From 698eea0bd631d34d8941e64d3352aecbd1ba249e Mon Sep 17 00:00:00 2001
From: Simone infante <52280205+infantesimone@users.noreply.github.com>
Date: Wed, 4 Dec 2024 18:24:09 +0100
Subject: [PATCH 1/5] feat(helpdesk-ecommerce): PPABV-76 update openapi with
 range search for helpdesk ecommerce (#2615)

* feat: update openapi with range search

* chore(openapi): refactoring for time range
---
 .../v1/_openapi.json.tpl                      | 55 ++++++++++++++++++-
 1 file changed, 53 insertions(+), 2 deletions(-)

diff --git a/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl b/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl
index 857777b72..a877bfa64 100644
--- a/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl
+++ b/src/domains/ecommerce-app/api/ecommerce-helpdesk-api/v1/_openapi.json.tpl
@@ -1060,6 +1060,40 @@
         ],
         "description": "Product from which transaction belongs"
       },
+      "SearchTransactionRequestDateTimeRange": {
+        "type": "object",
+        "description": "Search transaction by date and time range",
+        "properties": {
+          "type": {
+            "type": "string",
+            "default": "DATE_TIME_RANGE",
+            "example": "DATE_TIME_RANGE"
+          },
+          "timeRange": {
+            "type": "object",
+            "properties": {
+              "startDate": {
+                "type": "string",
+                "format": "date-time",
+                "description": "Search start date"
+              },
+              "endDate": {
+                "type": "string",
+                "format": "date-time",
+                "description": "Search end date"
+              }
+            },
+            "required": [
+              "startDate",
+              "endDate"
+            ]
+          }
+        },
+        "required": [
+          "type",
+          "timeRange"
+        ]
+      },
       "PmSearchTransactionRequest": {
         "type": "object",
         "oneOf": [
@@ -1068,13 +1102,17 @@
           },
           {
             "$ref": "#/components/schemas/SearchTransactionRequestEmail"
+          },
+          {
+            "$ref": "#/components/schemas/SearchTransactionRequestDateTimeRange"
           }
         ],
         "discriminator": {
           "propertyName": "type",
           "mapping": {
             "USER_FISCAL_CODE": "#/components/schemas/SearchTransactionRequestFiscalCode",
-            "USER_EMAIL": "#/components/schemas/SearchTransactionRequestEmail"
+            "USER_EMAIL": "#/components/schemas/SearchTransactionRequestEmail",
+            "DATE_TIME_RANGE": "#/components/schemas/SearchTransactionRequestDateTimeRange"
           }
         }
       },
@@ -1770,13 +1808,17 @@
                 },
                 {
                   "$ref": "#/components/schemas/SearchTransactionRequestEmail"
+                },
+                {
+                  "$ref": "#/components/schemas/SearchTransactionRequestDateTimeRange"
                 }
               ],
               "discriminator": {
                 "propertyName": "type",
                 "mapping": {
                   "USER_FISCAL_CODE": "#/components/schemas/SearchTransactionRequestFiscalCode",
-                  "USER_EMAIL": "#/components/schemas/SearchTransactionRequestEmail"
+                  "USER_EMAIL": "#/components/schemas/SearchTransactionRequestEmail",
+                  "DATE_TIME_RANGE": "#/components/schemas/SearchTransactionRequestDateTimeRange"
                 }
               }
             },
@@ -1792,6 +1834,15 @@
                   "type": "USER_EMAIL",
                   "userEmail": "test@test.it"
                 }
+              },
+              "search by date and time range": {
+                "value": {
+                  "type": "DATE_TIME_RANGE",
+                  "timeRange": {
+                    "startDate": "2023-01-01T00:00:00.000",
+                    "endDate": "2023-01-01T02:00:00.000"
+                  }
+                }
               }
             }
           }

From cd6fe077ee546498c8800c31f6a66c8847bcf8c5 Mon Sep 17 00:00:00 2001
From: Marco Mari <130982006+mamari90@users.noreply.github.com>
Date: Thu, 5 Dec 2024 12:51:23 +0100
Subject: [PATCH 2/5] feat: Updated gh runner module (#2632)

