew -DuseFsVault="true" :launchers:connector:shadowJar
+./gradlew -DuseFsVault="true" :launchers:registrationservice:shadowJar
+```
+
+
+## MVD DataDashboard
+Clone the repository [edc-dashboard ](https://github.com/FraunhoferISST/edc-dashboard) and checkout
+branch `helm_dashboard_changes`.
+
+## Create Cluster
+- Navigate to the helm directory ([/system-tests/helm](../../system-tests/helm)): `cd system-tests/helm/`
+
+- Set the environment variable `MVD_UI_PATH` to the path of the DataDashboard repository.
+```bash
+export MVD_UI_PATH="/path/to/mvd-datadashboard"
+```
+- Run the following command to build the necessary images from [docker-compose.yml](./docker-compose.yml)
+```bash
+docker compose -f docker-compose.yml build
+```
+- Execute the following script to create a kubernetes cluster.
+```bash
+./kind-run.sh
+```
+[kind-run.sh](./kind-run.sh) is basically a bash script containing all the commands to,
+* create a cluster with the configuration defined in [kind-cluster.yaml](./kind-cluster.yaml) file
+* load the docker images to cluster
+* apply ingress
+
+
+## Run MVD
+Execute the following command to check if ingress is ready,
+```bash
+kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller
+```
+If condition is met, then execute the following command,
+```bash
+./run-mvd.sh
+```
+The file [run-mvd.sh](./run-mvd.sh) contains commands to install helm charts that will deploy the kubernetes
+components for mvd in our cluster.
+
+
+Check The container `cli-tools` if it has registered all participants successfully. Run `kubectl get pods`. Copy the
+name of the `cli-tools` pod. Then execute `kubectl logs <cli-tools-pod>`. If it shows all the participants
+(e.g. `company1`, `company2`, `company3`) are `ONBORDED`, then it has successfully registered all the participants.
+
+
+### Company DataDashboards
+All the company-dashboards can be accessed with the following URLs,
+*   company1-dashboard: <http:/localhost/company1-datadashboard/>
+*   company2-dashboard: <http:/localhost/company2-datadashboard/>
+*   company3-dashboard: <http:/localhost/company3-datadashboard/>
+
+Initially it may take some time to load all the data. Once everything is loaded properly,
+each company will have two assets in `assets` tab. Company1 and company2 will have six
+assets in `catalog browser`. Company3 will display three assets in its `catalog browser`.
+
+
+### Run A Standard Scenario Locally
+
+1. Create a test document for company1:
+
+    - Follow the instructions in `Run A Standard Scenario Locally` section of the root [README.md](https://github.com/FraunhoferISST/edc-mvd/blob/cc5cc02d8ca0ee69052ca765f611abe3ad82f5f8/README.md) file, to connect
+      to storage account of company1.
+    - Replace the `localhost:10000` with `localhost:31000`. If you are using a connection string,
+      then use:
+   ```bash
+    DefaultEndpointsProtocol=http;AccountName=company1assets;AccountKey=key1;BlobEndpoint=http://127.0.0.1:31000/company1assets;
+   ```
+
+    - Follow the instructions there to create a container and to add a test file with name `text-document.txt`.
+
+2. Request the file from company2:
+
+    * Open the dashboard of the company2 <http:/localhost/company2-datadashboard/>
+    * Go to `Catalog Browser` and select `Negotiate` on asset `test-document_company1`
+    * Go to `Contracts` and click `Transfer` on the negotiated contract
+    * Select `AzureStorage` from the dropdown and `Start transfer`
+    * Wait for transfer complete message
+
+3. Verify if the transfer was successful:
+    * Connect to storage account of company2. The process will be same as company1. 
+   Use account name `company2assets`
+      and account key `key2`. If using a connection string, then use:
+   ```bash
+   DefaultEndpointsProtocol=http;AccountName=company2assets;AccountKey=key2;BlobEndpoint=http://127.0.0.1:31000/company2assets;
+   ```
+
+    * If the transfer is successful, then there will be a new container in `Blob containers` with files
+      `test-document.txt` and `.complete`
\ No newline at end of file
diff --git a/system-tests/helm/docker-compose.yml b/system-tests/helm/docker-compose.yml
new file mode 100644
index 00000000..c5c9b46d
--- /dev/null
+++ b/system-tests/helm/docker-compose.yml
@@ -0,0 +1,41 @@
+services:
+
+  # Dataspace registration service authority.
+  registration-service:
+    build:
+      context: ../../launchers/registrationservice
+      args:
+        JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5008"
+    image: registration-service:v0.2.0
+
+  edc-connector:
+    build:
+      context: ../../launchers/connector
+    image: edc-connector:v0.2.0
+
+  cli-tools:
+    build:
+      context: ../resources/cli-tools
+    image: cli-tools:v0.2.0
+
+
+  # connector-dashboards
+  edc-connector-dashboard-company1:
+    build:
+      context: ${MVD_UI_PATH}
+      args:
+        BASE_PATH: "/company1-datadashboard/"
+    image: edc-connector-dashboard-company1:v0.2.0
+  edc-connector-dashboard-company2:
+    build:
+      context: ${MVD_UI_PATH}
+      args:
+        BASE_PATH: "/company2-datadashboard/"
+    image: edc-connector-dashboard-company2:v0.2.0
+  edc-connector-dashboard-company3:
+    build:
+      context: ${MVD_UI_PATH}
+      args:
+        BASE_PATH: "/company3-datadashboard/"
+    image: edc-connector-dashboard-company3:v0.2.0
+
diff --git a/system-tests/helm/helm-charts/azurite/.helmignore b/system-tests/helm/helm-charts/azurite/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/azurite/Chart.yaml b/system-tests/helm/helm-charts/azurite/Chart.yaml
new file mode 100644
index 00000000..935499f6
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: azurite
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/system-tests/helm/helm-charts/azurite/templates/NOTES.txt b/system-tests/helm/helm-charts/azurite/templates/NOTES.txt
new file mode 100644
index 00000000..4dd6554c
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "azurite.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "azurite.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "azurite.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "azurite.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/azurite/templates/_helpers.tpl b/system-tests/helm/helm-charts/azurite/templates/_helpers.tpl
new file mode 100644
index 00000000..3ea8cddd
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "azurite.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "azurite.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "azurite.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "azurite.labels" -}}
+helm.sh/chart: {{ include "azurite.chart" . }}
+{{ include "azurite.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "azurite.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "azurite.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "azurite.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "azurite.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/azurite/templates/configmap.yaml b/system-tests/helm/helm-charts/azurite/templates/configmap.yaml
new file mode 100644
index 00000000..27b3e769
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/configmap.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "azurite.fullname" . }}-configmap
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+data:
+  AZURITE_ACCOUNTS: "company1assets:key1;company2assets:key2;company3assets:key3"
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/azurite/templates/deployment.yaml b/system-tests/helm/helm-charts/azurite/templates/deployment.yaml
new file mode 100644
index 00000000..b0279353
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "azurite.fullname" . }}
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "azurite.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "azurite.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "azurite.fullname" . }}-configmap
diff --git a/system-tests/helm/helm-charts/azurite/templates/hpa.yaml b/system-tests/helm/helm-charts/azurite/templates/hpa.yaml
new file mode 100644
index 00000000..0e84a524
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "azurite.fullname" . }}
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "azurite.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/azurite/templates/ingress.yaml b/system-tests/helm/helm-charts/azurite/templates/ingress.yaml
new file mode 100644
index 00000000..0db77c39
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "azurite.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/azurite/templates/service.yaml b/system-tests/helm/helm-charts/azurite/templates/service.yaml
new file mode 100644
index 00000000..7b2fc6c2
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "azurite.fullname" . }}
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      nodePort: {{ .Values.service.nodePort }}
+      targetPort: http
+      name: http
+  selector:
+    {{- include "azurite.selectorLabels" . | nindent 4 }}
diff --git a/system-tests/helm/helm-charts/azurite/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/azurite/templates/serviceaccount.yaml
new file mode 100644
index 00000000..7b36ef02
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "azurite.serviceAccountName" . }}
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/azurite/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/azurite/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..3c1e1b28
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "azurite.fullname" . }}-test-connection"
+  labels:
+    {{- include "azurite.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "azurite.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/azurite/values.yaml b/system-tests/helm/helm-charts/azurite/values.yaml
new file mode 100644
index 00000000..c6c7ff3b
--- /dev/null
+++ b/system-tests/helm/helm-charts/azurite/values.yaml
@@ -0,0 +1,62 @@
+# Default values for azurite.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: mcr.microsoft.com/azure-storage/azurite
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: " "
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+
+service:
+  type: NodePort
+  nodePort: 31000
+  port: 10000
+
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/system-tests/helm/helm-charts/cli-tools/.helmignore b/system-tests/helm/helm-charts/cli-tools/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/cli-tools/Chart.yaml b/system-tests/helm/helm-charts/cli-tools/Chart.yaml
new file mode 100644
index 00000000..b8b9c3bd
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: cli-tools
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/NOTES.txt b/system-tests/helm/helm-charts/cli-tools/templates/NOTES.txt
new file mode 100644
index 00000000..8ff904b1
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "cli-tools.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "cli-tools.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "cli-tools.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "cli-tools.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/_helpers.tpl b/system-tests/helm/helm-charts/cli-tools/templates/_helpers.tpl
new file mode 100644
index 00000000..3df630b3
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cli-tools.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cli-tools.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cli-tools.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cli-tools.labels" -}}
+helm.sh/chart: {{ include "cli-tools.chart" . }}
+{{ include "cli-tools.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cli-tools.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cli-tools.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cli-tools.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cli-tools.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/deployment.yaml b/system-tests/helm/helm-charts/cli-tools/templates/deployment.yaml
new file mode 100644
index 00000000..150cfb9f
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cli-tools.fullname" . }}
+  labels:
+    {{- include "cli-tools.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "cli-tools.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "cli-tools.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          volumeMounts:
+            - mountPath: /resources
+              name: sdd-resources
+            - mountPath: /common-resources
+              name: sdd-common-resources
+      volumes:
+        - name: sdd-resources
+          hostPath:
+            path: {{ .Values.volumes.resource.hostPath }}
+        - name: sdd-common-resources
+          hostPath:
+            path: {{ .Values.volumes.commonResource.hostPath }}
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/hpa.yaml b/system-tests/helm/helm-charts/cli-tools/templates/hpa.yaml
new file mode 100644
index 00000000..4136a061
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "cli-tools.fullname" . }}
+  labels:
+    {{- include "cli-tools.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "cli-tools.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/ingress.yaml b/system-tests/helm/helm-charts/cli-tools/templates/ingress.yaml
new file mode 100644
index 00000000..87366b54
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "cli-tools.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "cli-tools.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/service.yaml b/system-tests/helm/helm-charts/cli-tools/templates/service.yaml
new file mode 100644
index 00000000..3fbf9b99
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/service.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.service.create -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cli-tools.fullname" . }}
+  labels:
+    {{- include "cli-tools.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "cli-tools.selectorLabels" . | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/cli-tools/templates/serviceaccount.yaml
new file mode 100644
index 00000000..3eac01b9
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cli-tools.serviceAccountName" . }}
+  labels:
+    {{- include "cli-tools.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/cli-tools/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/cli-tools/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..6ef82287
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "cli-tools.fullname" . }}-test-connection"
+  labels:
+    {{- include "cli-tools.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "cli-tools.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/cli-tools/values.yaml b/system-tests/helm/helm-charts/cli-tools/values.yaml
new file mode 100644
index 00000000..d0ddc6c9
--- /dev/null
+++ b/system-tests/helm/helm-charts/cli-tools/values.yaml
@@ -0,0 +1,59 @@
+# Default values for cli-tools.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: cli-tools
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "v0.2.0"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+volumes:
+  commonResource:
+    hostPath: /var/lib/minikube/mvd-resources/common-resources
+  resource:
+    hostPath: /var/lib/minikube/mvd-resources/resources
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+service:
+  create: false
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
diff --git a/system-tests/helm/helm-charts/company-dashboard/.helmignore b/system-tests/helm/helm-charts/company-dashboard/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/company-dashboard/Chart.yaml b/system-tests/helm/helm-charts/company-dashboard/Chart.yaml
new file mode 100644
index 00000000..e5645cad
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: company-dashboard
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/NOTES.txt b/system-tests/helm/helm-charts/company-dashboard/templates/NOTES.txt
new file mode 100644
index 00000000..09789e6e
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "company-dashboard.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "company-dashboard.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "company-dashboard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "company-dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/_helpers.tpl b/system-tests/helm/helm-charts/company-dashboard/templates/_helpers.tpl
new file mode 100644
index 00000000..3aa6199e
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "company-dashboard.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "company-dashboard.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "company-dashboard.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "company-dashboard.labels" -}}
+helm.sh/chart: {{ include "company-dashboard.chart" . }}
+{{ include "company-dashboard.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "company-dashboard.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "company-dashboard.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "company-dashboard.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "company-dashboard.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/deployment.yaml b/system-tests/helm/helm-charts/company-dashboard/templates/deployment.yaml
new file mode 100644
index 00000000..02fee311
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/deployment.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "company-dashboard.fullname" . }}
+  labels:
+    {{- include "company-dashboard.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "company-dashboard.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "company-dashboard.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ include "company-dashboard.fullname" . }}
+          image: "{{ .Values.image.repository }}-{{ .Values.companyName }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.ports.http.containerPort }}
+              protocol: TCP
+          volumeMounts:
+            - name: sdd
+              mountPath: /usr/share/nginx/html/assets/config
+      volumes:
+        - name: sdd
+          hostPath:
+            path: {{ .Values.volumes.hostPath }}{{ .Values.companyName }}
+
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/hpa.yaml b/system-tests/helm/helm-charts/company-dashboard/templates/hpa.yaml
new file mode 100644
index 00000000..44595e7c
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "company-dashboard.fullname" . }}
+  labels:
+    {{- include "company-dashboard.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "company-dashboard.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/ingress.yaml b/system-tests/helm/helm-charts/company-dashboard/templates/ingress.yaml
new file mode 100644
index 00000000..4098ee59
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/ingress.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "company-dashboard.fullname" . }}
+  labels:
+    {{- include "company-dashboard.labels" . | nindent 4 }}
+  annotations:
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /{{ include "company-dashboard.fullname" . }}(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: {{ include "company-dashboard.fullname" . }}
+                port:
+                  number: 80
+  ingressClassName: nginx
+{{- end }}
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/service.yaml b/system-tests/helm/helm-charts/company-dashboard/templates/service.yaml
new file mode 100644
index 00000000..cacb7a9a
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "company-dashboard.fullname" . }}
+  labels:
+    {{- include "company-dashboard.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.ports.http.servicePort }}
+{{/*      nodePort: {{ .Values.ports.http.nodePort }}*/}}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "company-dashboard.selectorLabels" . | nindent 4 }}
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/company-dashboard/templates/serviceaccount.yaml
new file mode 100644
index 00000000..a3d1e934
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "company-dashboard.serviceAccountName" . }}
+  labels:
+    {{- include "company-dashboard.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company-dashboard/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/company-dashboard/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..cb052c36
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "company-dashboard.fullname" . }}-test-connection"
+  labels:
+    {{- include "company-dashboard.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "company-dashboard.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/company-dashboard/values.yaml b/system-tests/helm/helm-charts/company-dashboard/values.yaml
new file mode 100644
index 00000000..98c706fc
--- /dev/null
+++ b/system-tests/helm/helm-charts/company-dashboard/values.yaml
@@ -0,0 +1,92 @@
+# Default values for company-dashboard.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: edc-connector-dashboard
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: v0.2.0
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+companyName: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+# fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+# runAsUser: 1000
+
+service:
+  type: ClusterIP
+ports:
+  http:
+    nodePort: 31111
+    containerPort: 80
+    servicePort: 80
+
+volumes:
+  hostPath: /var/lib/minikube/mvd-resources/resources/appconfig/
+
+ingress:
+  enabled: true
+  className: ""
+  annotations: {
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+  }
+    # kubernetes.io/ingress.class: nginx
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+#   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/system-tests/helm/helm-charts/company/.helmignore b/system-tests/helm/helm-charts/company/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/company/Chart.lock b/system-tests/helm/helm-charts/company/Chart.lock
new file mode 100644
index 00000000..565dcd9c
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: did-server
+  repository: file://../did-server
+  version: 0.1.0
+digest: sha256:8ca3f85edcaa103fd507dbed06278727667691b555cba325b62b19c211eb8eaf
+generated: "2023-10-09T18:04:14.923612008+02:00"
diff --git a/system-tests/helm/helm-charts/company/Chart.yaml b/system-tests/helm/helm-charts/company/Chart.yaml
new file mode 100644
index 00000000..d3de2a74
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/Chart.yaml
@@ -0,0 +1,38 @@
+apiVersion: v2
+name: company
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
+
+#dependencies:
+#  - name: did-server
+#    repository: "file://../did-server"
+#    condition: true
+#    version: 0.1.0
+#  - name: registration-service
+#    repository: "file://../registration-service"
+#    condition: true
+#    version: 0.1.0
+#  - name: azurite
+#    repository: "file://../azurite"
+#    condition: true
+#    version: 0.1.0
diff --git a/system-tests/helm/helm-charts/company/templates/NOTES.txt b/system-tests/helm/helm-charts/company/templates/NOTES.txt
new file mode 100644
index 00000000..843be212
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "company.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "company.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "company.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "company.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company/templates/_helpers.tpl b/system-tests/helm/helm-charts/company/templates/_helpers.tpl
new file mode 100644
index 00000000..e4db1db9
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "company.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "company.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "company.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "company.labels" -}}
+helm.sh/chart: {{ include "company.chart" . }}
+{{ include "company.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "company.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "company.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "company.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "company.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company/templates/configmap.yaml b/system-tests/helm/helm-charts/company/templates/configmap.yaml
new file mode 100644
index 00000000..3466d4f5
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/configmap.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "company.fullname" . }}-configmap
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+data:
+  EDC_CONNECTOR_NAME: "{{ include "company.name" . }}"
+  EDC_DSP_CALLBACK_ADDRESS: "http://{{ include "company.name" . }}:8282/api/dsp"
+  EDC_PARTICIPANT_ID: "did:web:did-server:{{ include "company.name" . }}"
+  EDC_BLOBSTORE_ENDPOINT_TEMPLATE: "http://azurite:10000/%s"
+  EDC_IDENTITY_DID_URL: "did:web:did-server:{{ include "company.name" . }}"
+  EDC_VAULT: "/resources/vault/{{ include "company.name" . }}/{{ include "company.name" . }}-vault.properties"
+  EDC_KEYSTORE: "/resources/vault/{{ include "company.name" . }}/{{ include "company.name" . }}-keystore.jks"
+  EDC_SELF_DESCRIPTION_DOCUMENT_PATH: "/resources/self-description/{{ include "company.name" . }}/sdd.json"
+  EDC_KEYSTORE_PASSWORD: "test123"
+  EDC_API_AUTH_KEY: "ApiKeyDefaultValue"
+  EDC_IAM_DID_WEB_USE_HTTPS: "false"
+  EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS: "5"
+  EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS: "50"
+  EDC_CATALOG_CACHE_PARTITION_NUM_CRAWLERS: "5"
+  EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT: "http://{{ include "company.name" . }}:8383/api/control/token"
+  REGISTRATION_SERVICE_API_URL: "http://registration-service:8184/api/authority"
+  EDC_WEB_REST_CORS_ENABLED: "true"
+  EDC_WEB_REST_CORS_HEADERS: "origin,content-type,accept,authorization,x-api-key"
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/company/templates/deployment.yaml b/system-tests/helm/helm-charts/company/templates/deployment.yaml
new file mode 100644
index 00000000..5f91b106
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/deployment.yaml
@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "company.fullname" . }}
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "company.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "company.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.ports.http.containerPort }}
+            - name: identity
+              containerPort: {{ .Values.ports.identity.containerPort }}
+            - name: ids
+              containerPort: {{ .Values.ports.ids.containerPort }}
+            - name: mgmt
+              containerPort: {{ .Values.ports.mgmt.containerPort }}
+            - name: control
+              containerPort: 8383
+            - name: debug
+              containerPort: {{ .Values.ports.debug.port }}
+              protocol: TCP
+          {{- if .Values.debug.enabled }}
+          env:
+            - name: "JAVA_TOOL_OPTIONS"
+              value: '-Xdebug -agentlib:jdwp=transport=dt_socket,address=0.0.0.0:{{ .Values.ports.debug.port }},server=y,suspend=n'
+          {{- end }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "company.fullname" . }}-configmap
+          volumeMounts:
+            - name: sdd
+              mountPath: /resources
+      volumes:
+        - name: sdd
+          hostPath:
+            path: {{ .Values.volumes.hostPath }}
+
diff --git a/system-tests/helm/helm-charts/company/templates/hpa.yaml b/system-tests/helm/helm-charts/company/templates/hpa.yaml
new file mode 100644
index 00000000..7596198e
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "company.fullname" . }}
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "company.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company/templates/ingress.yaml b/system-tests/helm/helm-charts/company/templates/ingress.yaml
new file mode 100644
index 00000000..58a59c97
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/ingress.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "company.fullname" . }}
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+  annotations:
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /{{ include "company.fullname" . }}(/|$)(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: {{ include "company.fullname" . }}
+                port:
+                  number: {{ .Values.ports.mgmt.servicePort }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company/templates/service.yaml b/system-tests/helm/helm-charts/company/templates/service.yaml
new file mode 100644
index 00000000..70def4e3
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/service.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "company.fullname" . }}
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: mgmt
+{{/*      nodePort: {{ .Values.ports.mgmt.nodePort }}*/}}
+      port: {{ .Values.ports.mgmt.servicePort }}
+      targetPort: mgmt
+    - name: http
+      port: {{ .Values.ports.http.servicePort }}
+      targetPort: http
+    - name: ids
+      port: {{ .Values.ports.ids.servicePort }}
+      targetPort: ids
+    - name: identity
+      port: {{ .Values.ports.identity.servicePort }}
+      targetPort: identity
+    - name: control
+      port: 8383
+      targetPort: control
+  selector:
+    {{- include "company.selectorLabels" . | nindent 4 }}
diff --git a/system-tests/helm/helm-charts/company/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/company/templates/serviceaccount.yaml
new file mode 100644
index 00000000..be197301
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "company.serviceAccountName" . }}
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/company/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/company/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..a35b3205
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "company.fullname" . }}-test-connection"
+  labels:
+    {{- include "company.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "company.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/company/values.yaml b/system-tests/helm/helm-charts/company/values.yaml
new file mode 100644
index 00000000..7cd4592d
--- /dev/null
+++ b/system-tests/helm/helm-charts/company/values.yaml
@@ -0,0 +1,82 @@
+# Default values for company.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: edc-connector
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: "v0.2.0"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+
+service:
+  type: ClusterIP
+
+debug:
+  enabled: false
+
+ports:
+  http:
+    containerPort: 8181
+    servicePort: 8181
+    path: /api
+  ids:
+    containerPort: 8282
+    servicePort: 8282
+    path: /api/v2/ids
+  mgmt:
+    containerPort: 9191
+    nodePort: 30091
+    servicePort: 9191
+    path: /api/management/v2
+  identity:
+    containerPort: 7171
+    servicePort: 7171
+    path: /api/v2/identity
+  debug:
+    port: 5005
+
+volumes:
+  hostPath: /var/lib/minikube/mvd-resources/resources
+
+
+ingress:
+  enabled: true
+  className: ""
+  annotations: {}
+  # kubernetes.io/ingress.class: nginx
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
diff --git a/system-tests/helm/helm-charts/did-server/.helmignore b/system-tests/helm/helm-charts/did-server/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/did-server/Chart.yaml b/system-tests/helm/helm-charts/did-server/Chart.yaml
new file mode 100644
index 00000000..5469b6e5
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: did-server
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/system-tests/helm/helm-charts/did-server/templates/NOTES.txt b/system-tests/helm/helm-charts/did-server/templates/NOTES.txt
new file mode 100644
index 00000000..0e18a8d2
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "did-server.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "did-server.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "did-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "did-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/_helpers.tpl b/system-tests/helm/helm-charts/did-server/templates/_helpers.tpl
new file mode 100644
index 00000000..028786f5
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "did-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "did-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "did-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "did-server.labels" -}}
+helm.sh/chart: {{ include "did-server.chart" . }}
+{{ include "did-server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "did-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "did-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "did-server.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "did-server.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/deployment.yaml b/system-tests/helm/helm-charts/did-server/templates/deployment.yaml
new file mode 100644
index 00000000..85755500
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/deployment.yaml
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "did-server.fullname" . }}
+  labels:
+    {{- include "did-server.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "did-server.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "did-server.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.containerPort }}
+          volumeMounts:
+            - mountPath: /usr/share/nginx/html
+              name: sdd
+      volumes:
+        - name: sdd
+          hostPath:
+            path: {{ .Values.volumes.hostPath }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/hpa.yaml b/system-tests/helm/helm-charts/did-server/templates/hpa.yaml
new file mode 100644
index 00000000..fbbbd2b3
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "did-server.fullname" . }}
+  labels:
+    {{- include "did-server.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "did-server.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/ingress.yaml b/system-tests/helm/helm-charts/did-server/templates/ingress.yaml
new file mode 100644
index 00000000..99c68d51
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "did-server.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "did-server.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/service.yaml b/system-tests/helm/helm-charts/did-server/templates/service.yaml
new file mode 100644
index 00000000..38eee7ad
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "did-server.fullname" . }}
+  labels:
+    {{- include "did-server.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.servicePort }}
+      targetPort: http
+      name: http
+  selector:
+    {{- include "did-server.selectorLabels" . | nindent 4 }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/did-server/templates/serviceaccount.yaml
new file mode 100644
index 00000000..c05b5eca
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "did-server.serviceAccountName" . }}
+  labels:
+    {{- include "did-server.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/did-server/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/did-server/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..5386eef3
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "did-server.fullname" . }}-test-connection"
+  labels:
+    {{- include "did-server.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "did-server.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/did-server/values.yaml b/system-tests/helm/helm-charts/did-server/values.yaml
new file mode 100644
index 00000000..9b6f9758
--- /dev/null
+++ b/system-tests/helm/helm-charts/did-server/values.yaml
@@ -0,0 +1,73 @@
+# Default values for did-server.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+service:
+  type: ClusterIP
+  containerPort: 80
+  servicePort: 80
+
+volumes:
+  hostPath: /var/lib/minikube/mvd-resources/resources/webdid
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/system-tests/helm/helm-charts/newman/.helmignore b/system-tests/helm/helm-charts/newman/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/newman/Chart.yaml b/system-tests/helm/helm-charts/newman/Chart.yaml
new file mode 100644
index 00000000..bc4bb237
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: newman
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/system-tests/helm/helm-charts/newman/templates/NOTES.txt b/system-tests/helm/helm-charts/newman/templates/NOTES.txt
new file mode 100644
index 00000000..6c87a537
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "newman.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "newman.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "newman.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "newman.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/newman/templates/_helpers.tpl b/system-tests/helm/helm-charts/newman/templates/_helpers.tpl
new file mode 100644
index 00000000..0a37af21
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "newman.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "newman.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "newman.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "newman.labels" -}}
+helm.sh/chart: {{ include "newman.chart" . }}
+{{ include "newman.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "newman.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "newman.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "newman.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "newman.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/newman/templates/configmap.yaml b/system-tests/helm/helm-charts/newman/templates/configmap.yaml
new file mode 100644
index 00000000..3c39ece7
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/configmap.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "newman.fullname" . }}-configmap
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+data:
+  API_KEY: ApiKeyDefaultValue
+  EDC_HOST: company1:company2:company3
+  ASSETS_STORAGE_ACCOUNT: company1assets:company2assets:company3assets
+  PARTICIPANT_ID: company1:company2:company3
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/newman/templates/deployment.yaml b/system-tests/helm/helm-charts/newman/templates/deployment.yaml
new file mode 100644
index 00000000..34ec0fda
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/deployment.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "newman.fullname" . }}
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "newman.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "newman.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}"
+          command: [ "/bin/bash" ]
+          args: [ "/deployment/seed-data.sh" ]
+          workingDir: /
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "newman.fullname" . }}-configmap
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+          volumeMounts:
+            - mountPath: /deployment
+              name: sdd
+      volumes:
+        - name: sdd
+          hostPath:
+            path: {{ .Values.volumes.hostPath }}
diff --git a/system-tests/helm/helm-charts/newman/templates/hpa.yaml b/system-tests/helm/helm-charts/newman/templates/hpa.yaml
new file mode 100644
index 00000000..8f96f168
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "newman.fullname" . }}
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "newman.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/newman/templates/ingress.yaml b/system-tests/helm/helm-charts/newman/templates/ingress.yaml
new file mode 100644
index 00000000..9f422e0f
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "newman.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/newman/templates/service.yaml b/system-tests/helm/helm-charts/newman/templates/service.yaml
new file mode 100644
index 00000000..dd7331f1
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/service.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.service.create -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "newman.fullname" . }}
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      name: http
+  selector:
+    {{- include "newman.selectorLabels" . | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/newman/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/newman/templates/serviceaccount.yaml
new file mode 100644
index 00000000..db7abf37
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "newman.serviceAccountName" . }}
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/newman/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/newman/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..6c1d65ea
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "newman.fullname" . }}-test-connection"
+  labels:
+    {{- include "newman.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "newman.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/newman/values.yaml b/system-tests/helm/helm-charts/newman/values.yaml
new file mode 100644
index 00000000..499a6417
--- /dev/null
+++ b/system-tests/helm/helm-charts/newman/values.yaml
@@ -0,0 +1,59 @@
+# Default values for newman.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: postman/newman:ubuntu
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+
+volumes:
+  hostPath: /var/lib/minikube/mvd-resources/deployment
+
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+
+service:
+  create: false
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
diff --git a/system-tests/helm/helm-charts/registration-service/.helmignore b/system-tests/helm/helm-charts/registration-service/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/system-tests/helm/helm-charts/registration-service/Chart.yaml b/system-tests/helm/helm-charts/registration-service/Chart.yaml
new file mode 100644
index 00000000..fc360188
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: registration-service
+description: A Helm chart for registration service
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"
diff --git a/system-tests/helm/helm-charts/registration-service/templates/NOTES.txt b/system-tests/helm/helm-charts/registration-service/templates/NOTES.txt
new file mode 100644
index 00000000..2636436f
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "registration-service.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "registration-service.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "registration-service.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "registration-service.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/system-tests/helm/helm-charts/registration-service/templates/_helpers.tpl b/system-tests/helm/helm-charts/registration-service/templates/_helpers.tpl
new file mode 100644
index 00000000..eb7773c2
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "registration-service.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "registration-service.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "registration-service.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "registration-service.labels" -}}
+helm.sh/chart: {{ include "registration-service.chart" . }}
+{{ include "registration-service.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "registration-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "registration-service.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "registration-service.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "registration-service.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/registration-service/templates/configmap.yaml b/system-tests/helm/helm-charts/registration-service/templates/configmap.yaml
new file mode 100644
index 00000000..ca5ce2d0
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/configmap.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "registration-service.fullname" . }}-configmap
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+data:
+  JWT_AUDIENCE: "http://registration-service:8184/api/authority"
+  EDC_IAM_DID_WEB_USE_HTTPS: "false"
+  EDC_CONNECTOR_NAME: "registration-service"
+  EDC_IDENTITY_DID_URL: "did:web:did-server:registration-service"
+  EDC_SELF_DESCRIPTION_DOCUMENT_PATH: "/resources/self-description/registration-service/sdd.json"
+  EDC_VAULT: "/resources/vault/registration-service/registration-service-vault.properties"
+  EDC_KEYSTORE: "/resources/vault/registration-service/registration-service-keystore.jks"
+  EDC_KEYSTORE_PASSWORD: "test123"
+  EDC_ERROR_RESPONSE_VERBOSE: "true"
\ No newline at end of file
diff --git a/system-tests/helm/helm-charts/registration-service/templates/deployment.yaml b/system-tests/helm/helm-charts/registration-service/templates/deployment.yaml
new file mode 100644
index 00000000..74eda388
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "registration-service.fullname" . }}
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "registration-service.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "registration-service.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - containerPort: {{ .Values.ports.http.containerPort }}
+              name: http
+            - containerPort: {{ .Values.ports.identity.containerPort }}
+              name: identity
+            - containerPort: {{ .Values.ports.authority.containerPort }}
+              name: authority
+            - containerPort: {{ .Values.ports.mgmt.containerPort }}
+              name: mgmt
+            - containerPort: {{ .Values.ports.debug.containerPort }}
+              name: debug
+          envFrom:
+            - configMapRef:
+                name: {{ include "registration-service.fullname" . }}-configmap
+
+          volumeMounts:
+            - mountPath: /resources
+              name: sdd
+      volumes:
+        - name: sdd
+          hostPath:
+            # directory location on host
+            path: {{ .Values.volumes.hostPath }}
+
diff --git a/system-tests/helm/helm-charts/registration-service/templates/hpa.yaml b/system-tests/helm/helm-charts/registration-service/templates/hpa.yaml
new file mode 100644
index 00000000..a0c4296d
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "registration-service.fullname" . }}
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "registration-service.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/registration-service/templates/ingress.yaml b/system-tests/helm/helm-charts/registration-service/templates/ingress.yaml
new file mode 100644
index 00000000..af0e63a6
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "registration-service.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/registration-service/templates/service.yaml b/system-tests/helm/helm-charts/registration-service/templates/service.yaml
new file mode 100644
index 00000000..fc0a0c8b
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "registration-service.fullname" . }}
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: http
+      port: {{ .Values.ports.http.servicePort }}
+      targetPort: http
+    - name: identity
+      port: {{ .Values.ports.identity.servicePort }}
+      targetPort: identity
+    - name: authority
+      port: {{ .Values.ports.authority.servicePort }}
+      targetPort: authority
+    - name: mgmt
+      port: {{ .Values.ports.mgmt.servicePort }}
+      targetPort: mgmt
+    - name: debug
+      port: {{ .Values.ports.debug.servicePort }}
+      targetPort: debug
+  selector:
+    {{- include "registration-service.selectorLabels" . | nindent 4 }}
+
+
diff --git a/system-tests/helm/helm-charts/registration-service/templates/serviceaccount.yaml b/system-tests/helm/helm-charts/registration-service/templates/serviceaccount.yaml
new file mode 100644
index 00000000..1ac835e9
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "registration-service.serviceAccountName" . }}
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/system-tests/helm/helm-charts/registration-service/templates/tests/test-connection.yaml b/system-tests/helm/helm-charts/registration-service/templates/tests/test-connection.yaml
new file mode 100644
index 00000000..c08f1b76
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "registration-service.fullname" . }}-test-connection"
+  labels:
+    {{- include "registration-service.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "registration-service.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/system-tests/helm/helm-charts/registration-service/values.yaml b/system-tests/helm/helm-charts/registration-service/values.yaml
new file mode 100644
index 00000000..f3411a03
--- /dev/null
+++ b/system-tests/helm/helm-charts/registration-service/values.yaml
@@ -0,0 +1,91 @@
+# Default values for registration-service.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: registration-service
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: v0.2.0
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+
+ports:
+  http:
+    containerPort: 8181
+    servicePort: 8185
+    path: /api
+  identity:
+    containerPort: 7171
+    servicePort: 7174
+    path: /api/v2/identity
+  authority:
+    containerPort: 8184
+    servicePort: 8184
+    path: /authority
+  mgmt:
