diff --git a/apps/prod-sorcerer.yaml b/apps/prod-sorcerer.yaml
index 8dc712bf..cab87c45 100644
--- a/apps/prod-sorcerer.yaml
+++ b/apps/prod-sorcerer.yaml
@@ -3,29 +3,52 @@ kind: Application
 metadata:
   name: prod-sorcerer
   namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: prod-sorcerer
-    spec:
-      project: atlantis
-      destination:
-        namespace: sorcerer
-        server: https://10.255.241.99:4443
-      sources:
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: main
-        path: values/sorcerer
-        plugin:
-          name: kustomize-helm-with-rewrite
-          parameters:
-          - name: env
-            string: prod
-          - name: hostname
-            string: sorcerer.data.oceanbox.io
-  templatePatch: |
-    spec:
-      syncPolicy:
-        automated:
-          prune: true
-          selfHeal: false
+  destination:
+    namespace: prod-sorcerer
+    server: https://10.255.241.99:4443
+  project: atlantis
+  sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    ref: values
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    path: values/sorcerer
+    plugin:
+      name: kustomize-helm-with-rewrite
+      parameters:
+      - name: env
+        string: prod
+      - name: hostname
+        string: sorcerer.data.oceanbox.io
+  - repoURL: https://charts.bitnami.com/bitnami
+    targetRevision: 20.1.7
+    chart: redis
+    helm:
+      valueFiles:
+      - $values/values/sorcerer/prod/redis.yaml
+  ignoreDifferences:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-atlantis-rabbitmq
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    # automated:
+    #   prune: true
+    #   selfHeal: false
diff --git a/values/sorcerer/prod/appsettings.json b/values/sorcerer/prod/appsettings.json
index 44c6815d..25e9e5c4 100644
--- a/values/sorcerer/prod/appsettings.json
+++ b/values/sorcerer/prod/appsettings.json
@@ -1,11 +1,12 @@
 {
     "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
+        "issuer": "https://auth.oceanbox.io/realms/oceanbox",
+        "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth",
+        "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token",
+        "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs",
+        "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo",
+        "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout",
+        "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device",
         "clientId": "sorcerer",
         "clientSecret": "",
         "scopes": [
@@ -24,33 +25,43 @@
     "sso": {
         "cookieDomain": ".oceanbox.io",
         "cookieName": ".obx.prod",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
+        "signedOutRedirectUri": "https://maps.oceanbox.io",
         "realm": "atlantis",
         "environment": "prod",
-        "keyStore": "azure",
-        "certStore": "https://atlantis.blob.core.windows.net",
-        "dataProtectionKeys": "https://atlantisvault.vault.azure.net/keys/dataprotection"
+        "keyStore": {
+            "kind": "azure",
+            "uri": "https://atlantis.blob.core.windows.net",
+            "key": "dataprotection-keys"
+        },
+        "keyVault": {
+            "kind": "azure",
+            "uri": "https://atlantisvault.vault.azure.net",
+            "key": "dataencryption-keys"
+        }
     },
     "plainAuthUsers": [],
     "fga": {
       "apiUrl": "https://openfga.srv.oceanbox.io",
       "apiKey": "",
-      "storeId": "01J6C1NBX36E1B928HFSB123XQ",
-      "modelId": "01JHMSEB0WJGHGNAZ47NVW8Z3A"
+      "storeId": "01JH65JAW80D06GYBN7A8TBZRG",
+      "modelId": ""
     },
     "redis": "localhost:6379,user=default,password=secret",
     "allowedOrigins": [
         "http://localhost:8085",
         "http://localhost:8080",
         "https://localhost:8080",
+        "https://sorcerer.data.oceanbox.io",
+        "https://sorcerer.ekman.oceanbox.io",
         "https://sorcerer.local.oceanbox.io:8080",
         "https://atlantis.local.oceanbox.io:8080",
         "https://maps.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io",
+        "https://maps.beta.oceanbox.io",
+        "https://atlantis.beta.oceanbox.io",
         "https://jonas-atlantis.dev.oceanbox.io",
         "https://stig-atlantis.dev.oceanbox.io",
-        "https://sorcerer.data.oceanbox.io",
-        "http://sorcerer.data.oceanbox.io"
+        "https://prod-sorcerer.ekman.oceanbox.io",
+        "http://prod-sorcerer.ekman.oceanbox.io"
     ],
     "appName": "sorcerer",
     "appEnv": "prod",
@@ -59,6 +70,5 @@
     "otelCollector": "http://10.255.241.12:4317",
     "archiveSvc": "https://maps.oceanbox.io",
     "dataDir": "/data/archives",
-    "cacheDir": "/data/archives/cache",
-    "authDomain": "prod"
+    "cacheDir": "/data/archives/cache"
 }
diff --git a/values/sorcerer/prod/tracing.yaml b/values/sorcerer/prod/tracing.yaml
index e76aa937..4c4c318c 100644
--- a/values/sorcerer/prod/tracing.yaml
+++ b/values/sorcerer/prod/tracing.yaml
@@ -8,4 +8,4 @@ spec:
     otel:
       endpointAddress: "10.255.241.12:4317"
       protocol: grpc
-      isSecure: false
\ No newline at end of file
+      isSecure: false
diff --git a/values/sorcerer/values-prod.yaml b/values/sorcerer/values-prod.yaml
index 1dbb091c..af6339f5 100644
--- a/values/sorcerer/values-prod.yaml
+++ b/values/sorcerer/values-prod.yaml
@@ -1,7 +1,7 @@
 replicaCount: 1
 
 image:
-  tag: latest
+  tag: v4.16.3
 
 podAnnotations:
   dapr.io/enabled: "true"
@@ -18,7 +18,7 @@ podAnnotations:
 
 env:
   - name: APP_VERSION
-    value: "0.0.0"
+    value: "4.16.3"
   - name: LOG_LEVEL
     value: "2"
   - name: REDIS_USER
@@ -26,7 +26,7 @@ env:
   - name: REDIS_PASSWORD
     valueFrom:
       secretKeyRef:
-        name: prod-redis
+        name: prod-sorcerer-redis
         key: redis-password
   - name: DAPR_API_TOKEN
     valueFrom:
@@ -42,7 +42,6 @@ ingress:
     nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity"
     nginx.ingress.kubernetes.io/session-cookie-expires: "86400"
     nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
-    atlantis.oceanbox.io/expose: internal
   hosts:
     - host: sorcerer.data.oceanbox.io
       paths: