diff --git a/kubernetes/a1policymanagement/requirements.yaml b/kubernetes/a1policymanagement/requirements.yaml
index e570cb0..1872e91 100644
--- a/kubernetes/a1policymanagement/requirements.yaml
+++ b/kubernetes/a1policymanagement/requirements.yaml
@@ -18,6 +18,9 @@
   - name: common
     version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml
new file mode 100644
index 0000000..37754ca
--- /dev/null
+++ b/kubernetes/a1policymanagement/resources/config/application.yaml
@@ -0,0 +1,74 @@
+{{/*
+#
+# ============LICENSE_START=======================================================
+# ONAP : ccsdk oran
+# ================================================================================
+# Copyright (C) 2020 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021 Orange. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+*/}}
+spring:
+  profiles:
+    active: prod
+  main:
+    allow-bean-definition-overriding: true
+  aop:
+    auto: false
+management:
+  endpoints:
+    web:
+      exposure:
+        # Enabling of springboot actuator features. See springboot documentation.
+        include: "loggers,logfile,health,info,metrics,threaddump,heapdump"
+
+logging:
+  # Configuration of logging
+  level:
+    ROOT: DEBUG
+    org.springframework: DEBUG
+    org.springframework.data: DEBUG
+    org.springframework.web.reactive.function.client.ExchangeFunctions: DEBUG
+    org.onap.ccsdk.oran.a1policymanagementservice: DEBUG
+  file:
+    name: /var/log/policy-agent/application.log
+server:
+  # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
+  # See springboot documentation.
+  port: 8433
+  http-port: 8081
+  ssl:
+    key-store-type: PKCS12
+    key-store-password: ${KEYSTORE_PASSWORD}
+    key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+    key-password: ${KEYSTORE_PASSWORD}
+    key-alias: {{ .Values.certInitializer.fqi }}
+app:
+  # Location of the component configuration file. The file will only be used if the Consul database is not used;
+  # configuration from the Consul will override the file.
+  filepath: /opt/app/policy-agent/data/application_configuration.json
+  webclient:
+    # Configuration of the trust store used for the HTTP client (outgoing requests)
+    # The file location and the password for the truststore is only relevant if trust-store-used == true
+    # Note that the same keystore as for the server is used.
+    trust-store-used: false
+    trust-store-password: ${TRUSTSORE_PASSWORD}
+    trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+    # Configuration of usage of HTTP Proxy for the southbound accesses.
+    # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
+    http.proxy-host:
+    http.proxy-port: 0
diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml
index ce2e273..43431f0 100644
--- a/kubernetes/a1policymanagement/templates/deployment.yaml
+++ b/kubernetes/a1policymanagement/templates/deployment.yaml
@@ -27,7 +27,7 @@
     metadata:
       labels: {{- include "common.labels" . | nindent 8 }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-bootstrap-config
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -35,13 +35,22 @@
         - sh
         args:
         - -c
-        - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; chmod o+w /config/${PFILE}; done"
+        - |
+          export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
+            | xargs -0)
+          cd /config-input
+          for PFILE in `ls -1`
+          do
+            envsubst <${PFILE} >/config/${PFILE}
+            chmod o+w /config/${PFILE}
+          done
+          cat /config/application.yaml
         env:
         - name: A1CONTROLLER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
         - name: A1CONTROLLER_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
-        volumeMounts:
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         - mountPath: /config-input
           name: {{ include "common.fullname" . }}-policy-conf-input
         - mountPath: /config
@@ -86,11 +95,15 @@
             scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
-        volumeMounts:
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
         - name: config
-          mountPath: /opt/app/policy-agent/data
+          mountPath: /opt/app/policy-agent/data/application_configuration.json
+          subPath: application_configuration.json
+        - name: config
+          mountPath: /opt/app/policy-agent/config/application.yaml
+          subPath: application.yaml
         resources: {{ include "common.resources" . | nindent 10 }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: {{ include "common.fullname" . }}-policy-conf-input
           configMap:
             name: {{ include "common.fullname" . }}-policy-conf
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index a1602c5..e118b35 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -29,6 +29,44 @@
     password: '{{ .Values.a1controller.password }}'
     passwordPolicy: required
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: a1p-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: a1p
+  fqi: a1p@a1p.onap.org
+  public_fqdn: a1p.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  fqi_namespace: org.onap.a1p
+  aaf_add_config: |
+    echo "*** changing them into shell safe ones"
+    export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    cd {{ .Values.credsPath }}
+    keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+      -storepass "${cadi_keystore_password_p12}" \
+      -keystore {{ .Values.fqi_namespace }}.p12
+    keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+      -storepass "${cadi_truststore_password}" \
+      -keystore {{ .Values.fqi_namespace }}.trust.jks
+    echo "*** set key password as same password as keystore password"
+    keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
+      -keystore {{ .Values.fqi_namespace }}.p12 \
+      -keypass "${cadi_keystore_password_p12}" \
+      -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
+    echo "*** save the generated passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+    echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 1000 .
+
 image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
 userID: 1000 #Should match with image-defined user ID
 groupID: 999 #Should match with image-defined group ID
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 88f2ffc..8f18203 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -1,6 +1,7 @@
+a1p@a1p.onap.org|a1p|local|/opt/app/osaaf/local||mailto:|org.onap.a1p|root|30|{'a1policymanagement.onap', 'a1policymanagement', 'a1policymanagement.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12'}
 aaf@aaf.osaaf.org|aaf-hello|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf-hello', 'aaf-hello.api.simpledemo.onap.org', 'aaf-hello.onap', 'aaf.osaaf.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf', 'aaf.api.simpledemo.onap.org', 'aaf.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file'}
+aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'file'}
 aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
 aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
@@ -46,7 +47,7 @@
 policy@policy.onap.org|policy_onap|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|30|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-distribution', 'policy-distribution.onap', 'policy.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
 pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
 portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'script'}
+sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 sdc@sdc.onap.org|sdc|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 sdc@sdc.onap.org|sdc.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 sdnc-cds@sdnc-cds.onap.org|sdnc-cds|local|/opt/app/osaaf/local||mailto:|org.onap.sdnc-cds|root|30|{'c1.vm1.sdnc-cds.simpledemo.onap', 'c2.vm1.sdnc-cds.simpledemo.onap', 'c3.vm1.sdnc-cds.simpledemo.onap', 'c4.vm1.sdnc-cds.simpledemo.onap', 'onap-sdnc-cds', 'onap-sdnc-cds.onap', 'sdnc-cds', 'sdnc-cds.api.simpledemo.onap.org', 'sdnc-cds.onap', 'vm1.sdnc-cds.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'}
@@ -57,8 +58,8 @@
 so@so.onap.org|bpmn-infra|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'bpmn-infra', 'bpmn-infra.onap'}|mmanager@osaaf.org|{'pkcs12'}
 so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
 so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
-so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'script'}
-so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'script'}
+so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
+so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
 so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
 so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
index 5d3cff0..bcbffdc 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
@@ -1,5 +1,6 @@
 portal@portal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.portal|53344||
 shi@shi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.shi|53344||
+a1p@a1p.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.a1p|53344||
 aaf@aaf.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.aaf|53344||
 aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344||
 clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344||
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
index 4b303a1..7c5ee26 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
@@ -1,3 +1,4 @@
+org.onap.a1p||org.onap||3
 org.onap.aaf-sms||org.onap||3
 org.onap.aai||org.onap||3
 org.onap.aai-resources||org.onap||3
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
index ad64129..281133b 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
@@ -1,6 +1,9 @@
 org|access|*|*|Org Write Access|{'org.admin'}
 org|access|*|read,approve|Org Read Access|{'org.owner'}
 org|access|*|read|Org Read Access|{'org.owner'}
+org.onap.a1p|access|*|*|AAF Namespace Write Access|"{'org.onap.a1p|admin', 'org.onap.a1p|service'}"
+org.onap.a1p|access|*|read|AAF Namespace Read Access|"{'org.onap.a1p|owner'}"
+org.onap.a1p|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
 org.onap.aaf-sms|access|*|*|AAF Namespace Write Access|"{'org.onap.aaf-sms|admin'}"
 org.onap.aaf-sms|access|*|read|AAF Namespace Read Access|"{'org.onap.aaf-sms|owner'}"
 org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
index 0937ab6..87a2274 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
@@ -1,4 +1,7 @@
 org|admin|Org Admins|"{'org.access|*|*'}"
+org.onap.a1p|admin|AAF Namespace Administrators|"{'org.onap.a1p|access|*|*'}"
+org.onap.a1p|owner|AAF Namespace Owners|"{'org.onap.a1p|access|*|read'}"
+org.onap.a1p|service||"{'org.onap.a1p|access|*|*'}"
 org.onap.aaf-sms|admin|AAF Namespace Administrators|"{'org.onap.aaf-sms|access|*|*'}"
 org.onap.aaf-sms|owner|AAF Namespace Owners|"{'org.onap.aaf-sms|access|*|read'}"
 org.onap.aaf-sms|service||"{'org.onap.aaf-sms|access|*|read'}"
@@ -320,7 +323,7 @@
 org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
 org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
 org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
 org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
 org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
 org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
index 20f7bdd..b849f8c 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
@@ -1,3 +1,5 @@
+mmanager@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin
+mmanager@people.osaaf.org|org.onap.a1p.owner|2020-11-26 12:31:54.000+0000|org.onap.a1p|owner
 mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
 mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|owner
 mmanager@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
@@ -192,6 +194,7 @@
 gv0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
 pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
 ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
+aaf_admin@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin
 aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
 aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
 aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin
@@ -255,6 +258,7 @@
 aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|service
 aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin
 osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin
+a1p@a1p.onap.org|org.onap.a1p.service|2020-11-26 12:31:54.000+0000|org.onap.a1p|service
 aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|service
 aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
 aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat
index 0cc492b..1b3f15d 100644
--- a/kubernetes/aaf/resources/data/identities.dat
+++ b/kubernetes/aaf/resources/data/identities.dat
@@ -48,6 +48,7 @@
 portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager
 