+    containerPort: 9191
+    servicePort: 9191
+    path: /api/v2/management
+  debug:
+    containerPort: 5008
+    servicePort: 5008
+
+
+volumes:
+  hostPath: /var/lib/minikube/mvd-resources/resources
+
+ingress:
+  enabled: false
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
diff --git a/system-tests/helm/k8s_resources/common-resources/checkstyle-config.xml b/system-tests/helm/k8s_resources/common-resources/checkstyle-config.xml
new file mode 100644
index 00000000..31984840
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/checkstyle-config.xml
@@ -0,0 +1,436 @@
+<?xml version="1.0"?>
+<!DOCTYPE module PUBLIC
+          "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
+          "https://checkstyle.org/dtds/configuration_1_3.dtd">
+
+<!--
+    Checkstyle configuration that checks the Google coding conventions from Google Java Style
+    that can be found at https://google.github.io/styleguide/javaguide.html
+
+    Checkstyle is very configurable. Be sure to read the documentation at
+    http://checkstyle.org (or in your downloaded distribution).
+
+    To completely disable a check, just comment it out or delete it from the file.
+    To suppress certain violations please review suppression filters.
+
+    Authors: Max Vetrenko, Ruslan Diachenko, Roman Ivanov.
+ -->
+
+<module name = "Checker">
+  <property name="charset" value="UTF-8"/>
+
+  <property name="severity" value="error"/>
+
+  <property name="fileExtensions" value="java, properties, xml"/>
+  <!-- Excludes all 'module-info.java' files              -->
+  <!-- See https://checkstyle.org/config_filefilters.html -->
+  <module name="BeforeExecutionExclusionFileFilter">
+    <property name="fileNamePattern" value="module\-info\.java$"/>
+  </module>
+  <!-- https://checkstyle.org/config_filters.html#SuppressionFilter -->
+  <module name="SuppressionFilter">
+    <property name="file" value="${org.checkstyle.google.suppressionfilter.config}"
+           default="resources/checkstyle-suppressions.xml" />
+    <property name="optional" value="true"/>
+  </module>
+
+  <!-- Checks for whitespace                               -->
+  <!-- See http://checkstyle.org/config_whitespace.html -->
+  <module name="FileTabCharacter">
+    <property name="eachLine" value="true"/>
+  </module>
+
+  <module name="LineLength">
+    <property name="fileExtensions" value="java"/>
+    <property name="max" value="250"/>
+    <property name="ignorePattern" value="^package.*|^import.*|a href|href|http://|https://|ftp://"/>
+  </module>
+
+  <!-- Checks for header format                                   -->
+  <!-- See https://checkstyle.org/config_header.html#RegexpHeader -->
+  <module name="RegexpHeader">
+    <property name="severity" value="warning"/>
+    <property name="fileExtensions" value="java"/>
+    <property name="header" value="^/\*$\n^ \*  Copyright \(c\) 20\d\d((,| -) 20\d{2})? [A-Za-z].+\S$\n^ \*$\n^ \*  This program and the accompanying materials are made available under the$\n^ \*  terms of the Apache License, Version 2\.0 which is available at$\n^ \*  https://www\.apache\.org/licenses/LICENSE-2\.0$\n^ \*$\n^ \*  SPDX-License-Identifier: Apache-2\.0$\n^ \*$\n^ \*  Contributors:$\n^ \*       \S.*\S$\n^ \*$\n^ \*/$\n^$\n^package"/>
+    <property name="multiLines" value="11"/>
+  </module>
+
+  <module name="TreeWalker">
+    <module name="OuterTypeFilename"/>
+    <module name="IllegalTokenText">
+      <property name="tokens" value="STRING_LITERAL, CHAR_LITERAL"/>
+      <property name="format"
+               value="\\u00(09|0(a|A)|0(c|C)|0(d|D)|22|27|5(C|c))|\\(0(10|11|12|14|15|42|47)|134)"/>
+      <property name="message"
+               value="Consider using special escape sequence instead of octal value or Unicode escaped value."/>
+    </module>
+    <module name="AvoidEscapedUnicodeCharacters">
+      <property name="allowEscapesForControlCharacters" value="true"/>
+      <property name="allowByTailComment" value="true"/>
+      <property name="allowNonPrintableEscapes" value="true"/>
+    </module>
+    <module name="AvoidStarImport"/>
+    <module name="OneTopLevelClass"/>
+    <module name="NoLineWrap">
+      <property name="tokens" value="PACKAGE_DEF, IMPORT, STATIC_IMPORT"/>
+    </module>
+    <module name="EmptyBlock">
+      <property name="option" value="TEXT"/>
+      <property name="tokens"
+               value="LITERAL_TRY, LITERAL_FINALLY, LITERAL_IF, LITERAL_ELSE, LITERAL_SWITCH"/>
+    </module>
+    <module name="NeedBraces">
+      <property name="tokens"
+               value="LITERAL_DO, LITERAL_ELSE, LITERAL_FOR, LITERAL_IF, LITERAL_WHILE"/>
+      <property name="allowSingleLineStatement" value="true"/>
+      <property name="allowEmptyLoopBody" value="false"/>
+    </module>
+    <module name="LeftCurly">
+      <property name="tokens"
+               value="ANNOTATION_DEF, CLASS_DEF, CTOR_DEF, ENUM_CONSTANT_DEF, ENUM_DEF,
+                    INTERFACE_DEF, LAMBDA, LITERAL_CASE, LITERAL_CATCH, LITERAL_DEFAULT,
+                    LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY, LITERAL_FOR, LITERAL_IF,
+                    LITERAL_SWITCH, LITERAL_SYNCHRONIZED, LITERAL_TRY, LITERAL_WHILE, METHOD_DEF,
+                    OBJBLOCK, STATIC_INIT, RECORD_DEF, COMPACT_CTOR_DEF"/>
+    </module>
+    <module name="RightCurly">
+      <property name="id" value="RightCurlySame"/>
+      <property name="tokens"
+               value="LITERAL_TRY, LITERAL_CATCH, LITERAL_FINALLY, LITERAL_IF, LITERAL_ELSE,
+                    LITERAL_DO"/>
+    </module>
+    <module name="RightCurly">
+      <property name="id" value="RightCurlyAlone"/>
+      <property name="option" value="alone"/>
+      <property name="tokens"
+               value="CLASS_DEF, METHOD_DEF, CTOR_DEF, LITERAL_FOR, LITERAL_WHILE, STATIC_INIT,
+                    INSTANCE_INIT, ANNOTATION_DEF, ENUM_DEF, INTERFACE_DEF, RECORD_DEF,
+                    COMPACT_CTOR_DEF"/>
+    </module>
+    <module name="SuppressionXpathSingleFilter">
+      <!-- suppresion is required till https://github.com/checkstyle/checkstyle/issues/7541 -->
+      <property name="id" value="RightCurlyAlone"/>
+      <property name="query" value="//RCURLY[parent::SLIST[count(./*)=1]
+                                     or preceding-sibling::*[last()][self::LCURLY]]"/>
+    </module>
+    <module name="WhitespaceAfter">
+      <property name="tokens"
+               value="COMMA, SEMI, TYPECAST, LITERAL_IF, LITERAL_ELSE,
+                    LITERAL_WHILE, LITERAL_DO, LITERAL_FOR, DO_WHILE"/>
+    </module>
+    <module name="WhitespaceAround">
+      <property name="allowEmptyConstructors" value="true"/>
+      <property name="allowEmptyLambdas" value="true"/>
+      <property name="allowEmptyMethods" value="true"/>
+      <property name="allowEmptyTypes" value="true"/>
+      <property name="allowEmptyLoops" value="true"/>
+      <property name="ignoreEnhancedForColon" value="false"/>
+      <property name="tokens"
+               value="ASSIGN, BAND, BAND_ASSIGN, BOR, BOR_ASSIGN, BSR, BSR_ASSIGN, BXOR,
+                    BXOR_ASSIGN, COLON, DIV, DIV_ASSIGN, DO_WHILE, EQUAL, GE, GT, LAMBDA, LAND,
+                    LCURLY, LE, LITERAL_CATCH, LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY,
+                    LITERAL_FOR, LITERAL_IF, LITERAL_RETURN, LITERAL_SWITCH, LITERAL_SYNCHRONIZED,
+                    LITERAL_TRY, LITERAL_WHILE, LOR, LT, MINUS, MINUS_ASSIGN, MOD, MOD_ASSIGN,
+                    NOT_EQUAL, PLUS, PLUS_ASSIGN, QUESTION, RCURLY, SL, SLIST, SL_ASSIGN, SR,
+                    SR_ASSIGN, STAR, STAR_ASSIGN, LITERAL_ASSERT, TYPE_EXTENSION_AND"/>
+      <message key="ws.notFollowed"
+              value="WhitespaceAround: ''{0}'' is not followed by whitespace. Empty blocks may only be represented as '{}' when not part of a multi-block statement (4.1.3)"/>
+      <message key="ws.notPreceded"
+              value="WhitespaceAround: ''{0}'' is not preceded with whitespace."/>
+    </module>
+    <module name="OneStatementPerLine"/>
+    <module name="MultipleVariableDeclarations"/>
+    <module name="ArrayTypeStyle"/>
+    <module name="MissingSwitchDefault"/>
+    <module name="FallThrough"/>
+    <module name="UpperEll"/>
+    <module name="ModifierOrder"/>
+    <module name="EmptyLineSeparator">
+      <property name="tokens"
+               value="IMPORT, STATIC_IMPORT, CLASS_DEF, INTERFACE_DEF, ENUM_DEF,
+                    STATIC_INIT, INSTANCE_INIT, METHOD_DEF, CTOR_DEF, VARIABLE_DEF, RECORD_DEF,
+                    COMPACT_CTOR_DEF"/>
+      <property name="allowNoEmptyLineBetweenFields" value="true"/>
+    </module>
+    <module name="SeparatorWrap">
+      <property name="id" value="SeparatorWrapDot"/>
+      <property name="tokens" value="DOT"/>
+      <property name="option" value="nl"/>
+    </module>
+    <module name="SeparatorWrap">
+      <property name="id" value="SeparatorWrapComma"/>
+      <property name="tokens" value="COMMA"/>
+      <property name="option" value="EOL"/>
+    </module>
+    <module name="SeparatorWrap">
+      <!-- ELLIPSIS is EOL until https://github.com/google/styleguide/issues/259 -->
+      <property name="id" value="SeparatorWrapEllipsis"/>
+      <property name="tokens" value="ELLIPSIS"/>
+      <property name="option" value="EOL"/>
+    </module>
+    <module name="SeparatorWrap">
+      <!-- ARRAY_DECLARATOR is EOL until https://github.com/google/styleguide/issues/258 -->
+      <property name="id" value="SeparatorWrapArrayDeclarator"/>
+      <property name="tokens" value="ARRAY_DECLARATOR"/>
+      <property name="option" value="EOL"/>
+    </module>
+    <module name="SeparatorWrap">
+      <property name="id" value="SeparatorWrapMethodRef"/>
+      <property name="tokens" value="METHOD_REF"/>
+      <property name="option" value="nl"/>
+    </module>
+    <module name="PackageName">
+      <property name="format" value="^[a-z]+(\.[a-z][a-z0-9]*)*$"/>
+      <message key="name.invalidPattern"
+             value="Package name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="TypeName">
+      <property name="tokens" value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF,
+                    ANNOTATION_DEF, RECORD_DEF"/>
+      <message key="name.invalidPattern"
+             value="Type name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="MemberName">
+      <property name="format" value="^[a-z][a-z0-9][a-zA-Z0-9]*$"/>
+      <message key="name.invalidPattern"
+             value="Member name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="ParameterName">
+      <property name="format" value="^[a-z]([a-z0-9][a-zA-Z0-9]*)?$"/>
+      <message key="name.invalidPattern"
+             value="Parameter name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="LambdaParameterName">
+      <property name="format" value="^[a-z]([a-z0-9][a-zA-Z0-9]*)?$"/>
+      <message key="name.invalidPattern"
+             value="Lambda parameter name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="CatchParameterName">
+      <property name="format" value="^[a-z]([a-z0-9][a-zA-Z0-9]*)?$"/>
+      <message key="name.invalidPattern"
+             value="Catch parameter name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="LocalVariableName">
+      <property name="format" value="^[a-z]([a-z0-9][a-zA-Z0-9]*)?$"/>
+      <message key="name.invalidPattern"
+             value="Local variable name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="PatternVariableName">
+      <property name="format" value="^[a-z]([a-z0-9][a-zA-Z0-9]*)?$"/>
+      <message key="name.invalidPattern"
+             value="Pattern variable name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="ConstantName">
+      <property name="format" value="(^[A-Z]{1}[A-Z_0-9]+)$"/>
+      <message key="name.invalidPattern" value="Constant ''{0}'' must be UPPER_CASE, i.e. match pattern ''{1}''."/>
+    </module>
+    <module name="ClassTypeParameterName">
+      <property name="format" value="(^[A-Z_]+[0-9]*)$"/>
+      <message key="name.invalidPattern"
+             value="Class type name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="RecordComponentName">
+      <property name="format" value="^[a-z]([a-z0-9][a-zA-Z0-9]*)?$"/>
+      <message key="name.invalidPattern"
+               value="Record component name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="RecordTypeParameterName">
+      <property name="format" value="(^[A-Z][0-9]?)$|([A-Z][a-zA-Z0-9]*[T]$)"/>
+      <message key="name.invalidPattern"
+               value="Record type name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="MethodTypeParameterName">
+      <property name="format" value="(^[A-Z_]+[0-9]*)$"/>
+      <message key="name.invalidPattern"
+             value="Method type name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="InterfaceTypeParameterName">
+      <property name="format" value="(^[A-Z_]+[0-9]*)$"/>
+      <message key="name.invalidPattern"
+             value="Interface type name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="NoFinalizer"/>
+    <module name="GenericWhitespace">
+      <message key="ws.followed"
+             value="GenericWhitespace ''{0}'' is followed by whitespace."/>
+      <message key="ws.preceded"
+             value="GenericWhitespace ''{0}'' is preceded with whitespace."/>
+      <message key="ws.illegalFollow"
+             value="GenericWhitespace ''{0}'' should followed by whitespace."/>
+      <message key="ws.notPreceded"
+             value="GenericWhitespace ''{0}'' is not preceded with whitespace."/>
+    </module>
+    <module name="Indentation">
+      <property name="basicOffset" value="4"/>
+      <property name="braceAdjustment" value="4"/>
+      <property name="caseIndent" value="4"/>
+      <property name="throwsIndent" value="4"/>
+      <property name="lineWrappingIndentation" value="8"/>
+      <property name="arrayInitIndent" value="4"/>
+    </module>
+    <module name="AbbreviationAsWordInName">
+      <property name="ignoreFinal" value="false"/>
+      <property name="allowedAbbreviationLength" value="0"/>
+      <property name="tokens"
+               value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, ANNOTATION_DEF, ANNOTATION_FIELD_DEF,
+                    PARAMETER_DEF, VARIABLE_DEF, METHOD_DEF, PATTERN_VARIABLE_DEF, RECORD_DEF,
+                    RECORD_COMPONENT_DEF"/>
+    </module>
+    <module name="NoWhitespaceBeforeCaseDefaultColon"/>
+    <!--We would rather have all overridden methods grouped together-->
+    <!--<module name="OverloadMethodsDeclarationOrder"/>-->
+    <module name="SimplifyBooleanExpression"/>
+    <module name="SimplifyBooleanReturn"/>
+    <!--<module name="VariableDeclarationUsageDistance"/>-->
+    <module name="CustomImportOrder">
+      <property name="sortImportsInGroupAlphabetically" value="true"/>
+      <property name="separateLineBetweenGroups" value="true"/>
+      <property name="customImportOrderRules" value="THIRD_PARTY_PACKAGE###STANDARD_JAVA_PACKAGE###STATIC"/>
+      <property name="tokens" value="IMPORT, STATIC_IMPORT, PACKAGE_DEF"/>
+    </module>
+    <module name="MethodParamPad">
+      <property name="tokens"
+               value="CTOR_DEF, LITERAL_NEW, METHOD_CALL, METHOD_DEF,
+                    SUPER_CTOR_CALL, ENUM_CONSTANT_DEF, RECORD_DEF"/>
+    </module>
+    <module name="NoWhitespaceBefore">
+      <property name="tokens"
+               value="COMMA, SEMI, POST_INC, POST_DEC, DOT,
+                    LABELED_STAT, METHOD_REF"/>
+      <property name="allowLineBreaks" value="true"/>
+    </module>
+    <module name="ParenPad">
+      <property name="tokens"
+               value="ANNOTATION, ANNOTATION_FIELD_DEF, CTOR_CALL, CTOR_DEF, DOT, ENUM_CONSTANT_DEF,
+                    EXPR, LITERAL_CATCH, LITERAL_DO, LITERAL_FOR, LITERAL_IF, LITERAL_NEW,
+                    LITERAL_SWITCH, LITERAL_SYNCHRONIZED, LITERAL_WHILE, METHOD_CALL,
+                    METHOD_DEF, QUESTION, RESOURCE_SPECIFICATION, SUPER_CTOR_CALL, LAMBDA,
+                    RECORD_DEF"/>
+    </module>
+    <module name="OperatorWrap">
+      <property name="option" value="EOL"/>
+      <property name="tokens"
+               value="BAND, BOR, BSR, BXOR, DIV, EQUAL, GE, GT, LAND, LE, LITERAL_INSTANCEOF, LOR,
+                    LT, MINUS, MOD, NOT_EQUAL, PLUS, SL, SR, STAR, METHOD_REF,
+                    TYPE_EXTENSION_AND "/>
+    </module>
+
+    <module name="AnnotationLocation">
+      <property name="id" value="AnnotationLocationMostCases"/>
+      <property name="tokens"
+               value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, METHOD_DEF, CTOR_DEF,
+                      RECORD_DEF, COMPACT_CTOR_DEF"/>
+    </module>
+    <module name="AnnotationLocation">
+      <property name="id" value="AnnotationLocationVariables"/>
+      <property name="tokens" value="VARIABLE_DEF"/>
+      <property name="allowSamelineMultipleAnnotations" value="true"/>
+    </module>
+    <module name="NonEmptyAtclauseDescription"/>
+    <module name="InvalidJavadocPosition"/>
+    <module name="JavadocTagContinuationIndentation"/>
+    <module name="SummaryJavadoc">
+      <property name="forbiddenSummaryFragments"
+               value="^@return the *|^This method returns |^A [{]@code [a-zA-Z0-9]+[}]( is a )"/>
+      <property name="period" value=""/><!-- We don't require a period symbol at the end of the first line. -->
+    </module>
+<!--    disabled javadoc paragraph checking as it would complain about <p> tags-->
+<!--    <module name="JavadocParagraph">-->
+<!--      <property name="allowNewlineParagraph" value="false"/>-->
+<!--    </module>-->
+    <module name="RequireEmptyLineBeforeBlockTagGroup"/>
+    <module name="AtclauseOrder">
+      <property name="tagOrder" value="@param, @return, @throws, @deprecated"/>
+      <property name="target"
+               value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
+    </module>
+    <module name="JavadocMethod">
+      <property name="accessModifiers" value="public"/>
+      <property name="allowMissingParamTags" value="true"/>
+      <property name="allowMissingReturnTag" value="true"/>
+      <property name="allowedAnnotations" value="Override, Test"/>
+      <property name="tokens" value="METHOD_DEF, CTOR_DEF, ANNOTATION_FIELD_DEF, COMPACT_CTOR_DEF"/>
+    </module>
+<!-- DISABLED FOR NOW
+    <module name="MissingJavadocMethod">
+      <property name="scope" value="public"/>
+      <property name="minLineCount" value="2"/>
+      <property name="allowedAnnotations" value="Override, Test"/>
+      <property name="tokens" value="METHOD_DEF, CTOR_DEF, ANNOTATION_FIELD_DEF,
+                                   COMPACT_CTOR_DEF"/>
+    </module>
+    <module name="MissingJavadocType">
+      <property name="scope" value="protected"/>
+      <property name="tokens"
+                value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF,
+                      RECORD_DEF, ANNOTATION_DEF"/>
+      <property name="excludeScope" value="nothing"/>
+    </module>
+-->
+    <module name="MethodName">
+      <property name="format" value="^[a-z][a-z0-9][a-zA-Z0-9_]*$"/>
+      <message key="name.invalidPattern"
+             value="Method name ''{0}'' must match pattern ''{1}''."/>
+    </module>
+    <module name="SingleLineJavadoc"/>
+    <module name="EmptyCatchBlock">
+      <property name="exceptionVariableName" value="expected"/>
+    </module>
+    <module name="CommentsIndentation">
+      <property name="tokens" value="SINGLE_LINE_COMMENT, BLOCK_COMMENT_BEGIN"/>
+    </module>
+    <!-- https://checkstyle.org/config_filters.html#SuppressionXpathFilter -->
+    <module name="SuppressionXpathFilter">
+      <property name="file" value="${org.checkstyle.google.suppressionxpathfilter.config}"
+             default="checkstyle-xpath-suppressions.xml" />
+      <property name="optional" value="true"/>
+    </module>
+    <module name="AvoidNestedBlocks"/>
+    <module name="ConstantNameCheck">
+      <!-- Validates non-private, static, final fields against the supplied
+      public/package final fields "^[A-Z][A-Z0-9]*(_[A-Z0-9]+)*$". -->
+      <metadata name="altname" value="ConstantName"/>
+      <property name="applyToPublic" value="true"/>
+      <property name="applyToProtected" value="true"/>
+      <property name="applyToPackage" value="true"/>
+      <property name="applyToPrivate" value="false"/>
+      <property name="format" value="^([A-Z][A-Z0-9]*(_[A-Z0-9]+)*|FLAG_.*)$"/>
+      <message key="name.invalidPattern"
+               value="Variable ''{0}'' should be in ALL_CAPS (if it is a constant) or be private (otherwise)."/>
+    </module>
+    <module name="EmptyForIteratorPad"/>
+    <module name="EmptyStatement"/>
+    <module name="EqualsHashCode"/>
+    <module name="IllegalInstantiation"/>
+    <module name="LocalFinalVariableName"/>
+    <module name="MemberNameCheck">
+      <!-- Validates non-static members against the supplied expression. -->
+      <metadata name="altname" value="MemberName"/>
+      <property name="applyToPublic" value="true"/>
+      <property name="applyToProtected" value="true"/>
+      <property name="applyToPackage" value="true"/>
+      <property name="applyToPrivate" value="true"/>
+      <property name="format" value="^[a-z][a-zA-Z0-9]*$"/>
+    </module>
+    <module name="MethodNameCheck">
+      <!-- Validates identifiers for method names. -->
+      <metadata name="altname" value="MethodName"/>
+      <property name="format" value="^[a-z][a-zA-Z0-9]*(_[a-zA-Z0-9]+)*$"/>
+    </module>
+    <module name="MissingJavadocPackage"/>
+    <module name="NoWhitespaceAfter">
+      <property name="tokens" value="INC,DEC,UNARY_MINUS,UNARY_PLUS,BNOT,LNOT,DOT,ARRAY_DECLARATOR,INDEX_OP"/>
+    </module>
+    <module name="RedundantImport"/>
+    <module name="TypeNameCheck">
+      <metadata name="altname" value="TypeName"/>
+    </module>
+    <module name="TypecastParenPad"/>
+    <module name="InnerAssignment"/>
+    <module name="StaticVariableName"/>
+    <!-- Require both @deprecated Javadoc tag and @Deprecated annotation -->
+    <module name="MissingDeprecated"/>
+    <module name="UnusedImports"/>
+    <module name="RedundantModifier"/>
+  </module>
+</module>
diff --git a/system-tests/helm/k8s_resources/common-resources/participants.json b/system-tests/helm/k8s_resources/common-resources/participants.json
new file mode 100644
index 00000000..cad8f8ff
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/participants.json
@@ -0,0 +1,22 @@
+{
+  "include": [
+    {
+      "participant": "company1",
+      "region": "eu",
+      "country": "FR",
+      "data_dashboard_theme": "theme-1"
+    },
+    {
+      "participant": "company2",
+      "region": "eu",
+      "country": "DE",
+      "data_dashboard_theme": "theme-2"
+    },
+    {
+      "participant": "company3",
+      "region": "us",
+      "country": "US",
+      "data_dashboard_theme": "theme-3"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/.gitignore b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/.gitignore
new file mode 100644
index 00000000..ade2b773
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/.gitignore
@@ -0,0 +1,2 @@
+terraform.tfstate*
+*.lock*
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/env-vars b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/env-vars
new file mode 100755
index 00000000..7778bed0
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/env-vars
@@ -0,0 +1,12 @@
+
+export ARM_CLIENT_ID=$(terraform output -raw ARM_CLIENT_ID)
+export ARM_SUBSCRIPTION_ID=$(terraform output -raw ARM_SUBSCRIPTION_ID)
+export ARM_TENANT_ID=$(terraform output -raw ARM_TENANT_ID)
+export ARM_CLIENT_SECRET=$(terraform output -raw ARM_CLIENT_SECRET)
+export APP_CLIENT_ID=$(terraform output -raw APP_CLIENT_ID)
+export APP_CLIENT_SECRET=$(terraform output -raw APP_CLIENT_SECRET)
+export APP_OBJECT_ID=$(terraform output -raw APP_OBJECT_ID)
+export COMMON_RESOURCE_GROUP=$(terraform output -raw COMMON_RESOURCE_GROUP)
+export COMMON_RESOURCE_GROUP_LOCATION=$(terraform output -raw COMMON_RESOURCE_GROUP_LOCATION)
+export TERRAFORM_STATE_CONTAINER=$(terraform output -raw TERRAFORM_STATE_CONTAINER)
+export TERRAFORM_STATE_STORAGE_ACCOUNT=$(terraform output -raw TERRAFORM_STATE_STORAGE_ACCOUNT)
