diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dc6bfe..96effa5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,12 +2,22 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances.
 
+## [4.0.0-alpha.2](https://github.com/eclipse-tractusx/portal-iam/compare/v4.0.0-alpha.1...v4.0.0-alpha.2) (2024-10-21)
+
+### Bug Fixes
+
+* **centralidp:** fix seeding of extra service accounts ([#209](https://github.com/eclipse-tractusx/portal-iam/issues/209)) ([225a37f](https://github.com/eclipse-tractusx/portal-iam/commit/225a37f190841222148f7a167ed5ab9faab72444))
+
+### Miscellaneous Chores
+
+* release 4.0.0-alpha.2 ([1fa8496](https://github.com/eclipse-tractusx/portal-iam/commit/1fa849663ea4bd054cf0fa5bd3c26296c3d8fc8b))
+
 ## [4.0.0-alpha.1](https://github.com/eclipse-tractusx/portal-iam/compare/v3.0.1...v4.0.0-alpha.1) (2024-10-11)
 
 
 ### ⚠ BREAKING CHANGES
 
-* **seeding-job:** enable realm import with dynamic config ([#141](https://github.com/eclipse-tractusx/portal-iam/issues/141))
+* **seeding-job:** enable seeding job for realm import and upgrade with dynamic configuration of redirect urls, client secrets, etc. for centralidp and sharedidp - previously only used for upgrading the CX-Central realm configuration for centralidp
 
 ### Features
 
@@ -17,6 +27,10 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
 * **osp:** remove create role and assign configure role to cx admin ([#199](https://github.com/eclipse-tractusx/portal-iam/issues/199)) ([19eca8e](https://github.com/eclipse-tractusx/portal-iam/commit/19eca8e6adaf24b2ab93c9b0c0fc268e8bfefad7))
 * **roles:** add subscribe_service permission to Business Admin ([#173](https://github.com/eclipse-tractusx/portal-iam/issues/173)) ([417cd94](https://github.com/eclipse-tractusx/portal-iam/commit/417cd946539b215a8c571d7de62825472ef9a501)), closes [#172](https://github.com/eclipse-tractusx/portal-iam/issues/172)
 * **seeding-job:** enable realm import with dynamic config ([#141](https://github.com/eclipse-tractusx/portal-iam/issues/141)) ([5ed14ce](https://github.com/eclipse-tractusx/portal-iam/commit/5ed14ce23fc2c7d19e97f301cb5bb4d5fcb7361d))
+* **bpdm:** consolidate description of [new service accounts](https://github.com/eclipse-tractusx/portal-iam/pull/155) in centralidp ([5ed14ce](https://github.com/eclipse-tractusx/portal-iam/commit/5ed14ce23fc2c7d19e97f301cb5bb4d5fcb7361d))
+* improve secret handling and remove obsolete secrets ([5ed14ce](https://github.com/eclipse-tractusx/portal-iam/commit/5ed14ce23fc2c7d19e97f301cb5bb4d5fcb7361d))
+* move to standalone architecture for database dependency ([5ed14ce](https://github.com/eclipse-tractusx/portal-iam/commit/5ed14ce23fc2c7d19e97f301cb5bb4d5fcb7361d))
+* set default replica count to 1 ([5ed14ce](https://github.com/eclipse-tractusx/portal-iam/commit/5ed14ce23fc2c7d19e97f301cb5bb4d5fcb7361d))
 * **tech user:** add new operator invite tech user ([#189](https://github.com/eclipse-tractusx/portal-iam/issues/189)) ([3018805](https://github.com/eclipse-tractusx/portal-iam/commit/3018805f77913926061af13bb5b35cbb98835c6e))
 