 # ONAP App IDs
+a1p|A1 Policy Mangement|A1P|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
 aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
 aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
 clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index 85b1838..c521fb8 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -68,7 +68,7 @@
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/cli:6.0.0
+image: onap/cli:6.0.1
 pullPolicy: Always
 flavor: small
 
diff --git a/kubernetes/common/certInitializer/resources/retrieval_check.sh b/kubernetes/common/certInitializer/resources/retrieval_check.sh
new file mode 100644
index 0000000..f3af14b
--- /dev/null
+++ b/kubernetes/common/certInitializer/resources/retrieval_check.sh
@@ -0,0 +1,26 @@
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+#!/bin/sh
+
+echo "*** retrieving passwords for certificates"
+export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+  {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+if [ -z "${{ .Values.envVarToCheck }}" ]
+then
+  echo " /!\ certificates retrieval failed"
+  exit 1
+fi
+echo "*** password retrieval succeeded"
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 5a8e84c..a46400b 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -55,6 +55,9 @@
   - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64
     name: aaf-agent-certs
     subPath: truststoreONAP.p12.b64
+  - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+    mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
+    subPath: retrieval_check.sh
 {{-     if $initRoot.aaf_add_config }}
   - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
     mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
@@ -66,6 +69,7 @@
     - |
       #!/usr/bin/env bash
       /opt/app/aaf_config/bin/agent.sh
+      source /opt/app/aaf_config/bin/retrieval_check.sh
 {{-     if $initRoot.aaf_add_config }}
       /opt/app/aaf_config/bin/aaf-add-config.sh
 {{-     end }}
@@ -174,13 +178,10 @@
   configMap:
     name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
     defaultMode: 0700
-
-{{-     if $initRoot.aaf_add_config }}
 - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
   configMap:
     name: {{ include "common.fullname" $subchartDot }}-add-config
     defaultMode: 0700
-{{-     end -}}
 {{-     if $dot.Values.global.importCustomCertsEnabled }}
 - name: updated-truststore
   emptyDir: {}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index 7eae899..1e9254a 100644
--- a/kubernetes/common/certInitializer/templates/configmap.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -14,12 +14,13 @@
 # limitations under the License.
 */}}
 
-{{ if .Values.aaf_add_config }}
 apiVersion: v1
 kind: ConfigMap
 {{- $suffix := "add-config" }}
 metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
 data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+{{ if .Values.aaf_add_config }}
   aaf-add-config.sh: |
     {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
 {{- end }}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index e7a0a3f..52b2765 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -54,6 +54,7 @@
 truststoreMountpath: ""
 truststoreOutputFileName: truststore.jks
 truststorePassword: changeit
+envVarToCheck: cadi_keystore_password_p12
 
 # This introduces implicit dependency on cert-wrapper
 # if you are using cert initializer cert-wrapper has to be also deployed.
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 158c0e9..7b9c150 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -66,7 +66,7 @@
 
 # application image
 repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:8.0.0
+image: onap/externalapi/nbi:8.0.1
 pullPolicy: IfNotPresent
 sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
 aai_authorization: Basic QUFJOkFBSQ==
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 5a4d204..802722f 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -386,7 +386,7 @@
     # handles master and data node functionality
     dedicatednode: "no"
     nameOverride: *elasticSearchName
-    cluster_name: *elasticSearchName
+    cluster_name: sdnrdb-cluster
 # enable
 sdnc-web:
   enabled: true
diff --git a/tox.ini b/tox.ini
index 7c7060f..fb6aca0 100644
--- a/tox.ini
+++ b/tox.ini
@@ -43,3 +43,14 @@
 commands =
   gitlint
 
+[testenv:autopep8]
+deps = autopep8
+commands =
+    autopep8 --max-line-length 120 --in-place --recursive kubernetes/ TOSCA/ docs/
+
+[testenv:pylint]
+deps = pylint
+whitelist_externals = find
+commands =
+    find kubernetes/ TOSCA/ docs/ -name *.py -exec pylint --max-line-length=120 --disable=missing-docstring --method-rgx="(([a-z_][a-zA-Z0-9_]{2,})|(_[a-z0-9_]*)|(__[a-zA-Z][a-zA-Z0-9_]+__))$" --variable-rgx="[a-zA-Z_][a-zA-Z0-9_]{1,30}$" --reports=y --score=y  --output-format=colorized  \{\} +
+