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/gh-actions.tf b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/gh-actions.tf
new file mode 100644
index 00000000..9837203b
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/gh-actions.tf
@@ -0,0 +1,52 @@
+# Create an application for GH Actions
+resource "azuread_application" "gh-actions-mvd" {
+  display_name     = var.gh_actions_appname
+  owners           = [data.azuread_client_config.current.object_id]
+  sign_in_audience = "AzureADMyOrg"
+
+  required_resource_access {
+    resource_app_id = "00000003-0000-0000-c000-000000000000" # Microsoft Graph
+    resource_access {
+      id   = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" # User.ReadWrite
+      type = "Scope"
+    }
+  }
+}
+
+# Create client secret for Azure AD app
+
+resource "azuread_application_password" "gh-actions-mvd-pwd" {
+  application_object_id = azuread_application.gh-actions-mvd.object_id
+}
+
+# Create a service principal
+resource "azuread_service_principal" "gh-actions-mvd-sp" {
+  application_id = azuread_application.gh-actions-mvd.application_id
+}
+
+# Create federated credentials for the main branch, and Pull requests
+resource "azuread_application_federated_identity_credential" "gh-actions-fc" {
+  application_object_id = azuread_application.gh-actions-mvd.object_id
+  display_name          = var.application_fc_name
+  description           = "Github Actions federated credential for your fork"
+  audiences             = ["api://AzureADTokenExchange"]
+  issuer                = "https://token.actions.githubusercontent.com"
+  subject               = "repo:${var.github_repo}:ref:refs/heads/main"
+}
+
+resource "azuread_application_federated_identity_credential" "gh-actions-fc-pullrequest" {
+  application_object_id = azuread_application.gh-actions-mvd.object_id
+  display_name          = var.application_fc_pr_name
+  description           = "Github Actions federated credential for your fork (Pullrequests)"
+  audiences             = ["api://AzureADTokenExchange"]
+  issuer                = "https://token.actions.githubusercontent.com"
+  subject               = "repo:${var.github_repo}:pull_request"
+}
+
+# grant GH Actions app "Owner" access to subscription
+resource "azurerm_role_assignment" "owner" {
+  scope                = data.azurerm_subscription.primary.id
+  role_definition_name = "Owner"
+  principal_id         = azuread_service_principal.gh-actions-mvd-sp.object_id
+
+}
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/main.tf b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/main.tf
new file mode 100644
index 00000000..41522440
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/main.tf
@@ -0,0 +1,36 @@
+# Configure Terraform
+terraform {
+  required_providers {
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = ">=2.41.0"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=3.71.0"
+    }
+    github = {
+      source  = "integrations/github"
+      version = ">=5.34.0"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+  }
+}
+
+provider "azuread" {
+  tenant_id = var.tenant_id
+}
+
+provider "github" {
+
+}
+
+data "azuread_client_config" "current" {
+}
+
+data "azurerm_subscription" "primary" {
+}
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/mvd-runtimes.tf b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/mvd-runtimes.tf
new file mode 100644
index 00000000..c4699b71
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/mvd-runtimes.tf
@@ -0,0 +1,28 @@
+# Create an application for MVD Runtimes
+resource "azuread_application" "mvd-runtimes" {
+  display_name     = var.mvd_runtimes_appname
+  owners           = [data.azuread_client_config.current.object_id]
+  sign_in_audience = "AzureADMyOrg"
+
+  required_resource_access {
+    resource_app_id = "00000003-0000-0000-c000-000000000000" # Microsoft Graph
+    resource_access {
+      id   = "e1fe6dd8-ba31-4d61-89e7-88639da4683d" # User.ReadWrite
+      type = "Scope"
+    }
+  }
+  feature_tags {
+    enterprise = true
+  }
+}
+
+# Create a service principal
+resource "azuread_service_principal" "mvd-runtimes-sp" {
+  application_id = azuread_application.mvd-runtimes.application_id
+
+}
+
+# create password for the GH Actions SP
+resource "azuread_application_password" "mvd-runtimes-sp-password" {
+  application_object_id = azuread_application.mvd-runtimes.object_id
+}
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/outputs.tf b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/outputs.tf
new file mode 100644
index 00000000..6d1a138c
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/outputs.tf
@@ -0,0 +1,48 @@
+output "ARM_CLIENT_ID" {
+  value = azuread_application.gh-actions-mvd.application_id
+}
+
+output "ARM_SUBSCRIPTION_ID" {
+  value = data.azurerm_subscription.primary.subscription_id
+}
+
+output "ARM_TENANT_ID" {
+  value = var.tenant_id
+}
+
+output "APP_CLIENT_ID" {
+  value = azuread_application.mvd-runtimes.application_id
+}
+
+output "APP_OBJECT_ID" {
+  value = azuread_service_principal.mvd-runtimes-sp.object_id
+}
+output "APP_CLIENT_SECRET" {
+  sensitive = true
+  value     = azuread_application_password.mvd-runtimes-sp-password.value
+}
+
+output "COMMON_RESOURCE_GROUP" {
+  value = var.common_resourcegroup
+}
+
+output "COMMON_RESOURCE_GROUP_LOCATION" {
+  value = var.common_resourcegroup_location
+}
+
+output "TERRAFORM_STATE_CONTAINER" {
+  value = var.tf_state_container
+}
+
+output "TERRAFORM_STATE_STORAGE_ACCOUNT" {
+  value = var.tf_state_storageaccount
+}
+
+output "GH_REPO" {
+  value = var.github_repo
+}
+
+output "ARM_CLIENT_SECRET" {
+  sensitive = true
+  value     = azuread_application_password.gh-actions-mvd-pwd.value
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/set-gh-secrets.sh b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/set-gh-secrets.sh
new file mode 100755
index 00000000..bb1d7535
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/set-gh-secrets.sh
@@ -0,0 +1,14 @@
+REPO=$(terraform output -raw GH_REPO)
+gh="gh --repo $REPO"
+
+$gh secret set ARM_CLIENT_ID --body "$(terraform output -raw ARM_CLIENT_ID)"
+$gh secret set ARM_SUBSCRIPTION_ID --body "$(terraform output -raw ARM_SUBSCRIPTION_ID)"
+$gh secret set ARM_TENANT_ID --body "$(terraform output -raw ARM_TENANT_ID)"
+$gh secret set ARM_CLIENT_SECRET --body "$(terraform output -raw ARM_CLIENT_SECRET)"
+$gh secret set APP_CLIENT_ID --body "$(terraform output -raw APP_CLIENT_ID)"
+$gh secret set APP_CLIENT_SECRET --body "$(terraform output -raw APP_CLIENT_SECRET)"
+$gh secret set APP_OBJECT_ID --body "$(terraform output -raw APP_OBJECT_ID)"
+$gh secret set COMMON_RESOURCE_GROUP --body "$(terraform output -raw COMMON_RESOURCE_GROUP)"
+$gh secret set COMMON_RESOURCE_GROUP_LOCATION --body "$(terraform output -raw COMMON_RESOURCE_GROUP_LOCATION)"
+$gh secret set TERRAFORM_STATE_CONTAINER --body "$(terraform output -raw TERRAFORM_STATE_CONTAINER)"
+$gh secret set TERRAFORM_STATE_STORAGE_ACCOUNT --body "$(terraform output -raw TERRAFORM_STATE_STORAGE_ACCOUNT)"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/variables.tf b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/variables.tf
new file mode 100644
index 00000000..b71647e6
--- /dev/null
+++ b/system-tests/helm/k8s_resources/common-resources/setup_azure_ad/variables.tf
@@ -0,0 +1,40 @@
+# supply the tenant ID for your Azure Tenant here
+variable "tenant_id" {
+  default = "<YOUR_TENANT_ID>"
+}
+# App registration name for the Federated Credential for GH Actions
+variable "gh_actions_appname" {
+  default = "GithubActions-MVD"
+}
+# App registration name for the MVD runtimes (=connectors)
+variable "mvd_runtimes_appname" {
+  default = "MVD-Runtimes"
+}
+# Name for the federated credential: GH Actions can deploy resources (on push)
+variable "application_fc_name" {
+  default = "GithubActions-MVD-FC"
+}
+# Name for the federated credential: GH Actions can deploy resources (on pull-request)
+variable "application_fc_pr_name" {
+  default = "GithubActions-MVD-FC-Pullrequest"
+}
+# name of your fork of MVD
+variable "github_repo" {
+  default = "<YOUR_FORK>/MinimumViableDataspace"
+}
+# name of the storage account that'll hold the Terraform State for MVD deployments
+variable "tf_state_storageaccount" {
+  default = "mvdtfstate"
+}
+# name of the storage container that'll hold the Terraform State for MVD deployments
+variable "tf_state_container" {
+  default = "mvdtfstate"
+}
+# RG location
+variable "common_resourcegroup_location" {
+  default = "northeurope"
+}
+# Resource group that'll contain common resources, such as the Storage account
+variable "common_resourcegroup" {
+  default = "mvd-common"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/.gitignore b/system-tests/helm/k8s_resources/deployment/azure/.gitignore
new file mode 100644
index 00000000..cdd422e2
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/.gitignore
@@ -0,0 +1,3 @@
+terraform/modules/dataspace/generated
+**/.terraform
+terraform/generated
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/create_azure_dataspace.sh b/system-tests/helm/k8s_resources/deployment/azure/create_azure_dataspace.sh
new file mode 100755
index 00000000..cbc8d545
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/create_azure_dataspace.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+set -euo pipefail
+
+echo "#########################"
+echo "### CREATE dataspace"
+echo "#########################"
+
+echo "Create tfvars file"
+cat >terraform/terraform.tfvars <<EOF
+application_sp_object_id = "$APP_OBJECT_ID"
+application_sp_client_id = "$APP_CLIENT_ID"
+application_sp_client_secret="$APP_CLIENT_SECRET"
+res_prefix="$RESOURCES_PREFIX"
+EOF
+echo
+
+echo "Create backend conf"
+echo "
+  resource_group_name   = \""${COMMON_RESOURCE_GROUP}"\"
+  storage_account_name  = \""${TERRAFORM_STATE_STORAGE_ACCOUNT}"\"
+  container_name        = \""${TERRAFORM_STATE_CONTAINER}"\"
+  key                   = \""${RESOURCES_PREFIX}"\"
+" > terraform/backend.conf
+echo
+
+echo "###############################"
+echo "### Create Dataspace Resources "
+echo "###############################"
+./generate_keys.sh
+
+echo "Az CLI login"
+az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID -o none
+echo
+
+echo "Run Terraform"
+terraform -chdir="./terraform" init -backend-config=backend.conf
+terraform -chdir="./terraform" apply -auto-approve
+echo
+
+echo "###################################"
+echo "### Configure Dataspace Runtimes "
+echo "###################################"
+
+echo "Update runtime configuration"
+participant_json=$(terraform -chdir=terraform output -json participant_data)
+./create_participant_resources.sh "$participant_json"
+dataspace_json=$(terraform -chdir=terraform output -json dataspace_data)
+./create_dataspace_resources.sh "$dataspace_json"
+
+echo "Copy self descriptions"
+mkdir -p resources
+cp -r terraform/modules/participant/resources/* resources/
+cp -r terraform/modules/dataspace/resources/* resources/
+echo
+
+
diff --git a/system-tests/helm/k8s_resources/deployment/azure/create_dataspace_resources.sh b/system-tests/helm/k8s_resources/deployment/azure/create_dataspace_resources.sh
new file mode 100755
index 00000000..daab6455
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/create_dataspace_resources.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+set -euo pipefail
+
+sed="sed -i"
+if [[ $OSTYPE == 'darwin'* ]]; then
+  sed="sed -i ''"
+fi
+dataspace_data="$1"
+
+vault_name=$(echo "$dataspace_data" | jq -r '.vault_name')
+dataspace_did_host=$(echo "$dataspace_data" | jq -r '.dataspace_did_host')
+gaiax_did_host=$(echo "$dataspace_data" | jq -r '.gaiax_did_host')
+
+echo "- Verify DID endpoints (GAIA-X Authority and Dataspace) are available:"
+curl -sSl --fail "https://$gaiax_did_host/.well-known/did.json" | jq '.id'
+curl -sSl --fail "https://$dataspace_did_host/.well-known/did.json" | jq '.id'
+echo
+
+echo "- Update Docker-compose environment variables for RegistrationService"
+env_file="docker/reg.env"
+$sed "s/EDC_VAULT_NAME=\".*\"/EDC_VAULT_NAME=\"$vault_name\"/g" $env_file
+$sed "s/EDC_VAULT_CLIENTSECRET=\".*\"/EDC_VAULT_CLIENTSECRET=\"${APP_CLIENT_SECRET}\"/g" $env_file
+$sed "s/EDC_VAULT_CLIENTID=\".*\"/EDC_VAULT_CLIENTID=\"${APP_CLIENT_ID}\"/g" $env_file
+$sed "s/EDC_VAULT_TENANTID=\".*\"/EDC_VAULT_TENANTID=\"${ARM_TENANT_ID}\"/g" "$env_file"
+$sed "s/EDC_IDENTITY_DID_URL=\".*\"/EDC_IDENTITY_DID_URL=\"did:web:$dataspace_did_host\"/g" $env_file
+
+echo
diff --git a/system-tests/helm/k8s_resources/deployment/azure/create_participant_resources.sh b/system-tests/helm/k8s_resources/deployment/azure/create_participant_resources.sh
new file mode 100755
index 00000000..e26bcf69
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/create_participant_resources.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -euo pipefail
+
+sed="sed -i"
+if [[ $OSTYPE == 'darwin'* ]]; then
+  sed="sed -i ''"
+fi
+
+data_json="$1"
+for row in $(echo "${data_json}" | jq -r '.[] | @base64'); do
+  _jq() {
+    echo "${row}" | base64 --decode | jq -r "${1}"
+  }
+  api_key=$(_jq '.api_key')
+  vault_name=$(_jq '.vault')
+  did_host=""$(_jq '.didhost')
+  conn_name=$(_jq '.connector_name')
+  participant_name=$(_jq '.participant.name')
+  assets_account=$(_jq '.assets_account')
+
+  echo "Update Docker-compose environment variables for Participant"
+  env_file="./docker/${participant_name}.env"
+  echo "processing file $env_file"
+  $sed "s/EDC_VAULT_NAME=\".*\"/EDC_VAULT_NAME=\"$vault_name\"/g" "$env_file"
+  $sed "s/EDC_VAULT_CLIENTSECRET=\".*\"/EDC_VAULT_CLIENTSECRET=\"${APP_CLIENT_SECRET}\"/g" "$env_file"
+  $sed "s/EDC_VAULT_CLIENTID=\".*\"/EDC_VAULT_CLIENTID=\"${APP_CLIENT_ID}\"/g" "$env_file"
+  $sed "s/EDC_VAULT_TENANTID=\".*\"/EDC_VAULT_TENANTID=\"${ARM_TENANT_ID}\"/g" "$env_file"
+  $sed "s/EDC_IDENTITY_DID_URL=\".*\"/EDC_IDENTITY_DID_URL=\"did:web:$did_host\"/g" "$env_file"
+  $sed "s/EDC_PARTICIPANT_ID=\".*\"/EDC_PARTICIPANT_ID=\"did:web:$did_host\"/g" "$env_file"
+  $sed "s/EDC_CONNECTOR_NAME=\".*\"/EDC_CONNECTOR_NAME=\"$conn_name\"/g" "$env_file"
+  $sed "s/EDC_API_AUTH_KEY=\".*\"/EDC_API_AUTH_KEY=\"$api_key\"/g" "$env_file"
+  echo "Verify that the DID Endpoint is ready"
+  curl -sSl --fail https://$did_host/.well-known/did.json | jq '.id'
+  echo
+
+  echo "Update UI App Config file"
+  appCfgFile="./resources/appconfig/${participant_name}/app.config.json"
+  echo "processing file $appCfgFile"
+
+  $sed "s/\"storageAccount\": *\".*\"/\"storageAccount\": \"${assets_account}\"/g" "$appCfgFile"
+done
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/destroy_dataspace_resources.sh b/system-tests/helm/k8s_resources/deployment/azure/destroy_dataspace_resources.sh
new file mode 100755
index 00000000..9a763e09
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/destroy_dataspace_resources.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+echo "- Az CLI login"
+# if this script is used on CI, please adapt the following line to however your CI authenticates to AZ AD
+az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID -o none
+echo
+
+terraform -chdir="./terraform" init -backend-config=backend.conf
+terraform -chdir=terraform destroy -auto-approve
diff --git a/system-tests/helm/k8s_resources/deployment/azure/docker/company1.env b/system-tests/helm/k8s_resources/deployment/azure/docker/company1.env
new file mode 100644
index 00000000..0b0806ab
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/docker/company1.env
@@ -0,0 +1,24 @@
+EDC_DSP_CALLBACK_ADDRESS="http://company1:8282/api/dsp"
+EDC_CONNECTOR_NAME="company1"
+
+EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS=5
+EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS=5
+EDC_CATALOG_CACHE_PARTITION_NUM_CRAWLERS=5
+
+EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT="http://company1:8383/api/control/token"
+
+EDC_WEB_REST_CORS_ENABLED="true"
+EDC_WEB_REST_CORS_HEADERS="origin,content-type,accept,authorization,x-api-key"
+EDC_IAM_DID_WEB_USE_HTTPS=true
+
+REGISTRATION_SERVICE_API_URL=http://registration-service:8184/api/authority
+EDC_SELF_DESCRIPTION_DOCUMENT_PATH=/resources/sdd.json
+
+# these are set dynamically
+EDC_PARTICIPANT_ID="did:web:mvdlocalcompany1did.z13.web.core.windows.net"
+EDC_IDENTITY_DID_URL="did:web:mvdlocalcompany1did.z13.web.core.windows.net"
+EDC_VAULT_NAME="kvmvdlocalcompany1"
+EDC_VAULT_CLIENTSECRET="MeK8Q~Enk6wYet11HHFAJggZWjuQZFP2XeTxFc4T"
+EDC_VAULT_CLIENTID="7dd0874a-d8a5-4a73-baa8-6ab65870246b"
+EDC_VAULT_TENANTID="1d9b26d0-b6ea-4495-97d3-e85ccf73a154"
+EDC_API_AUTH_KEY="ApiKeyDefaultValue"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/docker/company2.env b/system-tests/helm/k8s_resources/deployment/azure/docker/company2.env
new file mode 100644
index 00000000..fbda2dfc
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/docker/company2.env
@@ -0,0 +1,24 @@
+EDC_DSP_CALLBACK_ADDRESS="http://company2:8282/api/dsp"
+EDC_CONNECTOR_NAME="company2"
+
+EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS=5
+EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS=5
+EDC_CATALOG_CACHE_PARTITION_NUM_CRAWLERS=5
+
+EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT="http://company2:8383/api/control/token"
+
+EDC_WEB_REST_CORS_ENABLED="true"
+EDC_WEB_REST_CORS_HEADERS="origin,content-type,accept,authorization,x-api-key"
+EDC_IAM_DID_WEB_USE_HTTPS=true
+
+REGISTRATION_SERVICE_API_URL=http://registration-service:8184/api/authority
+EDC_SELF_DESCRIPTION_DOCUMENT_PATH=/resources/sdd.json
+
+# these are set dynamically
+EDC_PARTICIPANT_ID="did:web:mvdlocalcompany2did.z13.web.core.windows.net"
+EDC_IDENTITY_DID_URL="did:web:mvdlocalcompany2did.z13.web.core.windows.net"
+EDC_VAULT_NAME="kvmvdlocalcompany2"
+EDC_VAULT_CLIENTSECRET="MeK8Q~Enk6wYet11HHFAJggZWjuQZFP2XeTxFc4T"
+EDC_VAULT_CLIENTID="7dd0874a-d8a5-4a73-baa8-6ab65870246b"
+EDC_VAULT_TENANTID="1d9b26d0-b6ea-4495-97d3-e85ccf73a154"
+EDC_API_AUTH_KEY="ApiKeyDefaultValue"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/docker/company3.env b/system-tests/helm/k8s_resources/deployment/azure/docker/company3.env
new file mode 100644
index 00000000..68035bd8
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/docker/company3.env
@@ -0,0 +1,24 @@
+EDC_DSP_CALLBACK_ADDRESS="http://company3:8282/api/dsp"
+EDC_CONNECTOR_NAME="company3"
+
+EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS=5
+EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS=5
+EDC_CATALOG_CACHE_PARTITION_NUM_CRAWLERS=5
+
+EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT="http://company3:8383/api/control/token"
+
+EDC_WEB_REST_CORS_ENABLED="true"
+EDC_WEB_REST_CORS_HEADERS="origin,content-type,accept,authorization,x-api-key"
+EDC_IAM_DID_WEB_USE_HTTPS=true
+
+REGISTRATION_SERVICE_API_URL=http://registration-service:8184/api/authority
+EDC_SELF_DESCRIPTION_DOCUMENT_PATH=/resources/sdd.json
+
+# these are set dynamically
+EDC_PARTICIPANT_ID="did:web:mvdlocalcompany3did.z13.web.core.windows.net"
+EDC_IDENTITY_DID_URL="did:web:mvdlocalcompany3did.z13.web.core.windows.net"
+EDC_VAULT_NAME="kvmvdlocalcompany3"
+EDC_VAULT_CLIENTSECRET="MeK8Q~Enk6wYet11HHFAJggZWjuQZFP2XeTxFc4T"
+EDC_VAULT_CLIENTID="7dd0874a-d8a5-4a73-baa8-6ab65870246b"
+EDC_VAULT_TENANTID="1d9b26d0-b6ea-4495-97d3-e85ccf73a154"
+EDC_API_AUTH_KEY="ApiKeyDefaultValue"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/docker/docker-compose.yml b/system-tests/helm/k8s_resources/deployment/azure/docker/docker-compose.yml
new file mode 100644
index 00000000..f4a9dd1f
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/docker/docker-compose.yml
@@ -0,0 +1,120 @@
+version: "3.9"
+services:
+
+  # EDC Connector to simulate a dataspace participant acting as a data provider which is located in EU.
+  company1:
+    container_name: company1
+    build:
+      context: ../../../launchers/connector
+      args:
+        JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005"
+    env_file:
+      - company1.env
+    depends_on:
+      - registration-service
+    ports:
+      - "9191:9191"
+      - "8181:8181"
+      - "5005:5005"
+      - "7171:7171"
+    volumes:
+      - ../resources/self-description/company1:/resources
+
+  # EDC Connector to simulate a dataspace participant acting as a data consumer which is located in EU.
+  company2:
+    container_name: company2
+    build:
+      context: ../../../launchers/connector
+      args:
+        JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5006"
+    env_file:
+      - company2.env
+    depends_on:
+      - registration-service
+    ports:
+      - "9192:9191"
+      - "8182:8181"
+      - "5006:5006"
+      - "7172:7171"
+    volumes:
+      - ../resources/self-description/company2:/resources
+
+  # EDC Connector to simulate a dataspace participant acting as a consumer which is located in US.
+  company3:
+    container_name: company3
+    build:
+      context: ../../../launchers/connector
+      args:
+        JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5007"
+    env_file:
+      - company3.env
+    depends_on:
+      - registration-service
+    ports:
+      - "9193:9191"
+      - "8183:8181"
+      - "5007:5007"
+      - "7173:7171"
+    volumes:
+      - ../resources/self-description/company3:/resources
+
+  # Dataspace registration service authority.
+  registration-service:
+    container_name: registration-service
+    build:
+      # e.g. /home/user/RegistrationService/launcher
+      context: ../../../launchers/registrationservice
+      args:
+        JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5008"
+    env_file: reg.env
+
+    ports:
+      - "8184:8184"
+      - "8185:8181"
+      - "5008:5008"
+      - "7174:7171"
+    volumes:
+      - ../resources/self-description/registration-service:/resources
+
+  # Data Dashboard (MVD UI) for participant company1
+  company1-datadashboard:
+    container_name: company1-datadashboard
+    build:
+      context: ../../system-tests/DataDashboard
+    volumes:
+      - ../resources/appconfig/company1:/usr/share/nginx/html/assets/config
+    depends_on:
+      company1:
+        condition: service_healthy
+    ports:
+      - "7080:80"
+    profiles: [ "ui" ]
+
+    # Data Dashboard (MVD UI) for participant company2
+
+  company2-datadashboard:
+    container_name: company2-datadashboard
+    build:
+      context: ../../system-tests/DataDashboard
+    volumes:
+      - ../resources/appconfig/company2:/usr/share/nginx/html/assets/config
+    depends_on:
+      company2:
+        condition: service_healthy
+    ports:
+      - "7081:80"
+    profiles: [ "ui" ]
+
+  # Data Dashboard (MVD UI) for participant company3
+  company3-datadashboard:
+    container_name: company3-datadashboard
+    build:
+      context: ../../system-tests/DataDashboard
+    volumes:
+      - ../resources/appconfig/company3:/usr/share/nginx/html/assets/config
+    depends_on:
+      company3:
+        condition: service_healthy
+    ports:
+      - "7082:80"
+    profiles: [ "ui" ]
diff --git a/system-tests/helm/k8s_resources/deployment/azure/docker/reg.env b/system-tests/helm/k8s_resources/deployment/azure/docker/reg.env
new file mode 100644
index 00000000..e920f05d
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/docker/reg.env
@@ -0,0 +1,12 @@
+JWT_AUDIENCE=http://registration-service:8184/api/authority
+EDC_IAM_DID_WEB_USE_HTTPS=true
+EDC_CONNECTOR_NAME=registration-service
+EDC_SELF_DESCRIPTION_DOCUMENT_PATH=/resources/sdd.json
+EDC_ERROR_RESPONSE_VERBOSE="true"
+
+# these are set dynamically
+EDC_IDENTITY_DID_URL="did:web:mvdlocaldataspacedid.z13.web.core.windows.net"
+EDC_VAULT_NAME="kvmvdlocalregistration"
+EDC_VAULT_CLIENTSECRET="MeK8Q~Enk6wYet11HHFAJggZWjuQZFP2XeTxFc4T"
+EDC_VAULT_CLIENTID="7dd0874a-d8a5-4a73-baa8-6ab65870246b"
+EDC_VAULT_TENANTID="1d9b26d0-b6ea-4495-97d3-e85ccf73a154"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/generate_key.sh b/system-tests/helm/k8s_resources/deployment/azure/generate_key.sh
new file mode 100755
index 00000000..ae1325de
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/generate_key.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ "$#" -lt 1 ]; then
+  echo "Usage: sh $0 <KEY_PREFIX>"
+  exit 1
+fi
+
+KEY_PREFIX="$1"
+PEMFILE="${KEY_PREFIX}.pem"
+
+if [ -f "$PEMFILE" ]; then
+    echo "  PEM $PEMFILE exists, will not recreate. Delete this file to force re-generation."
