diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..fb2fff69b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,63 @@
+FROM ruby:3.2.2-alpine AS assets
+RUN addgroup app --gid 1000
+RUN adduser -SD -u 1000 --shell /bin/bash --home /home/app app app
+RUN chown -R app:app /usr/local/bundle
+COPY --chown=app:app . /home/app/et1
+ENV RAILS_ENV=production
+ENV HOME=/home/app
+ENV NODE_OPTIONS=--openssl-legacy-provider
+RUN apk add --no-cache libpq-dev tzdata gettext sudo shared-mime-info libc6-compat && \
+    apk add --no-cache --virtual .build-tools git build-base curl-dev nodejs yarn && \
+    cd /home/app/et1 && \
+    gem install bundler && \
+    bundle config set without 'test development' && \
+    bundle config set with 'assets production' && \
+    bundle config set deployment 'true' && \
+    bundle install --no-cache --jobs=5 --retry=3 && \
+    bundle exec rails assets:precompile SECRET_KEY_BASE=doesntmatter && \
+    chown -R app:app /usr/local/bundle && \
+    apk del .build-tools
+
+FROM ruby:3.2.2-alpine
+
+RUN addgroup app --gid 1000
+RUN adduser -SD -u 1000 --shell /bin/bash --home /home/app app app
+
+
+ARG APPVERSION=unknown
+ARG APP_BUILD_DATE=unknown
+ARG APP_GIT_COMMIT=unknown
+ARG APP_BUILD_TAG=unknown
+
+# Setting up ping.json variables
+ENV APPVERSION ${APPVERSION}
+ENV APP_BUILD_DATE ${APP_BUILD_DATE}
+ENV APP_GIT_COMMIT ${APP_GIT_COMMIT}
+ENV APP_BUILD_TAG ${APP_BUILD_TAG}
+
+EXPOSE 8080
+
+COPY --chown=app:app . /home/app/et1
+COPY --from=assets --chown=app:app /home/app/et1/public/packs /home/app/et1/public/packs
+COPY --from=assets --chown=app:app /home/app/et1/vendor/bundle /home/app/et1/vendor/bundle
+RUN chown -R app:app /usr/local/bundle
+RUN apk add --no-cache libpq-dev tzdata gettext sudo shared-mime-info curl-dev file bash libc6-compat && \
+    apk add --no-cache postgresql-client~=11.12 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.10/main && \
+    apk add --no-cache --virtual .build-tools git build-base && \
+    cd /home/app/et1 && \
+    gem install bundler foreman && \
+    bundle config set without 'test development' && \
+    bundle config set with 'production' && \
+    bundle config set deployment 'true' && \
+    bundle install --no-cache --jobs=5 --retry=3 && \
+    apk del .build-tools && \
+    chown -R app:app /usr/local/bundle && \
+    mkdir -p /home/app/et1/tmp && \
+    chown -R app:app /home/app/et1/tmp
+
+
+USER app
+ENV HOME /home/app
+WORKDIR /home/app/et1
+ENV RAILS_ENV=production
+CMD ["bundle", "exec", "iodine", "-port", "8080"]
diff --git a/README.md b/README.md
index 023fda35f..a83daa7e5 100644
--- a/README.md
+++ b/README.md
@@ -106,4 +106,4 @@ MAINTENANCE_ENABLED - Set to 'true' to enable maintenance page to be enabled
 Any of the environment variables below can be added if you want to customize from the defaults
 
 MAINTENANCE_ALLOWED_IPS
-MAINTENANCE_END - If added you will see "You will be able to use the service from " followed by this text.
+MAINTENANCE_END - If added you will see "You will be able to use the service from " followed by this text..