 ### Bug Fixes
diff --git a/charts/centralidp/Chart.yaml b/charts/centralidp/Chart.yaml
index 83e917c..5920cf4 100644
--- a/charts/centralidp/Chart.yaml
+++ b/charts/centralidp/Chart.yaml
@@ -20,7 +20,7 @@
 apiVersion: v2
 name: centralidp
 type: application
-version: 4.0.0-alpha.1
+version: 4.0.0-alpha.2
 appVersion: 23.0.7
 description: Helm chart for Central Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam
diff --git a/charts/centralidp/README.md b/charts/centralidp/README.md
index 8c0aea7..62e8cf0 100644
--- a/charts/centralidp/README.md
+++ b/charts/centralidp/README.md
@@ -1,6 +1,6 @@
 # Helm chart for Central Keycloak Instance
 
-![Version: 4.0.0-alpha.1](https://img.shields.io/badge/Version-4.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
+![Version: 4.0.0-alpha.2](https://img.shields.io/badge/Version-4.0.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Central Keycloak Instance.
 
@@ -29,7 +29,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: centralidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 4.0.0-alpha.1
+    version: 4.0.0-alpha.2
 ```
 
 ## Requirements
@@ -54,7 +54,7 @@ dependencies:
 | keycloak.extraVolumeMounts[0].name | string | `"themes"` |  |
 | keycloak.extraVolumeMounts[0].mountPath | string | `"/opt/bitnami/keycloak/themes/catenax-central"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-alpha.1"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-alpha.2"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -92,7 +92,7 @@ dependencies:
 | keycloak.externalDatabase.existingSecretUserKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` |  |
-| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-alpha.1","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-alpha.1","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"600M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"600M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
+| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-alpha.1","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-alpha.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
 | realmSeeding.clients | object | `{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}}` | Set redirect addresses and - in the case of confidential clients - clients secrets for clients which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. |
 | realmSeeding.clients.existingSecret | string | `""` | Option to provide an existingSecret for the clients with clientId as key and clientSecret as value. |
 | realmSeeding.serviceAccounts | object | `{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""}` | Client secrets for service accounts which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. |
@@ -101,7 +101,7 @@ dependencies:
 | realmSeeding.sharedidp | string | `"https://sharedidp.example.org"` | Set sharedidp address to enable the identity provider connection to CX-Operator realm. |
 | realmSeeding.extraServiceAccounts | object | `{"clientSecretsAndBpn":[],"existingSecret":""}` | Set client secrets and bpn user attribute for additional service accounts; meant to enable possible test data, default value for client secrets is autogenerated. |
 | realmSeeding.extraServiceAccounts.existingSecret | string | `""` | Option to provide an existingSecret for additional service accounts with clientId as key and clientSecret as value. |
-| realmSeeding.resources | object | `{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"600M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"600M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
+| realmSeeding.resources | object | `{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 
 Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
 
diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml
index 03b2f39..9eaa7d4 100644
--- a/charts/centralidp/values.yaml
+++ b/charts/centralidp/values.yaml
@@ -43,7 +43,7 @@ keycloak:
       mountPath: /opt/bitnami/keycloak/themes/catenax-central
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v4.0.0-alpha.1
+      image: docker.io/tractusx/portal-iam:v4.0.0-alpha.2
       imagePullPolicy: IfNotPresent
       command:
         - sh
@@ -234,7 +234,7 @@ realmSeeding:
     pullPolicy: IfNotPresent
   initContainer:
     image:
-      name: docker.io/tractusx/portal-iam:v4.0.0-alpha.1
+      name: docker.io/tractusx/portal-iam:v4.0.0-alpha.2
       pullPolicy: IfNotPresent
   portContainer: 8080
   keycloakServicePort: 80
diff --git a/environments/argocd-app-templates/centralidp/appsetup-int.yaml b/environments/argocd-app-templates/centralidp/appsetup-int.yaml
index 64c95f7..0070d03 100644
--- a/environments/argocd-app-templates/centralidp/appsetup-int.yaml
+++ b/environments/argocd-app-templates/centralidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v4.0.0-alpha.1
+    targetRevision: v4.0.0-alpha.2
     plugin:
       env:
         - name: AVP_SECRET
diff --git a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
index f5fa228..a3667f5 100644
--- a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
+++ b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v4.0.0-alpha.1
+    targetRevision: v4.0.0-alpha.2
     plugin:
       env:
         - name: AVP_SECRET