+    exit 0
+fi
+
+echo "generate $PEMFILE"
+openssl ecparam -name prime256v1 -genkey -noout -out "$PEMFILE"
+echo "generate public key"
+openssl ec -in "$PEMFILE" -pubout -out "${KEY_PREFIX}.public.pem" > /dev/null
+echo "generate JWK"
+docker run --rm -i danedmunds/pem-to-jwk:1.2.1 --public --pretty <"${KEY_PREFIX}.public.pem" >"${KEY_PREFIX}.public.jwk"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/generate_keys.sh b/system-tests/helm/k8s_resources/deployment/azure/generate_keys.sh
new file mode 100755
index 00000000..656b3c04
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/generate_keys.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+participants=("company1" "company2" "company3")
+
+OUTPUTDIR="terraform"
+
+# Generate participant keys
+for participant in "${participants[@]}"; do
+  mkdir -p "$OUTPUTDIR/generated/$participant"
+  ./generate_key.sh "$OUTPUTDIR/generated/$participant/participant"
+done
+
+# Generate GaiaX  Key
+mkdir -p "$OUTPUTDIR/generated/dataspace/"
+sh ./generate_key.sh "$OUTPUTDIR/generated/dataspace/gaiaxkey"
+
+# Generate Dataspace Authority Key
+sh ./generate_key.sh "$OUTPUTDIR/generated/dataspace/authoritykey"
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company1/app.config.json b/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company1/app.config.json
new file mode 100644
index 00000000..95638f80
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company1/app.config.json
@@ -0,0 +1,6 @@
+{
+  "dataManagementApiUrl": "http://localhost:9191/api/management",
+  "storageAccount": "company1assets",
+  "storageExplorerLinkTemplate": "storageexplorer://v=1",
+  "theme": "theme-1"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company2/app.config.json b/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company2/app.config.json
new file mode 100644
index 00000000..ade54c59
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company2/app.config.json
@@ -0,0 +1,6 @@
+{
+  "dataManagementApiUrl": "http://localhost:9192/api/management",
+  "storageAccount": "company2assets",
+  "storageExplorerLinkTemplate": "storageexplorer://v=1",
+  "theme": "theme-2"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company3/app.config.json b/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company3/app.config.json
new file mode 100644
index 00000000..266b4298
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/appconfig/company3/app.config.json
@@ -0,0 +1,6 @@
+{
+  "dataManagementApiUrl": "http://localhost:9193/api/management",
+  "storageAccount": "company3assets",
+  "storageExplorerLinkTemplate": "storageexplorer://v=1",
+  "theme": "theme-3"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company1/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company1/sdd.json
new file mode 100755
index 00000000..b25e47eb
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company1/sdd.json
@@ -0,0 +1,66 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "company1"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "FR",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "FR",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company2/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company2/sdd.json
new file mode 100755
index 00000000..02459b36
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company2/sdd.json
@@ -0,0 +1,66 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "company2"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "DE",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "DE",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company3/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company3/sdd.json
new file mode 100755
index 00000000..e8ca258d
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/company3/sdd.json
@@ -0,0 +1,66 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "company3"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "US",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "US",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/registration-service/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/registration-service/sdd.json
new file mode 100755
index 00000000..13634d39
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/resources/self-description/registration-service/sdd.json
@@ -0,0 +1,62 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "ES",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "ES",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/seed_dataspace.sh b/system-tests/helm/k8s_resources/deployment/azure/seed_dataspace.sh
new file mode 100755
index 00000000..6188a249
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/seed_dataspace.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -euo pipefail
+
+participant_json=$(terraform -chdir=terraform output -json participant_data)
+dataspace_json=$(terraform -chdir=terraform output -json dataspace_data)
+
+echo "##########################################"
+echo "### Seed Data and register Participants   "
+echo "##########################################"
+gxdid=$(echo "$dataspace_json" | jq -r '.gaiax_did_host')
+dsdid=$(echo "$dataspace_json" | jq -r '.dataspace_did_host')
+p1=9191
+p2=7171
+
+# iterate over the participants json data obtained earlier
+for row in $(echo "${participant_json}" | jq -r '.[] | @base64'); do
+  _jq() {
+    echo "${row}" | base64 --decode | jq -r "${1}"
+  }
+  p1did=$(_jq '.didhost')
+  name=$(_jq '.participant.name')
+  region=$(_jq '.participant.region')
+  asset_account=$(_jq '.assets_account')
+
+  echo "Seed data and VC"
+  ./seed_vcs.sh $name $region $p1 $p2 "$p1did" "$gxdid" "$asset_account"
+
+  echo "Register participant with dataspace"
+  java -jar registration-service-cli.jar \
+    -u "http://localhost:8184/api/authority" \
+    -d "did:web:${dsdid}" \
+    -c "did:web:${p1did}" \
+    -k "terraform/generated/$name/participant.pem" \
+    participants add
+
+  ((p1 = p1 + 1))
+  ((p2 = p2 + 1))
+done
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/seed_vcs.sh b/system-tests/helm/k8s_resources/deployment/azure/seed_vcs.sh
new file mode 100755
index 00000000..3fe39f42
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/seed_vcs.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+if [ "$#" -lt 7 ]; then
+  echo "Usage: sh $0 <PARTICIPANT_NAME> <REGION> <MGMT_API_PORT> <IDENTITY_PORT> <PARTICIPANT_DID_HOST> <GAIAX_DID_HOST> <ASSET_STORAGE_ACCOUNT>"
+  exit 1
+fi
+
+participant="$1"
+region="$2"
+managementPort="$3"
+identityPort="$4"
+participant_did_host="$5"
+gaiax_did_host="$6"
+asset_account="$7"
+
+
+## Function declarations to be used later
+pushCredential() {
+  local participant="$1"
+  local claims="$2"
+  echo "Push claims to $participant at port $identityPort"
+  echo "    claims: ${claims}"
+  echo
+  local participant_did="did:web:$participant_did_host"
+  local gaiax_did="$3"
+
+  java -jar identity-hub-cli.jar -s="$ihUrl" vc add \
+    -c="$claims" \
+    -b="$participant_did" \
+    -i="$gaiax_did" \
+    -k="terraform/generated/dataspace/gaiaxkey.pem"
+}
+
+checkCredentials() {
+  len=$(java -jar identity-hub-cli.jar -s="$ihUrl" vc list | jq -r '. | length')
+  if [ "$len" -lt 1 ]; then
+    echo "Wrong number of VCs, expected > 1, got ${len}"
+    exit 2
+  fi
+}
+
+# variables
+gaiax_did="did:web:$gaiax_did_host"
+
+
+ihUrl="http://localhost:${identityPort}/api/identity/identity-hub"
+
+echo "### Handling participant \"$participant\" in region \"$region\""
+echo "### Push seed data    "
+
+# read the API KEY from the .env file that was generated during the resource generation phase
+# cut into tokens at the "=" with cut and remove all double-quotes with tr
+api_key=$(grep "EDC_API_AUTH_KEY" "docker/$participant.env" | cut -d "=" -f2 | tr -d '"')
+newman run \
+  --folder "Publish Master Data" \
+  --env-var data_management_url="http://localhost:$managementPort/api/management" \
+  --env-var storage_account="${asset_account}" \
+  --env-var participant_id="${participant}" \
+  --env-var api_key="$api_key" \
+  ../data/MVD.postman_collection.json
+echo
+
+# hack - assume all containers have sequential management api managementPort configurations, check docker/docker-compose.yml for details!!!
+
+pushCredential "$participant" '{"region": "'"$region"'"}' "$gaiax_did"
+
+checkCredentials
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/shutdown_azure_dataspace.sh b/system-tests/helm/k8s_resources/deployment/azure/shutdown_azure_dataspace.sh
new file mode 100755
index 00000000..97a9fd4e
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/shutdown_azure_dataspace.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+echo "#########################"
+echo "### SHUTDOWN dataspace"
+echo "#########################"
+
+
+echo "Stop running Dataspace participants"
+docker-compose -f docker/docker-compose.yml down --remove-orphans
+echo
+
+echo "Destroy resources for dataspace"
+sh ./destroy_dataspace_resources.sh
+echo
+echo " ### DONE ###"
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/main.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/main.tf
new file mode 100644
index 00000000..25de5a12
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/main.tf
@@ -0,0 +1,76 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.7.0"
+    }
+  }
+
+  backend "azurerm" {
+    use_oidc = true
+  }
+
+}
+
+provider "azurerm" {
+  features {
+    key_vault {
+      purge_soft_delete_on_destroy = true
+    }
+  }
+}
+
+
+
+module "dataspace" {
+  source                        = "./modules/dataspace"
+  application_sp_client_id      = var.application_sp_client_id
+  application_sp_object_id      = var.application_sp_object_id
+  application_sp_client_secret  = var.application_sp_client_secret
+  dataspace_authority_country   = "ES"
+  prefix                        = var.res_prefix
+  resource_group                = "rg-${var.res_prefix}-dataspace"
+  public_key_jwk_file_authority = "${path.module}/generated/dataspace/authoritykey.public.jwk"
+  public_key_jwk_file_gaiax     = "${path.module}/generated/dataspace/gaiaxkey.public.jwk"
+  private_key_pem_file          = "${path.module}/generated/dataspace/authoritykey.pem"
+}
+
+# todo: iterate over #{var.participants}
+module "participant1" {
+  source                   = "./modules/participant"
+  prefix                   = var.res_prefix
+  participant_name         = "company1"
+  participant_region       = "eu"
+  participant_country      = "FR"
+  resource_group           = "rg-${var.res_prefix}-company1"
+  application_sp_client_id = var.application_sp_client_id
+  application_sp_object_id = var.application_sp_object_id
+  public_key_jwk_file      = "${path.module}/generated/company1/participant.public.jwk"
+  private_key_pem_file     = "${path.module}/generated/company1/participant.pem"
+}
+
+module "participant2" {
+  source                   = "./modules/participant"
+  prefix                   = var.res_prefix
+  participant_name         = "company2"
+  participant_region       = "eu"
+  participant_country      = "DE"
+  resource_group           = "rg-${var.res_prefix}-company2"
+  application_sp_client_id = var.application_sp_client_id
+  application_sp_object_id = var.application_sp_object_id
+  public_key_jwk_file      = "${path.module}/generated/company2/participant.public.jwk"
+  private_key_pem_file     = "${path.module}/generated/company2/participant.pem"
+}
+
+module "participant3" {
+  source                   = "./modules/participant"
+  prefix                   = var.res_prefix
+  participant_name         = "company3"
+  participant_region       = "us"
+  participant_country      = "US"
+  resource_group           = "rg-${var.res_prefix}-company3"
+  application_sp_client_id = var.application_sp_client_id
+  application_sp_object_id = var.application_sp_object_id
+  public_key_jwk_file      = "${path.module}/generated/company3/participant.public.jwk"
+  private_key_pem_file     = "${path.module}/generated/company3/participant.pem"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/dataspace-did.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/dataspace-did.tf
new file mode 100644
index 00000000..9226eba2
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/dataspace-did.tf
@@ -0,0 +1,52 @@
+# Internal Dataspace Authority resources (Dataspace DID)
+resource "azurerm_storage_account" "dataspace_did" {
+  name                     = "${var.prefix}dataspacedid"
+  resource_group_name      = azurerm_resource_group.dataspace.name
+  location                 = var.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+  static_website {}
+}
+
+resource "azurerm_storage_blob" "dataspace_did" {
+  name                 = ".well-known/did.json" # `.well-known` path is defined by did:web specification
+  storage_account_name = azurerm_storage_account.dataspace_did.name
+  # Create did blob only if public_key_jwk_file is provided. Default public_key_jwk_file value is null.
+  count                  = var.public_key_jwk_file_authority == null ? 0 : 1
+  storage_container_name = "$web" # container used to serve static files (see static_website property on storage account)
+  type                   = "Block"
+  source_content = jsonencode({
+    id = local.dataspace_did_uri
+    "@context" = [
+      "https://www.w3.org/ns/did/v1",
+      {
+        "@base" = local.dataspace_did_uri
+      }
+    ],
+    "service" : [
+      {
+        "id" : "#registration-url",
+        "type" : "RegistrationUrl",
+        "serviceEndpoint" : local.registration_service_url
+      },
+      {
+        "id" : "#self-description-url",
+        "type" : "SelfDescription",
+        "serviceEndpoint" : "http://${local.registration_service_host}:${local.edc_default_port}/api/identity-hub/self-description"
+      }
+    ],
+    "verificationMethod" = [
+      {
+        "id"           = "#identity-key-authority"
+        "controller"   = ""
+        "type"         = "JsonWebKey2020"
+        "publicKeyJwk" = jsondecode(file(var.public_key_jwk_file_authority))
+      }
+    ],
+    "authentication" : [
+      "#identity-key-authority"
+  ] })
+  content_type = "application/json"
+}
+
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/gaiax-did.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/gaiax-did.tf
new file mode 100644
index 00000000..92d668b0
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/gaiax-did.tf
@@ -0,0 +1,41 @@
+# GAIA-X Authority resources
+resource "azurerm_storage_account" "gaiax_did" {
+  name                     = "${var.prefix}gaiaxdid"
+  resource_group_name      = azurerm_resource_group.dataspace.name
+  location                 = var.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+  static_website {}
+}
+
+resource "azurerm_storage_blob" "gaiax_did" {
+  name                 = ".well-known/did.json" # `.well-known` path is defined by did:web specification
+  storage_account_name = azurerm_storage_account.gaiax_did.name
+  # Create did blob only if public_key_jwk_file is provided. Default public_key_jwk_file value is null.
+  count                  = var.public_key_jwk_file_gaiax == null ? 0 : 1
+  storage_container_name = "$web" # container used to serve static files (see static_website property on storage account)
+  type                   = "Block"
+  source_content = jsonencode({
+    id = local.gaiax_did_uri
+    "@context" = [
+      "https://www.w3.org/ns/did/v1",
+      {
+        "@base" = local.gaiax_did_uri
+      }
+    ],
+    "service" : [],
+    "verificationMethod" = [
+      {
+        "id"           = "#identity-key-gaiax"
+        "controller"   = ""
+        "type"         = "JsonWebKey2020"
+        "publicKeyJwk" = jsondecode(file(var.public_key_jwk_file_gaiax))
+      }
+    ],
+    "authentication" : [
+      "#identity-key-gaiax"
+  ] })
+  content_type = "application/json"
+}
+
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/main.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/main.tf
new file mode 100644
index 00000000..8eecf5bb
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/main.tf
@@ -0,0 +1,80 @@
+locals {
+  edc_resources_folder     = "/resources"
+  dataspace_authority_name = "authority"
+}
+
+data "azurerm_subscription" "current_subscription" {
+}
+
+data "azurerm_client_config" "current_client" {
+}
+
+locals {
+  registry_files_prefix = "${var.prefix}-"
+
+  connector_name = "registration-service"
+
+  registration_service_dns_label   = "${var.prefix}-registration-mvd"
+  edc_default_port                 = 8181
+  registration_service_port        = 8184
+  registration_service_path_prefix = "/api/authority"
+  registration_service_host        = "registration-service"
+  registration_service_url         = "http://${local.registration_service_host}:${local.registration_service_port}${local.registration_service_path_prefix}"
+
+  dataspace_did_uri = "did:web:${azurerm_storage_account.dataspace_did.primary_web_host}"
+  gaiax_did_uri     = "did:web:${azurerm_storage_account.gaiax_did.primary_web_host}"
+}
+
+resource "azurerm_resource_group" "dataspace" {
+  name     = var.resource_group
+  location = var.location
+}
+
+resource "azurerm_key_vault" "registrationservice" {
+  // added `kv` prefix because the keyvault name needs to begin with a letter
+  name                        = "kv${var.prefix}registration"
+  location                    = var.location
+  resource_group_name         = azurerm_resource_group.dataspace.name
+  enabled_for_disk_encryption = false
+  tenant_id                   = data.azurerm_client_config.current_client.tenant_id
+  soft_delete_retention_days  = 7
+  purge_protection_enabled    = false
+  sku_name                    = "standard"
+  enable_rbac_authorization   = true
+}
+
+# Role assignment so that the application may access the vault
+resource "azurerm_role_assignment" "registrationservice_keyvault" {
+  scope                = azurerm_key_vault.registrationservice.id
+  role_definition_name = "Key Vault Secrets Officer"
+  principal_id         = var.application_sp_object_id
+}
+
+# Role assignment so that the currently logged in user may add secrets to the vault
+resource "azurerm_role_assignment" "current-user-secretsofficer" {
+  scope                = azurerm_key_vault.registrationservice.id
+  role_definition_name = "Key Vault Secrets Officer"
+  principal_id         = data.azurerm_client_config.current_client.object_id
+}
+
+# Role assignment so that the currently logged in user may add keys to the vault
+resource "azurerm_role_assignment" "current-user-cryptoofficer" {
+  scope                = azurerm_key_vault.registrationservice.id
+  role_definition_name = "Key Vault Crypto Officer"
+  principal_id         = data.azurerm_client_config.current_client.object_id
+}
+
+resource "azurerm_storage_account" "shared" {
+  name                     = "${var.prefix}${local.dataspace_authority_name}shared"
+  resource_group_name      = azurerm_resource_group.dataspace.name
+  location                 = azurerm_resource_group.dataspace.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+}
+
+resource "azurerm_storage_share" "share" {
+  name                 = "share"
+  storage_account_name = azurerm_storage_account.shared.name
+  quota                = 1
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/outputs.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/outputs.tf
new file mode 100644
index 00000000..9c758c65
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/outputs.tf
@@ -0,0 +1,26 @@
+output "connector_name" {
+  value = local.connector_name
+}
+
+output "key_vault" {
+  value = azurerm_key_vault.registrationservice.name
+}
+
+output "registration_service_host" {
+  value = local.registration_service_host
+}
+
+output "registration_service_url" {
+  value = local.registration_service_url
+}
+
+output "dataspace_did_host" {
+  value = length(azurerm_storage_blob.dataspace_did) > 0 ? azurerm_storage_account.dataspace_did.primary_web_host : null
+}
+
+output "gaiax_did_host" {
+  value = length(azurerm_storage_blob.gaiax_did) > 0 ? azurerm_storage_account.gaiax_did.primary_web_host : null
+}
+output "authority-sdd-file" {
+  value = "${path.module}/build/${local.dataspace_authority_name}-sdd.json"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/resources/self-description/registration-service/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/resources/self-description/registration-service/sdd.json
new file mode 100755
index 00000000..13634d39
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/resources/self-description/registration-service/sdd.json
@@ -0,0 +1,62 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "ES",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "ES",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/sdd.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/sdd.tf
new file mode 100644
index 00000000..7aebdbb6
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/sdd.tf
@@ -0,0 +1,73 @@
+resource "local_file" "sdd" {
+  content  = <<EOT
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "${var.dataspace_authority_country}",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "${var.dataspace_authority_country}",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
+  EOT
+  filename = "${path.module}/resources/self-description/registration-service/sdd.json"
+}
+
+#resource "azurerm_storage_share_file" "sdd" {
+#  name             = "sdd.json"
+#  storage_share_id = azurerm_storage_share.share.id
+#  source           = local_file.sdd.filename
+#}
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/variables.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/variables.tf
new file mode 100644
index 00000000..31c7ee95
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/variables.tf
@@ -0,0 +1,43 @@
+variable "prefix" {
+  description = "Prefix of resource names. Guarantee uniqueness of resource names to be able to deploy several MVD without conflicts."
+  default     = "test"
+}
+
+variable "location" {
+  default = "eastus"
+}
+
+variable "resource_group" {
+  default = "test-dataspace"
+}
+
+variable "dataspace_authority_country" {
+  default = "DE"
+}
+
+variable "application_sp_object_id" {
+  description = "object id of application's service principal object"
+}
+
+variable "application_sp_client_id" {
+  description = "client id of application's service principal object"
+}
+
+variable "application_sp_client_secret" {
+  description = "client secret of application's service principal object"
+  sensitive   = true
+}
+
+variable "public_key_jwk_file_authority" {
+  description = "name of a file containing the Registration Service public key in JWK format"
+  default     = null
+}
+
+variable "public_key_jwk_file_gaiax" {
+  description = "name of a file containing the GAIA-X public key in JWK format"
+  default     = null
+}
+
+variable "private_key_pem_file" {
+  description = "path to the registration service's PEM encoded private key"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/vault_secrets.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/vault_secrets.tf
new file mode 100644
index 00000000..f535be63
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/dataspace/vault_secrets.tf
@@ -0,0 +1,6 @@
+resource "azurerm_key_vault_secret" "private-key" {
+  key_vault_id = azurerm_key_vault.registrationservice.id
+  name         = local.connector_name
+  value        = file(var.private_key_pem_file)
+  depends_on   = [azurerm_role_assignment.current-user-secretsofficer]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/did.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/did.tf
new file mode 100644
index 00000000..e9c45627
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/did.tf
@@ -0,0 +1,57 @@
+resource "azurerm_storage_account" "did" {
+  name                     = "${var.prefix}${var.participant_name}did"
+  resource_group_name      = azurerm_resource_group.participant.name
+  location                 = azurerm_resource_group.participant.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+  static_website {}
+}
+
+resource "azurerm_storage_blob" "did" {
+  name                 = ".well-known/did.json" # `.well-known` path is defined by did:web specification
+  storage_account_name = azurerm_storage_account.did.name
+  # Create did blob only if public_key_jwk_file is provided. Default public_key_jwk_file value is null.