diff --git a/charts/et-pet-et1/Chart.yaml b/charts/et-pet-et1/Chart.yaml
index 850432823..6ddfea89c 100644
--- a/charts/et-pet-et1/Chart.yaml
+++ b/charts/et-pet-et1/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: "1.0"
 description: A Helm chart for et-pet et1 application
 name: et-pet-et1
 home: https://github.com/hmcts/et-pet-et1
-version: 0.0.6
+version: 0.0.7
 dependencies:
   - name: base
     version: 0.2.7
diff --git a/charts/et-pet-et1/values.yaml b/charts/et-pet-et1/values.yaml
index b365786e7..3261a5b5c 100644
--- a/charts/et-pet-et1/values.yaml
+++ b/charts/et-pet-et1/values.yaml
@@ -5,69 +5,9 @@ base:
   startupPath: /apply/ping.json
   image: "hmctspublic.azurecr.io/et-pet/et1:latest"
   ingressHost: et-pet-et1.{{ .Values.global.environment }}.platform.hmcts.net
-  aadIdentityName: et1-pet
+  aadIdentityName: et-pet
   environment:
-    DB_HOST:
-      secretKeyRef: "et1-postgres-host"
-      key: "et1-postgres-host"
-      disable: false
-    DB_PORT:
-      secretKeyRef: "et1-postgres-port"
-      key: "et1-postgres-port"
-      disable: false
-    DB_USERNAME:
-      secretKeyRef: "et1-postgres-user"
-      key: "et1-postgres-user"
-      disable: false
-    DB_NAME:
-      secretKeyRef: "et1-postgres-database"
-      key: "et1-postgres-database"
-      disable: false
     RAILS_ENV: production
-    GOOGLE_ANALYTICS_ID:
-      secretRef: "et1-google-analytics-id"
-      key: "et1-google-analytics-id"
-      disabled: false
-    SECRET_KEY_BASE:
-      secretRef: "et1-secret-key-base"
-      key: "et1-secret-key-base"
-      disabled: false
-    SECRET_KEY_TOKEN:
-      secretRef: "et1-secret-key-token"
-      key: "et1-secret-key-token"
-      disabled: false
-    ZENDESK_GROUP_ID:
-      secretRef: "et1-zendesk-group-id"
-      key: "et1-zendesk-group-id"
-      disabled: false
-    ZENDESK_TOKEN:
-      secretRef: "et1-zendesk-token"
-      key: "et1-zendesk-token"
-      disabled: false
-    ZENDESK_URL:
-      secretRef: "et1-zendesk-url"
-      key: "et1-zendesk-url"
-      disabled: false
-    ZENDESK_USER:
-      secretRef: "et1-zendesk-user"
-      key: "et1-zendesk-user"
-      disabled: false
-    SMTP_USERNAME:
-      secretRef: "sendgrid-username"
-      key: "sendgrid-username"
-      disabled: false
-    SMTP_PASSWORD:
-      secretRef: "sendgrid-password"
-      key: "sendgrid-password"
-      disabled: false
-    RAVEN_DSN:
-      secretRef: "et1-raven-dsn"
-      key: "et1-raven-dsn"
-      disabled: false
-    GOVUK_NOTIFY_API_KEY_LIVE:
-      secretRef: "govuk-notify-api-key"
-      key: "govuk-notify-api-key"
-      disabled: false
     RAILS_LOG_TO_STDOUT: true
     ABSOLUTE_HOST: "http://et-dev-azure.dev.et.dsd.io"
     REMOVE_ASSET_HOST: "https://bbea327e42bedevet1.blob.core.windows.net/"
@@ -82,9 +22,40 @@ base:
     SMTP_HOSTNAME: "smtp.sendgrid.net"
     SMTP_PORT: 587
     DOCKER_STATE: "migrate"
-    GTM_ACCOUNT:
-      secretRef: "et1-gtm-account"
-      key: "et1-gtm-account"
-      disabled: false
     SERVICE_NOW_EMAIL: "DCD-ETOnlineServiceDesk@HMCTS.NET"
     AZURE_APP_INSIGHTS_ROLE_NAME: "ET1"
+  keyVaults:
+    et-pet:
+      secrets:
+        - name: et1-postgres-host
+          alias: DB_HOST
+        - name: et1-postgres-port
+          alias: DB_PORT
+        - name: et1-postgres-user
+          alias: DB_USERNAME
+        - name: et1-postgres-database
+          alias: DB_NAME
+        - name: et1-google-analytics-id
+          alias: GOOGLE_ANALYTICS_ID
+        - name: et1-secret-key-base
+          alias: SECRET_KEY_BASE
+        - name: et1-secret-key-token
+          alias: SECRET_KEY_TOKEN
+        - name: et1-zendesk-group-id
+          alias: ZENDESK_GROUP_ID
+        - name: et1-zendesk-token
+          alias: ZENDESK_TOKEN
+        - name: et1-zendesk-url
+          alias: ZENDESK_URL
+        - name: et1-zendesk-user
+          alias: ZENDESK_USER
+        - name: sendgrid-username
+          alias: SMTP_USERNAME
+        - name: sendgrid-password
+          alias: SMTP_PASSWORD
+        - name: et1-raven-dsn
+          alias: RAVEN_DSN
+        - name: govuk-notify-api-key
+          alias: GOVUK_NOTIFY_API_KEY_LIVE
+        - name: et1-gtm-account
+          alias: GTM_ACCOUNT