+  count                  = var.public_key_jwk_file == null ? 0 : 1
+  storage_container_name = "$web"
+  # container used to serve static files (see static_website property on storage account)
+  type = "Block"
+  source_content = jsonencode({
+    id = local.did_url
+    "@context" = [
+      "https://www.w3.org/ns/did/v1",
+      {
+        "@base" = local.did_url
+      }
+    ],
+    "service" : [
+      {
+        "id" : "#identity-hub-url",
+        "type" : "IdentityHub",
+        "serviceEndpoint" : "http://${var.participant_name}:${local.edc_identity_port}/api/identity/identity-hub"
+      },
+      {
+        "id" : "#dsp-url",
+        "type" : "DSPMessaging",
+        "serviceEndpoint" : "http://${urlencode(var.participant_name)}:${local.edc_dsp_port}/api/dsp"
+      },
+      {
+        "id" : "#self-description-url",
+        "type" : "SelfDescription",
+        "serviceEndpoint" : "http://${var.participant_name}:${local.edc_default_port}/api/identity/identity-hub/self-description"
+      }
+    ],
+    "verificationMethod" = [
+      {
+        "id"           = "#identity-key-1"
+        "controller"   = ""
+        "type"         = "JsonWebKey2020"
+        "publicKeyJwk" = jsondecode(file(var.public_key_jwk_file))
+      }
+    ],
+    "authentication" : [
+      "#identity-key-1"
+    ]
+  })
+  content_type = "application/json"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/main.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/main.tf
new file mode 100644
index 00000000..c3b05fa3
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/main.tf
@@ -0,0 +1,121 @@
+
+
+data "azurerm_subscription" "current_subscription" {
+}
+
+data "azurerm_client_config" "current_client" {
+}
+
+locals {
+  api_key              = var.api_key //random_password.apikey.result
+  edc_resources_folder = "/resources"
+}
+
+locals {
+  registry_files_prefix = "${var.prefix}-"
+
+  connector_id     = "urn:connector:${var.prefix}-${var.participant_name}"
+  connector_name   = "connector-${var.participant_name}"
+  connector_region = var.participant_region
+
+  did_url = "did:web:${azurerm_storage_account.did.primary_web_host}"
+
+  edc_dns_label       = "${var.prefix}-${var.participant_name}-edc-mvd"
+  edc_default_port    = 8181
+  edc_dsp_port        = 8282
+  edc_identity_port   = 7171
+  edc_management_port = 9191
+}
+
+resource "azurerm_resource_group" "participant" {
+  name     = var.resource_group
+  location = var.location
+}
+
+resource "azurerm_key_vault" "participant" {
+  // added `kv` prefix because the keyvault name needs to begin with a letter
+  name                        = "kv${var.prefix}${var.participant_name}"
+  location                    = azurerm_resource_group.participant.location
+  resource_group_name         = azurerm_resource_group.participant.name
+  enabled_for_disk_encryption = false
+  tenant_id                   = data.azurerm_client_config.current_client.tenant_id
+  soft_delete_retention_days  = 7
+  purge_protection_enabled    = false
+  sku_name                    = "standard"
+  enable_rbac_authorization   = true
+}
+
+# Role assignment so that the application may access the vault
+resource "azurerm_role_assignment" "participant_secretsofficer" {
+  scope                = azurerm_key_vault.participant.id
+  role_definition_name = "Key Vault Secrets Officer"
+  principal_id         = var.application_sp_object_id
+}
+
+# Role assignment so that the currently logged in user may add secrets to the vault
+resource "azurerm_role_assignment" "current-user-secretsofficer" {
+  scope                = azurerm_key_vault.participant.id
+  role_definition_name = "Key Vault Secrets Officer"
+  principal_id         = data.azurerm_client_config.current_client.object_id
+}
+
+# Role assignment so that the currently logged in user may add keys to the vault
+resource "azurerm_role_assignment" "current-user-cryptoofficer" {
+  scope                = azurerm_key_vault.participant.id
+  role_definition_name = "Key Vault Crypto Officer"
+  principal_id         = data.azurerm_client_config.current_client.object_id
+}
+
+resource "azurerm_storage_account" "assets" {
+  name                     = "${var.prefix}${var.participant_name}assets"
+  resource_group_name      = azurerm_resource_group.participant.name
+  location                 = azurerm_resource_group.participant.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+}
+
+resource "azurerm_storage_account" "inbox" {
+  name                     = "${var.prefix}${var.participant_name}inbox"
+  resource_group_name      = azurerm_resource_group.participant.name
+  location                 = azurerm_resource_group.participant.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+}
+
+resource "azurerm_storage_account" "shared" {
+  name                     = "${var.prefix}${var.participant_name}shared"
+  resource_group_name      = azurerm_resource_group.participant.name
+  location                 = azurerm_resource_group.participant.location
+  account_tier             = "Standard"
+  account_replication_type = "LRS"
+  account_kind             = "StorageV2"
+}
+
+resource "azurerm_storage_share" "share" {
+  name                 = "share"
+  storage_account_name = azurerm_storage_account.shared.name
+  quota                = 1
+}
+
+resource "azurerm_storage_container" "assets_container" {
+  name                 = "src-container"
+  storage_account_name = azurerm_storage_account.assets.name
+}
+
+resource "azurerm_storage_blob" "testfile" {
+  name                   = "text-document.txt"
+  storage_account_name   = azurerm_storage_account.assets.name
+  storage_container_name = azurerm_storage_container.assets_container.name
+  type                   = "Block"
+  source                 = "${path.module}/sample-data/text-document.txt"
+}
+
+resource "azurerm_storage_blob" "testfile2" {
+  name                   = "text-document-2.txt"
+  storage_account_name   = azurerm_storage_account.assets.name
+  storage_container_name = azurerm_storage_container.assets_container.name
+  type                   = "Block"
+  source                 = "${path.module}/sample-data/text-document.txt"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/outputs.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/outputs.tf
new file mode 100644
index 00000000..db9ea867
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/outputs.tf
@@ -0,0 +1,42 @@
+output "assets_storage_account" {
+  value = azurerm_storage_account.assets.name
+}
+
+output "assets_storage_account_key" {
+  value     = azurerm_storage_account.assets.primary_access_key
+  sensitive = true
+}
+
+output "inbox_storage_account" {
+  value = azurerm_storage_account.inbox.name
+}
+
+output "inbox_storage_account_key" {
+  value     = azurerm_storage_account.inbox.primary_access_key
+  sensitive = true
+}
+
+output "key_vault" {
+  value = azurerm_key_vault.participant.name
+}
+
+output "connector_name" {
+  value = local.connector_name
+}
+
+output "participant_did_host" {
+  value = length(azurerm_storage_blob.did) > 0 ? azurerm_storage_account.did.primary_web_host : null
+}
+
+output "resource_group" {
+  value = azurerm_resource_group.participant.name
+}
+
+output "api_key" {
+  value     = local.api_key
+  sensitive = true
+}
+
+output "sdd_file" {
+  value = local_file.sdd
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company1/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company1/sdd.json
new file mode 100755
index 00000000..b25e47eb
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company1/sdd.json
@@ -0,0 +1,66 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "company1"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "FR",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "FR",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company2/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company2/sdd.json
new file mode 100755
index 00000000..02459b36
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company2/sdd.json
@@ -0,0 +1,66 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "company2"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "DE",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "DE",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company3/sdd.json b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company3/sdd.json
new file mode 100755
index 00000000..e8ca258d
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/resources/self-description/company3/sdd.json
@@ -0,0 +1,66 @@
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "company3"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "US",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "US",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/sample-data/text-document.txt b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/sample-data/text-document.txt
new file mode 100644
index 00000000..d8634396
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/sample-data/text-document.txt
@@ -0,0 +1 @@
+Lorem ipsum dolor sit amet, consectetur adipiscing elit.
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/sdd.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/sdd.tf
new file mode 100644
index 00000000..a7c0111b
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/sdd.tf
@@ -0,0 +1,71 @@
+resource "local_file" "sdd" {
+  content  = <<EOT
+    {
+        "selfDescriptionCredential": {
+            "@context": [
+                "http://www.w3.org/ns/shacl#",
+                "http://www.w3.org/2001/XMLSchema#",
+                "http://w3id.org/gaia-x/participant#",
+                "@nest"
+            ],
+            "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+            "@type": [
+                "VerifiableCredential",
+                "LegalPerson"
+            ],
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "gx-participant:registrationNumber": {
+                    "@type": "xsd:string",
+                    "@value": "${var.participant_name}"
+                },
+                "gx-participant:headquarterAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "${var.participant_country}",
+                        "@type": "xsd:string"
+                    }
+                },
+                "gx-participant:legalAddress": {
+                    "@type": "gx-participant:Address",
+                    "gx-participant:country": {
+                        "@value": "${var.participant_country}",
+                        "@type": "xsd:string"
+                    }
+                }
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:06.543Z",
+                "proofPurpose": "assertionMethod",
+                "verificationMethod": "did:web:test.delta-dao.com",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+            }
+        },
+        "complianceCredential": {
+            "@context": [
+                "https://www.w3.org/2018/credentials/v1"
+            ],
+            "@type": [
+                "VerifiableCredential",
+                "ParticipantCredential"
+            ],
+            "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+            "issuer": "did:web:compliance.gaia-x.eu",
+            "issuanceDate": "2022-07-05T14:43:07.885Z",
+            "credentialSubject": {
+                "id": "did:compliance.gaia-x.eu",
+                "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+            },
+            "proof": {
+                "type": "JsonWebKey2020",
+                "created": "2022-07-05T14:43:07.885Z",
+                "proofPurpose": "assertionMethod",
+                "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+                "verificationMethod": "did:web:compliance.gaia-x.eu"
+            }
+        }
+    }
+  EOT
+  filename = "${path.module}/resources/self-description/${var.participant_name}/sdd.json"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/variables.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/variables.tf
new file mode 100644
index 00000000..3c21f1b9
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/variables.tf
@@ -0,0 +1,45 @@
+variable "prefix" {
+  description = "Prefix of resource names. Guarantee uniqueness of resource names to be able to deploy several MVD without conflicts."
+  default     = "test"
+}
+
+variable "participant_name" {
+  default = "participant"
+}
+
+variable "participant_region" {
+  default = "eu"
+}
+#
+variable "participant_country" {
+  default = "FR"
+}
+
+variable "location" {
+  default = "eastus"
+}
+
+variable "resource_group" {
+  default = "test-resource-group"
+}
+
+variable "application_sp_object_id" {
+  description = "object id of application's service principal object"
+}
+
+variable "application_sp_client_id" {
+  description = "client id of application's service principal object"
+}
+
+variable "public_key_jwk_file" {
+  description = "name of a file containing the public key in JWK format"
+  default     = null
+}
+
+variable "private_key_pem_file" {
+  description = "path to the participant's PEM encoded private key"
+}
+
+variable "api_key" {
+  default = "ApiKeyDefaultValue"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/vault_secrets.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/vault_secrets.tf
new file mode 100644
index 00000000..60360d39
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/modules/participant/vault_secrets.tf
@@ -0,0 +1,20 @@
+resource "azurerm_key_vault_secret" "asset_storage_accesskey" {
+  key_vault_id = azurerm_key_vault.participant.id
+  name         = "${azurerm_storage_account.assets.name}-key1"
+  value        = azurerm_storage_account.assets.primary_access_key
+  depends_on   = [azurerm_role_assignment.current-user-secretsofficer]
+}
+
+resource "azurerm_key_vault_secret" "inbox_storage_accesskey" {
+  key_vault_id = azurerm_key_vault.participant.id
+  name         = "${azurerm_storage_account.inbox.name}-key1"
+  value        = azurerm_storage_account.inbox.primary_access_key
+  depends_on   = [azurerm_role_assignment.current-user-secretsofficer]
+}
+
+resource "azurerm_key_vault_secret" "private-key" {
+  key_vault_id = azurerm_key_vault.participant.id
+  name         = local.connector_name
+  value        = file(var.private_key_pem_file)
+  depends_on   = [azurerm_role_assignment.current-user-secretsofficer]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/outputs.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/outputs.tf
new file mode 100644
index 00000000..a9333a15
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/outputs.tf
@@ -0,0 +1,54 @@
+output "participants" {
+  value = var.participants
+}
+
+output "test" {
+  value = ["val1", "val2"]
+}
+
+output "participant_data" {
+  value = [
+    {
+      "participant" : var.participants[0]
+      "connector_name" : module.participant1.connector_name
+      "assets_account" : module.participant1.assets_storage_account
+      "assets_key" : module.participant1.assets_storage_account_key
+      "inbox_account" : module.participant1.inbox_storage_account
+      "inbox_key" : module.participant1.inbox_storage_account_key
+      "didhost" : module.participant1.participant_did_host
+      "vault" : module.participant1.key_vault
+      "api_key" : module.participant1.api_key
+    },
+    {
+      "participant" : var.participants[1]
+      "connector_name" : module.participant2.connector_name
+      "assets_account" : module.participant2.assets_storage_account
+      "assets_key" : module.participant2.assets_storage_account_key
+      "inbox_account" : module.participant2.inbox_storage_account
+      "inbox_key" : module.participant2.inbox_storage_account_key
+      "didhost" : module.participant2.participant_did_host
+      "vault" : module.participant2.key_vault
+      "api_key" : module.participant2.api_key
+    },
+    {
+      "participant" : var.participants[2]
+      "connector_name" : module.participant3.connector_name
+      "assets_account" : module.participant3.assets_storage_account
+      "assets_key" : module.participant3.assets_storage_account_key
+      "inbox_account" : module.participant3.inbox_storage_account
+      "inbox_key" : module.participant3.inbox_storage_account_key
+      "didhost" : module.participant3.participant_did_host
+      "vault" : module.participant3.key_vault
+      "api_key" : module.participant3.api_key
+    },
+  ]
+  sensitive = true
+}
+
+output "dataspace_data" {
+  value = {
+    "vault_name" : module.dataspace.key_vault
+    gaiax_did_host : module.dataspace.gaiax_did_host
+    dataspace_did_host : module.dataspace.dataspace_did_host
+  }
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/azure/terraform/variables.tf b/system-tests/helm/k8s_resources/deployment/azure/terraform/variables.tf
new file mode 100644
index 00000000..57d685f8
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/azure/terraform/variables.tf
@@ -0,0 +1,36 @@
+variable "application_sp_object_id" {
+  description = "object id of application's service principal object"
+}
+
+variable "res_prefix" {
+  default     = "test"
+  description = "prefix for Azure resources to avoid resource duplication. Should be randomized"
+}
+
+variable "application_sp_client_id" {
+  description = "client id of application's service principal object"
+}
+
+variable "application_sp_client_secret" {
+  description = "client secret of the application"
+}
+
+variable "participants" {
+  default = [
+    {
+      "name" : "company1"
+      "country" : "FR"
+      "region" : "eu"
+    },
+    {
+      "name" : "company2"
+      "country" : "DE"
+      "region" : "eu"
+    },
+    {
+      "name" : "company3"
+      "country" : "US"
+      "region" : "us"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/curl-upgrade.sh b/system-tests/helm/k8s_resources/deployment/curl-upgrade.sh
new file mode 100755
index 00000000..ddde4195
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/curl-upgrade.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+# Check installed version of Ubuntu
+Var=$(lsb_release -r)
+NumOnly=$(cut -f2 <<< "$Var")
+
+if [ "$NumOnly" != "20.04" ]; then
+  echo "WARNING: This curl upgrade script is only verified on Ubuntu 20.04, please check if you are running this on the correct version of Ubuntu"
+#  exit 1
+fi
+
+echo "Current installed version of cURL is: $(curl -V)"
+echo "Removing old curl..."
+apt remove -y curl && apt purge curl
+echo "Updating apt cache..."
+apt-get update
+echo "Installing build-tools..."
+apt-get install -y libssl-dev autoconf libtool make
+echo "Download & extract curl version: $VERSION"
+cd /usr/local/src
+rm -rf curl*
+wget -v https://curl.haxx.se/download/curl-$VERSION.zip && unzip curl-$VERSION.zip && cd curl-$VERSION
+echo "Building & Configuring curl..."
+./buildconf && ./configure --with-ssl && make && make install
+echo "Moving curl to /usr/bin/curl and linking"
+cp /usr/local/bin/curl /usr/bin/curl
+ldconfig
+echo "New upgraded version of curl is: $(curl -V)"
+echo "curl upgraded successfully to version $VERSION!"
diff --git a/system-tests/helm/k8s_resources/deployment/data/MVD.postman_collection.json b/system-tests/helm/k8s_resources/deployment/data/MVD.postman_collection.json
new file mode 100644
index 00000000..1875b677
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/data/MVD.postman_collection.json
@@ -0,0 +1,337 @@
+{
+	"info": {
+		"_postman_id": "dc725ac0-d08c-467f-95bf-88af4073f21f",
+		"name": "MVD",
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+		"_exporter_id": "3898078"
+	},
+	"item": [
+		{
+			"name": "Publish Master Data",
+			"item": [
+				{
+					"name": "Publish Asset 1",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new asset) or 409 Conflict (if asset already exists)\", function () {",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"@context\": {\n      \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"edc:Asset\",\n    \"@id\": \"test-document_{{participant_id}}\",\n    \"edc:properties\": {\n        \"edc:id\": \"test-document_{{participant_id}}\",\n        \"edc:name\": \"test-document_{{participant_id}}\",\n        \"edc:contenttype\": \"text/plain\",\n        \"edc:version\": \"1.0\",\n        \"edc:type\": \"AzureStorage\"\n    },\n    \"edc:dataAddress\": {\n        \"@type\": \"edc:DataAddress\",\n        \"edc:type\": \"AzureStorage\",\n        \"edc:properties\": [\n            {\n            \"edc:account\": \"{{storage_account}}\",\n            \"edc:container\": \"src-container\",\n            \"edc:blobname\": \"text-document.txt\",\n            \"edc:keyName\": \"{{storage_account}}-key1\"\n            }\n        ]\n    }\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v3/assets",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v3",
+								"assets"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Publish Asset 2",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new asset) or 409 Conflict (if asset already exists)\", function () {",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"@context\": {\n      \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@type\": \"edc:Asset\",\n    \"@id\": \"test-document-2_{{participant_id}}\",        \n    \"edc:properties\": {\n        \"edc:id\": \"test-document-2_{{participant_id}}\",\n        \"edc:name\": \"test-document-2_{{participant_id}}\",\n        \"edc:contenttype\": \"text/plain\",\n        \"edc:version\": \"1.0\",\n        \"edc:type\": \"AzureStorage\"\n    },\n    \"edc:dataAddress\": {\n        \"@type\": \"edc:DataAddress\",\n        \"edc:type\": \"AzureStorage\",\n        \"edc:properties\": [\n            {\n            \"edc:account\": \"{{storage_account}}\",\n            \"edc:container\": \"src-container\",\n            \"edc:blobname\": \"text-document-2.txt\",\n            \"edc:keyName\": \"{{storage_account}}-key1\"\n            }\n        ]\n    }\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v3/assets",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v3",
+								"assets"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Publish Policy 1",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new policy) or 409 Conflict (if policy already exists)\", function () {",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"@context\": {\n      \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"  \n    },\n    \"@id\": \"no-restriction-policy\",\n    \"edc:policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"permission\": []\n    }\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v2/policydefinitions",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v2",
+								"policydefinitions"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Publish Policy 2",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new policy) or 409 Conflict (if policy already exists)\", function () {",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"@context\": {\n      \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"  \n    },\n    \"@id\": \"eu-restricted-policy\",\n    \"edc:policy\": {\n        \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n        \"permission\": [\n            {\n                \"action\": \"use\",\n                \"constraint\": {\n                    \"@type\": \"LogicalConstraint\",\n                    \"leftOperand\": \"https://w3id.org/edc/v0.0.1/ns/regionLocation\",\n                    \"operator\": \"eq\",\n                    \"rightOperand\": \"eu\"\n                }\n            }\n        ]\n    }\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v2/policydefinitions",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v2",
+								"policydefinitions"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Publish ContractDefinition 1",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new contract definition) or 409 Conflict (if contract deifinition already exists)\", function () {",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"@context\": {\n      \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@id\": \"def-test-document_{{participant_id}}\",\n    \"accessPolicyId\": \"no-restriction-policy\",\n    \"contractPolicyId\": \"no-restriction-policy\",\n    \"assetsSelector\": [\n      {\n        \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n        \"operator\": \"=\",\n        \"operandRight\": \"test-document_{{participant_id}}\"\n      }\n    ]\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v2/contractdefinitions",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v2",
+								"contractdefinitions"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Publish ContractDefinition 2",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new contract definition) or 409 Conflict (if contract definition already exists)\", function () {",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n    \"@context\": {\n      \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\n    },\n    \"@id\": \"test-document-2_{{participant_id}}\",\n    \"accessPolicyId\": \"eu-restricted-policy\",\n    \"contractPolicyId\": \"eu-restricted-policy\",\n    \"assetsSelector\": [\n      {\n        \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\",\n        \"operator\": \"=\",\n        \"operandRight\": \"test-document-2_{{participant_id}}\"\n      }\n    ]\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v2/contractdefinitions",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v2",
+								"contractdefinitions"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Create Data Plane Instance",
+					"event": [
+						{
+							"listen": "test",
+							"script": {
+								"exec": [
+									"pm.test(\"Status code is 204 No Content (if new instance) or 409 Conflict (if instance already exists)\", function () {\r",
+									"    pm.expect(pm.response.code).to.be.oneOf([200, 204, 409])\r",
+									"});"
+								],
+								"type": "text/javascript"
+							}
+						}
+					],
+					"request": {
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\r\n    \"@context\": {\r\n        \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\r\n    },\r\n    \"id\": \"dpf-instance_{{participant_id}}\",\r\n    \"url\": \"http://{{participant_id}}:8383/api/v1\",\r\n    \"allowedSourceTypes\": [\"AzureStorage\"],\r\n    \"allowedDestTypes\": [\"AzureStorage\"]\r\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{data_management_url}}/v2/dataplanes",
+							"host": [
+								"{{data_management_url}}"
+							],
+							"path": [
+								"v2",
+								"dataplanes"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		}
+	],
+	"auth": {
+		"type": "apikey",
+		"apikey": [
+			{
+				"key": "value",
+				"value": "{{api_key}}",
+				"type": "string"
+			},
+			{
+				"key": "key",
+				"value": "x-api-key",
+				"type": "string"
+			}
+		]
+	},
+	"event": [
+		{
+			"listen": "prerequest",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		},
+		{
+			"listen": "test",
+			"script": {
+				"type": "text/javascript",
+				"exec": [
+					""
+				]
+			}
+		}
+	],
+	"variable": [
+		{
+			"key": "data_management_url",
+			"value": "http://localhost:9191/api/management",
+			"type": "string"
+		}
+	]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/deployment/seed-data.sh b/system-tests/helm/k8s_resources/deployment/seed-data.sh
new file mode 100755
index 00000000..7bb30a27
--- /dev/null
+++ b/system-tests/helm/k8s_resources/deployment/seed-data.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+# Split env vars into an array using delimiter ':'
+
+ParticipantIdArray=(${PARTICIPANT_ID//:/ })
+AssetsStorageAccountArray=(${ASSETS_STORAGE_ACCOUNT//:/ })
+EdcHostArray=(${EDC_HOST//:/ })
+
+if [ ${#ParticipantIdArray[@]} -ne ${#AssetsStorageAccountArray[@]} ] || [ ${#AssetsStorageAccountArray[@]} -ne ${#EdcHostArray[@]} ]; then
+  echo "PARTICIPANT_ID,ASSETS_STORAGE_ACCOUNT and EDC_HOST must be of equal length"
+  exit 1
+fi
+
+for i in "${!EdcHostArray[@]}"; do
+  echo "Seeding data for Participant ID: ${ParticipantIdArray[$i]}, Assets Storage Account: ${AssetsStorageAccountArray[$i]}, EDC Host: ${EdcHostArray[$i]}"
+
+  newman run \
+    --folder "Publish Master Data" \
+    --env-var data_management_url="http://${EdcHostArray[$i]}:9191/api/management" \
+    --env-var storage_account="${AssetsStorageAccountArray[$i]}" \
+    --env-var participant_id="${ParticipantIdArray[$i]}" \
+    --env-var api_key="$API_KEY" \
+    deployment/data/MVD.postman_collection.json
+done
diff --git a/system-tests/helm/k8s_resources/resources/appconfig/company1/app.config.json b/system-tests/helm/k8s_resources/resources/appconfig/company1/app.config.json
new file mode 100644
index 00000000..93a559cc
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/appconfig/company1/app.config.json
@@ -0,0 +1,8 @@
+{
+  "apiKey": "ApiKeyDefaultValue",
+  "managementApiUrl": "http://localhost/company1/api/management",
+  "catalogUrl": "http://localhost/company1/api/management",
+  "storageAccount": "company1assets",
+  "storageExplorerLinkTemplate": "storageexplorer://v=1",
+  "theme": "theme-1"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/appconfig/company2/app.config.json b/system-tests/helm/k8s_resources/resources/appconfig/company2/app.config.json
new file mode 100644
index 00000000..d288ad20
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/appconfig/company2/app.config.json
@@ -0,0 +1,8 @@
+{
+  "apiKey": "ApiKeyDefaultValue",
+  "managementApiUrl": "http://localhost/company2/api/management",
+  "catalogUrl": "http://localhost/company2/api/management",
+  "storageAccount": "company2assets",
+  "storageExplorerLinkTemplate": "storageexplorer://v=1",
+  "theme": "theme-2"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/appconfig/company3/app.config.json b/system-tests/helm/k8s_resources/resources/appconfig/company3/app.config.json
new file mode 100644
index 00000000..f00958da
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/appconfig/company3/app.config.json
@@ -0,0 +1,8 @@
+{
+  "apiKey": "ApiKeyDefaultValue",
+  "managementApiUrl": "http://localhost/company3/api/management",
+  "catalogUrl": "http://localhost/company3/api/management",
+  "storageAccount": "company3assets",
+  "storageExplorerLinkTemplate": "storageexplorer://v=1",
+  "theme": "theme-3"
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/cli-tools/Dockerfile b/system-tests/helm/k8s_resources/resources/cli-tools/Dockerfile
new file mode 100644
index 00000000..6fac3388
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/cli-tools/Dockerfile
@@ -0,0 +1,22 @@
+FROM openjdk:17-slim-buster
+
+# Install uuidgen and jq then delete apt indexes to save image space
+RUN apt update \
+    && apt install -y uuid-runtime jq \
+    && rm -rf /var/cache/apt/archives /var/lib/apt/lists
+
+WORKDIR /app
+
+# Copy Registration Service client jar
+COPY ./registration-service-cli.jar .
+
+# Copy Identity Hub client jar
+COPY ./identity-hub-cli.jar .
+
+COPY ./entrypoint.sh .
+COPY ./validate_onboarding.sh .
+
+# health status is determined by the success of the entrypoint script
+HEALTHCHECK --start-period=60s --interval=5s --retries=3 CMD test -f finished.flag
+
+ENTRYPOINT "/app/entrypoint.sh"
diff --git a/system-tests/helm/k8s_resources/resources/cli-tools/entrypoint.sh b/system-tests/helm/k8s_resources/resources/cli-tools/entrypoint.sh
new file mode 100755
index 00000000..639d372f
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/cli-tools/entrypoint.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# stop on error
+set -euo pipefail
+
+function registerParticipant() {
+  local participantName="$1"
+  local participantDid="$2"
+
+  echo "Registering $participantName"
+  java -jar registration-service-cli.jar \
+              -d="did:web:did-server:registration-service" \
+              --http-scheme \
+              -k=/resources/vault/$participantName/private-key.pem \
+              -c="$participantDid" \
+               participants add
+}
+
+function seedVerifiedCredentials() {
+  local participantName="$1"
+  local participantDid="$2"
+  local region="$3"
+
+   for subject in '"region": "'$region'"'
+   do
+     echo "Seeding VC for $participantName: $subject"
+     java -jar identity-hub-cli.jar \
+                 -s="http://$participantName:7171/api/identity/identity-hub" \
+                 vc add \
+                 -c="{ $subject }" \
+                 -b="$participantDid" \
+                 -i="did:web:did-server:gaia-x" \
+                 -k="/resources/vault/gaia-x/private-key.pem"
+   done
+}
+
+function seedAndRegisterParticipant() {
+  local participantName="$1"
+  local region="$2"
+  local participantDid="did:web:did-server:$participantName"
+
+  # seed vc for participant
+  seedVerifiedCredentials "$participantName" "$participantDid" "$region"
+
+  # Register dataspace participants
+  registerParticipant "$participantName" "$participantDid"
+}
+
+function awaitParticipantRegistration() {
+  local participantName="$1"
+  local region="$2"
+  local participantDid="did:web:did-server:$participantName"
+
+  cmd="java -jar registration-service-cli.jar \
+                  -d=did:web:did-server:registration-service \
+                  --http-scheme \
+                  -k=/resources/vault/$participantName/private-key.pem \
+                  -c=$participantDid \
+                  participants get"
+
+  # Wait for participant registration.
+  ./validate_onboarding.sh "$participantDid" "$cmd"
+}
+
+# Read participants from participants.json file.
+# $participants will contain participants and regions in a shell readable format e.g.:
+# 'company1' 'eu' \n 'company2' 'eu' \n 'company3' 'us'
+participants=$(jq -r '.include | map([.participant, .region])[] | @sh' /common-resources/participants.json)
+
+# Seed VCs and register participants.
+while read -r i; do
+  # shellcheck disable=SC2086 # disable IDE warning: allow word splitting on jq @sh output
+  eval seedAndRegisterParticipant $i
+done <<< "$participants"
+
+# Await registrations of participants.
+while read -r i; do
+  # shellcheck disable=SC2086 # disable IDE warning: allow word splitting on jq @sh output
+  eval awaitParticipantRegistration $i
+done <<< "$participants"
+
+# flag for healthcheck by Docker
+echo "finished" > finished.flag
+echo "Finished successfully! Keep the container running."
+
+# keep the container running
+sleep infinity
diff --git a/system-tests/helm/k8s_resources/resources/cli-tools/validate_onboarding.sh b/system-tests/helm/k8s_resources/resources/cli-tools/validate_onboarding.sh
new file mode 100755
index 00000000..808b5e2b
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/cli-tools/validate_onboarding.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# stop on error
+set -euo pipefail
+
+participantDid="$1"
+cmd="$2"
+
+echo "Fetching $participantDid onboarding status."
+
+retryCount=0
+maxRetryCount=30
+onboardingCompleted=false
+
+while [ $retryCount -lt $maxRetryCount ]; do
+
+    status=$($cmd|jq ".status")
+
+    echo "Status: $status"
+
+    if [ "$status" == "\"ONBOARDED\"" ]; then
+        echo "$participantDid is onboarded successfully"
+        onboardingCompleted=true
+        break
+    else
+        echo "Onboarding is not completed yet for $participantDid. Waiting for 1 second."
+
+        sleep 1
+    fi
+
+    retryCount=$((retryCount+1))
+
+done
+
+if [ "$onboardingCompleted" == false ]; then
+    echo "Max retries of $maxRetryCount reached. Onboarding is not completed yet for 'did:web:$participantDid'. Exiting."
+    exit 1
+fi
diff --git a/system-tests/helm/k8s_resources/resources/self-description/company1/sdd.json b/system-tests/helm/k8s_resources/resources/self-description/company1/sdd.json
new file mode 100644
index 00000000..78f59b5c
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/self-description/company1/sdd.json
@@ -0,0 +1,66 @@
+{
+  "selfDescriptionCredential": {
+    "@context": [
+      "http://www.w3.org/ns/shacl#",
+      "http://www.w3.org/2001/XMLSchema#",
+      "http://w3id.org/gaia-x/participant#",
+      "@nest"
+    ],
+    "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+    "@type": [
+      "VerifiableCredential",
+      "LegalPerson"
+    ],
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "gx-participant:registrationNumber": {
+        "@type": "xsd:string",
+        "@value": "company1"
+      },
+      "gx-participant:headquarterAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "FR",
+          "@type": "xsd:string"
+        }
+      },
+      "gx-participant:legalAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "FR",
+          "@type": "xsd:string"
+        }
+      }
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:06.543Z",
+      "proofPurpose": "assertionMethod",
+      "verificationMethod": "did:web:test.delta-dao.com",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+    }
+  },
+  "complianceCredential": {
+    "@context": [
+      "https://www.w3.org/2018/credentials/v1"
+    ],
+    "@type": [
+      "VerifiableCredential",
+      "ParticipantCredential"
+    ],
+    "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+    "issuer": "did:web:compliance.gaia-x.eu",
+    "issuanceDate": "2022-07-05T14:43:07.885Z",
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:07.885Z",
+      "proofPurpose": "assertionMethod",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+      "verificationMethod": "did:web:compliance.gaia-x.eu"
+    }
+  }
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/self-description/company2/sdd.json b/system-tests/helm/k8s_resources/resources/self-description/company2/sdd.json
new file mode 100644
index 00000000..0a08ac91
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/self-description/company2/sdd.json
@@ -0,0 +1,66 @@
+{
+  "selfDescriptionCredential": {
+    "@context": [
+      "http://www.w3.org/ns/shacl#",
+      "http://www.w3.org/2001/XMLSchema#",
+      "http://w3id.org/gaia-x/participant#",
+      "@nest"
+    ],
+    "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+    "@type": [
+      "VerifiableCredential",
+      "LegalPerson"
+    ],
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "gx-participant:registrationNumber": {
+        "@type": "xsd:string",
+        "@value": "company2"
+      },
+      "gx-participant:headquarterAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "DE",
+          "@type": "xsd:string"
+        }
+      },
+      "gx-participant:legalAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "DE",
+          "@type": "xsd:string"
+        }
+      }
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:06.543Z",
+      "proofPurpose": "assertionMethod",
+      "verificationMethod": "did:web:test.delta-dao.com",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+    }
+  },
+  "complianceCredential": {
+    "@context": [
+      "https://www.w3.org/2018/credentials/v1"
+    ],
+    "@type": [
+      "VerifiableCredential",
+      "ParticipantCredential"
+    ],
+    "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+    "issuer": "did:web:compliance.gaia-x.eu",
+    "issuanceDate": "2022-07-05T14:43:07.885Z",
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:07.885Z",
+      "proofPurpose": "assertionMethod",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+      "verificationMethod": "did:web:compliance.gaia-x.eu"
+    }
+  }
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/self-description/company3/sdd.json b/system-tests/helm/k8s_resources/resources/self-description/company3/sdd.json
new file mode 100644
index 00000000..c3ef3b3c
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/self-description/company3/sdd.json
@@ -0,0 +1,66 @@
+{
+  "selfDescriptionCredential": {
+    "@context": [
+      "http://www.w3.org/ns/shacl#",
+      "http://www.w3.org/2001/XMLSchema#",
+      "http://w3id.org/gaia-x/participant#",
+      "@nest"
+    ],
+    "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+    "@type": [
+      "VerifiableCredential",
+      "LegalPerson"
+    ],
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "gx-participant:registrationNumber": {
+        "@type": "xsd:string",
+        "@value": "company3"
+      },
+      "gx-participant:headquarterAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "US",
+          "@type": "xsd:string"
+        }
+      },
+      "gx-participant:legalAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "US",
+          "@type": "xsd:string"
+        }
+      }
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:06.543Z",
+      "proofPurpose": "assertionMethod",
+      "verificationMethod": "did:web:test.delta-dao.com",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+    }
+  },
+  "complianceCredential": {
+    "@context": [
+      "https://www.w3.org/2018/credentials/v1"
+    ],
+    "@type": [
+      "VerifiableCredential",
+      "ParticipantCredential"
+    ],
+    "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+    "issuer": "did:web:compliance.gaia-x.eu",
+    "issuanceDate": "2022-07-05T14:43:07.885Z",
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:07.885Z",
+      "proofPurpose": "assertionMethod",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+      "verificationMethod": "did:web:compliance.gaia-x.eu"
+    }
+  }
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/self-description/registration-service/sdd.json b/system-tests/helm/k8s_resources/resources/self-description/registration-service/sdd.json
new file mode 100644
index 00000000..02e9ba8e
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/self-description/registration-service/sdd.json
@@ -0,0 +1,62 @@
+{
+  "selfDescriptionCredential": {
+    "@context": [
+      "http://www.w3.org/ns/shacl#",
+      "http://www.w3.org/2001/XMLSchema#",
+      "http://w3id.org/gaia-x/participant#",
+      "@nest"
+    ],
+    "@id": "https://compliance.gaia-x.eu/.well-known/participant.json",
+    "@type": [
+      "VerifiableCredential",
+      "LegalPerson"
+    ],
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "gx-participant:headquarterAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "ES",
+          "@type": "xsd:string"
+        }
+      },
+      "gx-participant:legalAddress": {
+        "@type": "gx-participant:Address",
+        "gx-participant:country": {
+          "@value": "ES",
+          "@type": "xsd:string"
+        }
+      }
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:06.543Z",
+      "proofPurpose": "assertionMethod",
+      "verificationMethod": "did:web:test.delta-dao.com",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..WkJ7XuHlg2zQxoyFyAkt-QGzMdeCQRhylNbtu8CClGx11B49Z_zKm-HAEZv-NLupapvVYswL2JjoCcEQPhUEqhYruFIXcDwSTkBRpIxo084fytVMZtM2HDHV2snYpn7zUpfVzCOb-T2pkWkbmVvAOcSOg9OLPPWO1ypqUcimaEgdkyEHK-HFAuuqtll7K_5xP0-4_anXbF7Rr4aj0WQ5_glJMD8C2wjGir5DZB_vCOygVuprUL0OSPjdxB-4k6F1UPGr8MJ-IClfXpRaV0zdjkCZseCm4dIi9SOKGYTK609atCbhG3iQdukuZLhYJ8XhHyYv_5vGjkIVeayES78R1Q"
+    }
+  },
+  "complianceCredential": {
+    "@context": [
+      "https://www.w3.org/2018/credentials/v1"
+    ],
+    "@type": [
+      "VerifiableCredential",
+      "ParticipantCredential"
+    ],
+    "id": "https://catalogue.gaia-x.eu/credentials/ParticipantCredential/1657032187885",
+    "issuer": "did:web:compliance.gaia-x.eu",
+    "issuanceDate": "2022-07-05T14:43:07.885Z",
+    "credentialSubject": {
+      "id": "did:compliance.gaia-x.eu",
+      "hash": "bd3a7c2819c80b2a4ccf24151ea2212aeffd5aecafce2a4f9672b7f707ed76a3"
+    },
+    "proof": {
+      "type": "JsonWebKey2020",
+      "created": "2022-07-05T14:43:07.885Z",
+      "proofPurpose": "assertionMethod",
+      "jws": "eyJhbGciOiJQUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..Sfbi2OjSoS4MLJA_ZHbAxjeWp5rD9t652mo7tV-zEV2sJjOYGOEGS7of9P8BDyHb1QJ1tNScJQu83aIEEN-NiYZGpWHfHQ39n0TnZHRiUI0GkbX8W2XDaL2wDIa62Q30v_-PdcnOruApcOIyIBVVFfel9b8OZU3L0lb0z71AO17kgDYWVMauchn9DFQrPcbPycn39dzwwoh2ojnIn6HZ5JtIeBsjzeLq2EnzNgkSjXiubHZRPjjPwM9ZqMl_Bmo0Nta18Kk8r3j5X0974xvbV63f7dfbHglNBnvc4ncEnWiRqIaF1MoMsw_EhUrVETrfrxju4Bm9cFunOIeKf8FuUQ",
+      "verificationMethod": "did:web:compliance.gaia-x.eu"
+    }
+  }
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/vault/company1/cert.pem b/system-tests/helm/k8s_resources/resources/vault/company1/cert.pem
new file mode 100644
index 00000000..186769ec
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company1/cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAYegAwIBAgIUG2d0F834YBHPIdWYHFuvgNLg7IgwCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMjA3MDcxNTI4NDJaGA8yMTIxMDEy
+OTE1Mjg0MlowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABE+lWiwRNenY9lnKnAmhejNTkZWkIa0+WxIWPCVIg8EQhcVb4PnE
+mH2TMYbPk+ctwHx3o15JNIOhIYPBzR3iYf6jUzBRMB0GA1UdDgQWBBQEP35StZ99
+DIqMHP/GOuB+0V5uJTAfBgNVHSMEGDAWgBQEP35StZ99DIqMHP/GOuB+0V5uJTAP
+BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIGTn2zfAEV1yM1F4lMOZ
+NjNdy0CQc30qPZfRiLxpYl7GAiBVny85ZLWuEmQl/tlLu7mqERVe90WCqOp8ZD1L
+n8+8Ug==
+-----END CERTIFICATE-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company1/company1-keystore.jks b/system-tests/helm/k8s_resources/resources/vault/company1/company1-keystore.jks
new file mode 100644
index 00000000..73e4c84d
Binary files /dev/null and b/system-tests/helm/k8s_resources/resources/vault/company1/company1-keystore.jks differ
diff --git a/system-tests/helm/k8s_resources/resources/vault/company1/company1-vault.properties b/system-tests/helm/k8s_resources/resources/vault/company1/company1-vault.properties
new file mode 100644
index 00000000..6c045025
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company1/company1-vault.properties
@@ -0,0 +1,15 @@
+#Thu Nov 16 17:18:01 UTC 2023
+b77fb664-30d7-4351-9c16-22f1ce71d2b0-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2022-12-07T14%3A10%3A32Z&sr\=c&sp\=w&sig\=x8uJEpVcSsk2JmNbjHyTBLe02Dy3aUeB8Y4pagDasZA%3D","expiration"\:1670422232589}
+64ca9330-6fd6-4102-a949-e198a85a70ba-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A41%3A24Z&sr\=c&sp\=w&sig\=3qCXAJRFPiuhKlBNI3lBvjnha4bHFb%2B5NvmnCJ1rb6U%3D","expiration"\:1687527684749}
+40a5ea90-9e72-44bd-9b42-3808e35b7c3c-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A28%3A16Z&sr\=c&sp\=w&sig\=L1tvXtRtCYs8XvfBULfGIlevabqzJlDuVIqWVDQHI%2F0%3D","expiration"\:1687526896799}
+139908f3-53d2-4e4a-a99c-c7c92e3a3e04-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2023-08-03&se\=2023-11-16T17%3A26%3A53Z&sr\=c&sp\=w&sig\=UgySksTfvIolSI76rQ3HD2nOcF6YMJkQvj7MIhbrOc0%3D","expiration"\:1700155613055}
+e5bbc3ab-1b4c-42e8-b55d-be745f7c654e-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A37%3A16Z&sr\=c&sp\=w&sig\=GSXMzp2lMaAvtRvhAY9NuTvNWD0FsgnRLHOXnxLgXa8%3D","expiration"\:1687527436573}
+74d24513-bee2-40f1-b2ce-15ed45b8967a-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A36%3A24Z&sr\=c&sp\=w&sig\=ZJNrrg8VQs8tSBMPhokg%2BTCM084YV3VaAyjTaJ4Dcew%3D","expiration"\:1687527384429}
+7719e0bc-48a7-493f-a5a1-2b029252a891-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2023-01-25T16%3A30%3A40Z&sr\=c&sp\=w&sig\=7SsnR4c%2FjdXpl0n2IrHOg1fhyqypTPBlGhayZWnL3ao%3D","expiration"\:1674664240250}
+711c9e7c-6a94-4b6d-8f7a-36cf71cbc5bf-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2023-01-25T16%3A14%3A26Z&sr\=c&sp\=w&sig\=b%2FpbL5OmIx20MRA%2FMI1OtBOTuUu%2FSP4JTSxrr2piSQ0%3D","expiration"\:1674663266839}
+c42df689-100c-4111-b1e0-1af87c09e75a-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2022-12-07T14%3A07%3A18Z&sr\=c&sp\=w&sig\=FQqLkCUDQNtpJziMXtz6QzKlMlMtOCcjQKfF9CpgaBw%3D","expiration"\:1670422038984}
+1279ef0f-87b6-4415-9ed1-96b409dbdca5-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2023-08-03&se\=2023-11-16T18%3A17%3A57Z&sr\=c&sp\=w&sig\=YCaYwlTgZlVedZsQODTDqXBuoAibFXes6EV1O4kp%2BH0%3D","expiration"\:1700158677183}
+2011fb1c-8fb8-497a-a687-418c2f2e5996-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2023-01-24T08%3A46%3A33Z&sr\=c&sp\=w&sig\=uvnsvT654FHOxCII7nhaTzTyW%2BIcXORcUnnQqGeWDtk%3D","expiration"\:1674549993621}
+d0a20b72-1889-4bdd-a2ae-bc14be5c7b34-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2022-12-07T14%3A12%3A21Z&sr\=c&sp\=w&sig\=Os4JIY3EsUv0g7cuqsXRkr%2BPF4gHj6yPqueBNWhet6Q%3D","expiration"\:1670422341018}
+company1assets-key1=key1
+7ad43e9f-8c57-45de-a808-547bc38d6599-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A39%3A25Z&sr\=c&sp\=w&sig\=R5SBygOIVNuj4WvhpjnpR6DmvWUtOyuqny1PK7q9uF8%3D","expiration"\:1687527565569}
diff --git a/system-tests/helm/k8s_resources/resources/vault/company1/private-key.pem b/system-tests/helm/k8s_resources/resources/vault/company1/private-key.pem
new file mode 100644
index 00000000..18683140
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company1/private-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMH5nIIP0d/AI1D1L6DpIscPL3EX5x5XHxrBnt2+TduzoAoGCCqGSM49
+AwEHoUQDQgAET6VaLBE16dj2WcqcCaF6M1ORlaQhrT5bEhY8JUiDwRCFxVvg+cSY
+fZMxhs+T5y3AfHejXkk0g6Ehg8HNHeJh/g==
+-----END EC PRIVATE KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company1/public-key.pem b/system-tests/helm/k8s_resources/resources/vault/company1/public-key.pem
new file mode 100644
index 00000000..8085f609
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company1/public-key.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET6VaLBE16dj2WcqcCaF6M1ORlaQh
+rT5bEhY8JUiDwRCFxVvg+cSYfZMxhs+T5y3AfHejXkk0g6Ehg8HNHeJh/g==
+-----END PUBLIC KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company2/cert.pem b/system-tests/helm/k8s_resources/resources/vault/company2/cert.pem
new file mode 100644
index 00000000..186769ec
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company2/cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAYegAwIBAgIUG2d0F834YBHPIdWYHFuvgNLg7IgwCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMjA3MDcxNTI4NDJaGA8yMTIxMDEy
+OTE1Mjg0MlowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABE+lWiwRNenY9lnKnAmhejNTkZWkIa0+WxIWPCVIg8EQhcVb4PnE
+mH2TMYbPk+ctwHx3o15JNIOhIYPBzR3iYf6jUzBRMB0GA1UdDgQWBBQEP35StZ99
+DIqMHP/GOuB+0V5uJTAfBgNVHSMEGDAWgBQEP35StZ99DIqMHP/GOuB+0V5uJTAP
+BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIGTn2zfAEV1yM1F4lMOZ
+NjNdy0CQc30qPZfRiLxpYl7GAiBVny85ZLWuEmQl/tlLu7mqERVe90WCqOp8ZD1L
+n8+8Ug==
+-----END CERTIFICATE-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company2/company2-keystore.jks b/system-tests/helm/k8s_resources/resources/vault/company2/company2-keystore.jks
new file mode 100644
index 00000000..a4666dbd
Binary files /dev/null and b/system-tests/helm/k8s_resources/resources/vault/company2/company2-keystore.jks differ
diff --git a/system-tests/helm/k8s_resources/resources/vault/company2/company2-vault.properties b/system-tests/helm/k8s_resources/resources/vault/company2/company2-vault.properties
new file mode 100644
index 00000000..93e770e0
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company2/company2-vault.properties
@@ -0,0 +1,15 @@
+#Thu Nov 16 17:18:00 UTC 2023
+b77fb664-30d7-4351-9c16-22f1ce71d2b0-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2022-12-07T14%3A10%3A32Z&sr\=c&sp\=w&sig\=x8uJEpVcSsk2JmNbjHyTBLe02Dy3aUeB8Y4pagDasZA%3D","expiration"\:1670422232589}
+64ca9330-6fd6-4102-a949-e198a85a70ba-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A41%3A24Z&sr\=c&sp\=w&sig\=3qCXAJRFPiuhKlBNI3lBvjnha4bHFb%2B5NvmnCJ1rb6U%3D","expiration"\:1687527684749}
+40a5ea90-9e72-44bd-9b42-3808e35b7c3c-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A28%3A16Z&sr\=c&sp\=w&sig\=L1tvXtRtCYs8XvfBULfGIlevabqzJlDuVIqWVDQHI%2F0%3D","expiration"\:1687526896799}
+139908f3-53d2-4e4a-a99c-c7c92e3a3e04-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2023-08-03&se\=2023-11-16T17%3A26%3A53Z&sr\=c&sp\=w&sig\=UgySksTfvIolSI76rQ3HD2nOcF6YMJkQvj7MIhbrOc0%3D","expiration"\:1700155613055}
+company2assets-key1=key2
+e5bbc3ab-1b4c-42e8-b55d-be745f7c654e-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A37%3A16Z&sr\=c&sp\=w&sig\=GSXMzp2lMaAvtRvhAY9NuTvNWD0FsgnRLHOXnxLgXa8%3D","expiration"\:1687527436573}
+74d24513-bee2-40f1-b2ce-15ed45b8967a-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A36%3A24Z&sr\=c&sp\=w&sig\=ZJNrrg8VQs8tSBMPhokg%2BTCM084YV3VaAyjTaJ4Dcew%3D","expiration"\:1687527384429}
+7719e0bc-48a7-493f-a5a1-2b029252a891-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2023-01-25T16%3A30%3A40Z&sr\=c&sp\=w&sig\=7SsnR4c%2FjdXpl0n2IrHOg1fhyqypTPBlGhayZWnL3ao%3D","expiration"\:1674664240250}
+711c9e7c-6a94-4b6d-8f7a-36cf71cbc5bf-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2023-01-25T16%3A14%3A26Z&sr\=c&sp\=w&sig\=b%2FpbL5OmIx20MRA%2FMI1OtBOTuUu%2FSP4JTSxrr2piSQ0%3D","expiration"\:1674663266839}
+c42df689-100c-4111-b1e0-1af87c09e75a-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2022-12-07T14%3A07%3A18Z&sr\=c&sp\=w&sig\=FQqLkCUDQNtpJziMXtz6QzKlMlMtOCcjQKfF9CpgaBw%3D","expiration"\:1670422038984}
+1279ef0f-87b6-4415-9ed1-96b409dbdca5-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2023-08-03&se\=2023-11-16T18%3A17%3A57Z&sr\=c&sp\=w&sig\=YCaYwlTgZlVedZsQODTDqXBuoAibFXes6EV1O4kp%2BH0%3D","expiration"\:1700158677183}
+2011fb1c-8fb8-497a-a687-418c2f2e5996-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2023-01-24T08%3A46%3A33Z&sr\=c&sp\=w&sig\=uvnsvT654FHOxCII7nhaTzTyW%2BIcXORcUnnQqGeWDtk%3D","expiration"\:1674549993621}
+d0a20b72-1889-4bdd-a2ae-bc14be5c7b34-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2021-08-06&se\=2022-12-07T14%3A12%3A21Z&sr\=c&sp\=w&sig\=Os4JIY3EsUv0g7cuqsXRkr%2BPF4gHj6yPqueBNWhet6Q%3D","expiration"\:1670422341018}
+7ad43e9f-8c57-45de-a808-547bc38d6599-container={"edctype"\:"dataspaceconnector\:azuretoken","sas"\:"?sv\=2022-11-02&se\=2023-06-23T13%3A39%3A25Z&sr\=c&sp\=w&sig\=R5SBygOIVNuj4WvhpjnpR6DmvWUtOyuqny1PK7q9uF8%3D","expiration"\:1687527565569}
diff --git a/system-tests/helm/k8s_resources/resources/vault/company2/private-key.pem b/system-tests/helm/k8s_resources/resources/vault/company2/private-key.pem
new file mode 100644
index 00000000..18683140
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company2/private-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMH5nIIP0d/AI1D1L6DpIscPL3EX5x5XHxrBnt2+TduzoAoGCCqGSM49
+AwEHoUQDQgAET6VaLBE16dj2WcqcCaF6M1ORlaQhrT5bEhY8JUiDwRCFxVvg+cSY
+fZMxhs+T5y3AfHejXkk0g6Ehg8HNHeJh/g==
+-----END EC PRIVATE KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company2/public-key.pem b/system-tests/helm/k8s_resources/resources/vault/company2/public-key.pem
new file mode 100644
index 00000000..8085f609
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company2/public-key.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET6VaLBE16dj2WcqcCaF6M1ORlaQh
+rT5bEhY8JUiDwRCFxVvg+cSYfZMxhs+T5y3AfHejXkk0g6Ehg8HNHeJh/g==
+-----END PUBLIC KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company3/cert.pem b/system-tests/helm/k8s_resources/resources/vault/company3/cert.pem
new file mode 100644
index 00000000..186769ec
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company3/cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAYegAwIBAgIUG2d0F834YBHPIdWYHFuvgNLg7IgwCgYIKoZIzj0EAwIw
+RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMjA3MDcxNTI4NDJaGA8yMTIxMDEy
+OTE1Mjg0MlowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf
+BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABE+lWiwRNenY9lnKnAmhejNTkZWkIa0+WxIWPCVIg8EQhcVb4PnE
+mH2TMYbPk+ctwHx3o15JNIOhIYPBzR3iYf6jUzBRMB0GA1UdDgQWBBQEP35StZ99
+DIqMHP/GOuB+0V5uJTAfBgNVHSMEGDAWgBQEP35StZ99DIqMHP/GOuB+0V5uJTAP
+BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIGTn2zfAEV1yM1F4lMOZ
+NjNdy0CQc30qPZfRiLxpYl7GAiBVny85ZLWuEmQl/tlLu7mqERVe90WCqOp8ZD1L
+n8+8Ug==
+-----END CERTIFICATE-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company3/company3-keystore.jks b/system-tests/helm/k8s_resources/resources/vault/company3/company3-keystore.jks
new file mode 100644
index 00000000..cc55c168
Binary files /dev/null and b/system-tests/helm/k8s_resources/resources/vault/company3/company3-keystore.jks differ
diff --git a/system-tests/helm/k8s_resources/resources/vault/company3/company3-vault.properties b/system-tests/helm/k8s_resources/resources/vault/company3/company3-vault.properties
new file mode 100644
index 00000000..6e05ace7
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company3/company3-vault.properties
@@ -0,0 +1,15 @@
+#
+#  Copyright (c) 2020, 2021 Microsoft Corporation
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+#  Contributors:
+#       Microsoft Corporation - initial API and implementation
+#
+#
+
+company3assets-key1=key3
diff --git a/system-tests/helm/k8s_resources/resources/vault/company3/private-key.pem b/system-tests/helm/k8s_resources/resources/vault/company3/private-key.pem
new file mode 100644
index 00000000..18683140
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company3/private-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMH5nIIP0d/AI1D1L6DpIscPL3EX5x5XHxrBnt2+TduzoAoGCCqGSM49
+AwEHoUQDQgAET6VaLBE16dj2WcqcCaF6M1ORlaQhrT5bEhY8JUiDwRCFxVvg+cSY
+fZMxhs+T5y3AfHejXkk0g6Ehg8HNHeJh/g==
+-----END EC PRIVATE KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/company3/public-key.pem b/system-tests/helm/k8s_resources/resources/vault/company3/public-key.pem
new file mode 100644
index 00000000..8085f609
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/company3/public-key.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET6VaLBE16dj2WcqcCaF6M1ORlaQh
+rT5bEhY8JUiDwRCFxVvg+cSYfZMxhs+T5y3AfHejXkk0g6Ehg8HNHeJh/g==
+-----END PUBLIC KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/gaia-x/private-key.pem b/system-tests/helm/k8s_resources/resources/vault/gaia-x/private-key.pem
new file mode 100644
index 00000000..b7a3f4fa
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/gaia-x/private-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIKYUFAhvU3jHPxNPssAVVSbSRLFmKhX6o4Je7KjOqZwOoAoGCCqGSM49
+AwEHoUQDQgAELqW8A9NJSN7d+eLM7JqnxDpTzosTNaM8SZYOJLP7vgAhO/yPPSUa
+cJHHzIAVZVfpVsHnsNTMY0bab7QzE1WeKw==
+-----END EC PRIVATE KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/gaia-x/public-key.pem b/system-tests/helm/k8s_resources/resources/vault/gaia-x/public-key.pem
new file mode 100644
index 00000000..1bd03fdf
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/gaia-x/public-key.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELqW8A9NJSN7d+eLM7JqnxDpTzosT
+NaM8SZYOJLP7vgAhO/yPPSUacJHHzIAVZVfpVsHnsNTMY0bab7QzE1WeKw==
+-----END PUBLIC KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/registration-service/private-key.pem b/system-tests/helm/k8s_resources/resources/vault/registration-service/private-key.pem
new file mode 100644
index 00000000..a60862e5
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/vault/registration-service/private-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIz7bDfNIDyw0FtHEpzUwPVUX0O8gPr2EY7XyQmOV0Z/oAoGCCqGSM49
+AwEHoUQDQgAE91+yrni6ZryoL4w4xIKOGo70L0ExEnSeGtgXzGTHBcP49nTKHFGn
+eRJ9LRC+/pLT45E4YsuDVibvrHl9FOfS4w==
+-----END EC PRIVATE KEY-----
diff --git a/system-tests/helm/k8s_resources/resources/vault/registration-service/registration-service-keystore.jks b/system-tests/helm/k8s_resources/resources/vault/registration-service/registration-service-keystore.jks
new file mode 100644
index 00000000..ef4171eb
Binary files /dev/null and b/system-tests/helm/k8s_resources/resources/vault/registration-service/registration-service-keystore.jks differ
diff --git a/system-tests/helm/k8s_resources/resources/vault/registration-service/registration-service-vault.properties b/system-tests/helm/k8s_resources/resources/vault/registration-service/registration-service-vault.properties
new file mode 100644
index 00000000..e69de29b
diff --git a/system-tests/helm/k8s_resources/resources/webdid/company1/did.json b/system-tests/helm/k8s_resources/resources/webdid/company1/did.json
new file mode 100644
index 00000000..11f84e1c
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/webdid/company1/did.json
@@ -0,0 +1,43 @@
+{
+  "id": "did:web:did-server:company1",
+  "@context": [
+    "https://www.w3.org/ns/did/v1",
+    {
+      "@base": "did:web:did-server:company1"
+    }
+  ],
+  "service": [
+    {
+      "id": "#identity-hub-url",
+      "type": "IdentityHub",
+      "serviceEndpoint": "http://company1:7171/api/identity/identity-hub"
+    },
+    {
+      "id": "#dsp-url",
+      "type": "DSPMessaging",
+      "serviceEndpoint": "http://company1:8282/api/dsp"
+    },
+    {
+      "id": "#self-description-url",
+      "type": "SelfDescription",
+      "serviceEndpoint": "http://company1:7171/api/identity/identity-hub/self-description"
+    }
+  ],
+  "verificationMethod": [
+    {
+      "id": "#my-key-1",
+      "controller": "",
+      "type": "EcdsaSecp256k1VerificationKey2019",
+      "publicKeyJwk": {
+        "kty": "EC",
+        "kid": "uIowOgviyWueDwC2SjwEPnqsBVQkhIN3m6B0Ajs6rlU",
+        "crv": "P-256",
+        "x": "T6VaLBE16dj2WcqcCaF6M1ORlaQhrT5bEhY8JUiDwRA",
+        "y": "hcVb4PnEmH2TMYbPk-ctwHx3o15JNIOhIYPBzR3iYf4"
+      }
+    }
+  ],
+  "authentication": [
+    "#my-key-1"
+  ]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/webdid/company2/did.json b/system-tests/helm/k8s_resources/resources/webdid/company2/did.json
new file mode 100644
index 00000000..c90f8893
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/webdid/company2/did.json
@@ -0,0 +1,43 @@
+{
+  "id": "did:web:did-server:company2",
+  "@context": [
+    "https://www.w3.org/ns/did/v1",
+    {
+      "@base": "did:web:did-server:company2"
+    }
+  ],
+  "service": [
+    {
+      "id": "#identity-hub-url",
+      "type": "IdentityHub",
+      "serviceEndpoint": "http://company2:7171/api/identity/identity-hub"
+    },
+    {
+      "id": "#dsp-url",
+      "type": "DSPMessaging",
+      "serviceEndpoint": "http://company2:8282/api/dsp"
+    },
+    {
+      "id": "#self-description-url",
+      "type": "SelfDescription",
+      "serviceEndpoint": "http://company2:7171/api/identity/identity-hub/self-description"
+    }
+  ],
+  "verificationMethod": [
+    {
+      "id": "#my-key-1",
+      "controller": "",
+      "type": "EcdsaSecp256k1VerificationKey2019",
+      "publicKeyJwk": {
+        "kty": "EC",
+        "kid": "uIowOgviyWueDwC2SjwEPnqsBVQkhIN3m6B0Ajs6rlU",
+        "crv": "P-256",
+        "x": "T6VaLBE16dj2WcqcCaF6M1ORlaQhrT5bEhY8JUiDwRA",
+        "y": "hcVb4PnEmH2TMYbPk-ctwHx3o15JNIOhIYPBzR3iYf4"
+      }
+    }
+  ],
+  "authentication": [
+    "#my-key-1"
+  ]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/webdid/company3/did.json b/system-tests/helm/k8s_resources/resources/webdid/company3/did.json
new file mode 100644
index 00000000..17ca97e5
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/webdid/company3/did.json
@@ -0,0 +1,43 @@
+{
+  "id": "did:web:did-server:company3",
+  "@context": [
+    "https://www.w3.org/ns/did/v1",
+    {
+      "@base": "did:web:did-server:company3"
+    }
+  ],
+  "service": [
+    {
+      "id": "#identity-hub-url",
+      "type": "IdentityHub",
+      "serviceEndpoint": "http://company3:7171/api/identity/identity-hub"
+    },
+    {
+      "id": "#dsp-url",
+      "type": "DSPMessaging",
+      "serviceEndpoint": "http://company3:8282/api/dsp"
+    },
+    {
+      "id": "#self-description-url",
+      "type": "SelfDescription",
+      "serviceEndpoint": "http://company3:7171/api/identity/identity-hub/self-description"
+    }
+  ],
+  "verificationMethod": [
+    {
+      "id": "#my-key-1",
+      "controller": "",
+      "type": "EcdsaSecp256k1VerificationKey2019",
+      "publicKeyJwk": {
+        "kty": "EC",
+        "kid": "uIowOgviyWueDwC2SjwEPnqsBVQkhIN3m6B0Ajs6rlU",
+        "crv": "P-256",
+        "x": "T6VaLBE16dj2WcqcCaF6M1ORlaQhrT5bEhY8JUiDwRA",
+        "y": "hcVb4PnEmH2TMYbPk-ctwHx3o15JNIOhIYPBzR3iYf4"
+      }
+    }
+  ],
+  "authentication": [
+    "#my-key-1"
+  ]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/webdid/gaia-x/did.json b/system-tests/helm/k8s_resources/resources/webdid/gaia-x/did.json
new file mode 100644
index 00000000..af4784d1
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/webdid/gaia-x/did.json
@@ -0,0 +1,25 @@
+{
+	"id": "did:web:did-server:gaiax",
+	"@context": [
+		"https://www.w3.org/ns/did/v1",
+		{
+			"@base": "did:web:did-server:gaiax"
+		}
+	],
+	"service": [],
+	"verificationMethod": [{
+		"id": "#my-key-1",
+		"controller": "",
+		"type": "EcdsaSecp256k1VerificationKey2019",
+		"publicKeyJwk": {
+			"kty": "EC",
+			"kid": "r2vpmYH0Kn1urn6lrzPCzE_bVP6f4X9wb7qTT-IJODI",
+			"crv": "P-256",
+			"x": "LqW8A9NJSN7d-eLM7JqnxDpTzosTNaM8SZYOJLP7vgA",
+			"y": "ITv8jz0lGnCRx8yAFWVX6VbB57DUzGNG2m-0MxNVnis"
+		}
+	}],
+	"authentication": [
+		"#my-key-1"
+	]
+}
\ No newline at end of file
diff --git a/system-tests/helm/k8s_resources/resources/webdid/registration-service/did.json b/system-tests/helm/k8s_resources/resources/webdid/registration-service/did.json
new file mode 100644
index 00000000..5e14ceae
--- /dev/null
+++ b/system-tests/helm/k8s_resources/resources/webdid/registration-service/did.json
@@ -0,0 +1,38 @@
+{
+  "id": "did:web:did-server:registration-service",
+  "@context": [
+    "https://www.w3.org/ns/did/v1",
+    {
+      "@base": "did:web:did-server:registration-service"
+    }
+  ],
+  "service": [
+    {
+      "id": "#registration-url",
+      "type": "RegistrationUrl",
+      "serviceEndpoint": "http://registration-service:8184/api/authority"
+    },
+    {
+      "id": "#self-description-url",
+      "type": "SelfDescription",
+      "serviceEndpoint": "http://registration-service:7171/api/identity/identity-hub/self-description"
+    }
+  ],
+  "verificationMethod": [
+    {
+      "id": "#my-key-1",
+      "controller": "",
+      "type": "EcdsaSecp256k1VerificationKey2019",
+      "publicKeyJwk": {
+        "kty": "EC",
+        "kid": "P4LiINnctgBg_ALr8eElNHQvxbUR6pZgfZunZWIr9pA",
+        "crv": "P-256",
+        "x": "91-yrni6ZryoL4w4xIKOGo70L0ExEnSeGtgXzGTHBcM",
+        "y": "-PZ0yhxRp3kSfS0Qvv6S0-OROGLLg1Ym76x5fRTn0uM"
+      }
+    }
+  ],
+  "authentication": [
+    "#my-key-1"
+  ]
+}
\ No newline at end of file
diff --git a/system-tests/helm/kind-cluster.yaml b/system-tests/helm/kind-cluster.yaml
new file mode 100644
index 00000000..ffe3d80a
--- /dev/null
+++ b/system-tests/helm/kind-cluster.yaml
@@ -0,0 +1,31 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+    # add a mount from /path/to/my/files on the host to /files on the node
+    labels:
+      ingress-ready: true
+    extraMounts:
+      - hostPath: ./k8s_resources/common-resources
+        containerPath: /var/lib/minikube/mvd-resources/common-resources
+      - hostPath: ./k8s_resources/resources
+        containerPath: /var/lib/minikube/mvd-resources/resources
+      - hostPath: ./k8s_resources/deployment
+        containerPath: /var/lib/minikube/mvd-resources/deployment
+    # add extraPortMappings and node-labels
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: TCP
+      - containerPort: 31000
+        hostPort: 31000
+        protocol: TCP
\ No newline at end of file
diff --git a/system-tests/helm/kind-run.sh b/system-tests/helm/kind-run.sh
new file mode 100755
index 00000000..56ec4437
--- /dev/null
+++ b/system-tests/helm/kind-run.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/bash
+
+echo "creating new cluster..."
+kind create cluster --config=kind-cluster.yaml
+
+echo "load the images..."
+kind load docker-image edc-connector-dashboard-company1:v0.2.0 edc-connector-dashboard-company2:v0.2.0 edc-connector-dashboard-company3:v0.2.0 edc-connector:v0.2.0 registration-service:v0.2.0 cli-tools:v0.2.0
+
+echo "apply ingress..."
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
+
+echo "wait until ingress is ready..."
+kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
diff --git a/system-tests/helm/run-mvd.sh b/system-tests/helm/run-mvd.sh
new file mode 100755
index 00000000..818a6074
--- /dev/null
+++ b/system-tests/helm/run-mvd.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/bash
+echo "installing azurite..."
+helm install azurite ./helm-charts/azurite
+
+echo "installing did-server..."
+helm install did-server ./helm-charts/did-server
+
+echo "installing registration-service..."
+helm install registration-service ./helm-charts/registration-service
+
+echo "installing company1..."
+helm install company1 --set nameOverride=company1,ports.debug.port=5005 ./helm-charts/company
+
+echo "installing company2..."
+helm install company2 --set nameOverride=company2,ports.debug.port=5006 ./helm-charts/company
+
+echo "installing company3..."
+helm install company3 --set nameOverride=company3,ports.debug.port=5007 ./helm-charts/company
+
+echo "installing newman..."
+helm install newman ./helm-charts/newman
+
+echo "installing cli-tools..."
+helm install cli-tools ./helm-charts/cli-tools
+
+echo "installing company1 data dashboard..."
+helm install company1-datadashboard --set nameOverride=company1-datadashboard,companyName=company1 ./helm-charts/company-dashboard
+
+echo "installing company2 data dashboard..."
+helm install company2-datadashboard --set nameOverride=company2-datadashboard,companyName=company2 ./helm-charts/company-dashboard
+
+echo "installing company3 data dashboard..."
+helm install company3-datadashboard --set nameOverride=company3-datadashboard,companyName=company3 ./helm-charts/company-dashboard