updated gh runner module
---
 src/domains/afm-app/07_gh_runner.tf       | 1 +
 src/domains/afm-app/99_main.tf            | 4 ++--
 src/domains/apiconfig-app/07_gh_runner.tf | 1 +
 src/domains/apiconfig-app/99_main.tf      | 4 ++--
 src/domains/bizevents-app/07_gh_runner.tf | 1 +
 src/domains/bizevents-app/99_main.tf      | 4 ++--
 src/domains/ebollo-app/07_gh_runner.tf    | 1 +
 src/domains/ebollo-app/99_main.tf         | 4 ++--
 src/domains/fdr-app/07_gh_runner.tf       | 1 +
 src/domains/fdr-app/99_main.tf            | 4 ++--
 src/domains/gps-app/07_gh_runner.tf       | 1 +
 src/domains/gps-app/99_main.tf            | 4 ++--
 src/domains/nodo-app/07_gh_runner.tf      | 1 +
 src/domains/nodo-app/99_main.tf           | 4 ++--
 src/domains/payopt-app/07_gh_runner.tf    | 1 +
 src/domains/payopt-app/99_main.tf         | 4 ++--
 src/domains/printit-app/07_gh_runner.tf   | 1 +
 src/domains/printit-app/99_main.tf        | 4 ++--
 src/domains/receipts-app/07_gh_runner.tf  | 1 +
 src/domains/receipts-app/99_main.tf       | 4 ++--
 src/domains/selfcare-app/07_gh_runner.tf  | 1 +
 src/domains/selfcare-app/99_main.tf       | 4 ++--
 src/domains/shared-app/07_gh_runner.tf    | 1 +
 src/domains/shared-app/99_main.tf         | 4 ++--
 24 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/src/domains/afm-app/07_gh_runner.tf b/src/domains/afm-app/07_gh_runner.tf
index e9e8dd639..5218c70d7 100644
--- a/src/domains/afm-app/07_gh_runner.tf
+++ b/src/domains/afm-app/07_gh_runner.tf
@@ -13,6 +13,7 @@ module "gh_runner_job" {
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
   runner_labels      = ["self-hosted-job", "${var.env}"]
+  gh_env             = var.env
   gh_repositories = [
     {
       name : "pagopa-afm-calculator",
diff --git a/src/domains/afm-app/99_main.tf b/src/domains/afm-app/99_main.tf
index 13b720024..021d38c6f 100644
--- a/src/domains/afm-app/99_main.tf
+++ b/src/domains/afm-app/99_main.tf
@@ -48,6 +48,6 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/apiconfig-app/07_gh_runner.tf b/src/domains/apiconfig-app/07_gh_runner.tf
index a46595a7a..e15ad8ff4 100644
--- a/src/domains/apiconfig-app/07_gh_runner.tf
+++ b/src/domains/apiconfig-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/apiconfig-app/99_main.tf b/src/domains/apiconfig-app/99_main.tf
index 160bc78a1..405766710 100644
--- a/src/domains/apiconfig-app/99_main.tf
+++ b/src/domains/apiconfig-app/99_main.tf
@@ -63,6 +63,6 @@ data "azurerm_subscription" "current" {}
 data "azurerm_client_config" "current" {}
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/bizevents-app/07_gh_runner.tf b/src/domains/bizevents-app/07_gh_runner.tf
index 3094d51e1..0d9a7c019 100644
--- a/src/domains/bizevents-app/07_gh_runner.tf
+++ b/src/domains/bizevents-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/bizevents-app/99_main.tf b/src/domains/bizevents-app/99_main.tf
index cae8a966f..df7ab18e8 100644
--- a/src/domains/bizevents-app/99_main.tf
+++ b/src/domains/bizevents-app/99_main.tf
@@ -48,7 +48,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
 
diff --git a/src/domains/ebollo-app/07_gh_runner.tf b/src/domains/ebollo-app/07_gh_runner.tf
index 3dcfb3778..ff1026cfb 100644
--- a/src/domains/ebollo-app/07_gh_runner.tf
+++ b/src/domains/ebollo-app/07_gh_runner.tf
@@ -11,6 +11,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/ebollo-app/99_main.tf b/src/domains/ebollo-app/99_main.tf
index 27e302934..59e4164aa 100644
--- a/src/domains/ebollo-app/99_main.tf
+++ b/src/domains/ebollo-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/fdr-app/07_gh_runner.tf b/src/domains/fdr-app/07_gh_runner.tf
index 5ac740030..522774ae9 100644
--- a/src/domains/fdr-app/07_gh_runner.tf
+++ b/src/domains/fdr-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/fdr-app/99_main.tf b/src/domains/fdr-app/99_main.tf
index a01b46659..a33ed9acb 100644
--- a/src/domains/fdr-app/99_main.tf
+++ b/src/domains/fdr-app/99_main.tf
@@ -50,7 +50,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
 
diff --git a/src/domains/gps-app/07_gh_runner.tf b/src/domains/gps-app/07_gh_runner.tf
index 13e271a37..89a24b49e 100644
--- a/src/domains/gps-app/07_gh_runner.tf
+++ b/src/domains/gps-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/gps-app/99_main.tf b/src/domains/gps-app/99_main.tf
index 83b6d3b61..86d6ee35b 100644
--- a/src/domains/gps-app/99_main.tf
+++ b/src/domains/gps-app/99_main.tf
@@ -66,6 +66,6 @@ provider "kubectl" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/nodo-app/07_gh_runner.tf b/src/domains/nodo-app/07_gh_runner.tf
index a0e6a42f9..1ad9142e5 100644
--- a/src/domains/nodo-app/07_gh_runner.tf
+++ b/src/domains/nodo-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/nodo-app/99_main.tf b/src/domains/nodo-app/99_main.tf
index 659390c0d..9dc8c442c 100644
--- a/src/domains/nodo-app/99_main.tf
+++ b/src/domains/nodo-app/99_main.tf
@@ -53,6 +53,6 @@ provider "helm" {
 
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/payopt-app/07_gh_runner.tf b/src/domains/payopt-app/07_gh_runner.tf
index d13416e85..1f8c12a8c 100644
--- a/src/domains/payopt-app/07_gh_runner.tf
+++ b/src/domains/payopt-app/07_gh_runner.tf
@@ -11,6 +11,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/payopt-app/99_main.tf b/src/domains/payopt-app/99_main.tf
index 27e302934..59e4164aa 100644
--- a/src/domains/payopt-app/99_main.tf
+++ b/src/domains/payopt-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/printit-app/07_gh_runner.tf b/src/domains/printit-app/07_gh_runner.tf
index 86eda93ce..2b255635c 100644
--- a/src/domains/printit-app/07_gh_runner.tf
+++ b/src/domains/printit-app/07_gh_runner.tf
@@ -11,6 +11,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/printit-app/99_main.tf b/src/domains/printit-app/99_main.tf
index a9311a649..ed6db5e73 100644
--- a/src/domains/printit-app/99_main.tf
+++ b/src/domains/printit-app/99_main.tf
@@ -49,7 +49,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
 
diff --git a/src/domains/receipts-app/07_gh_runner.tf b/src/domains/receipts-app/07_gh_runner.tf
index c38dc6fd4..b22d6f539 100644
--- a/src/domains/receipts-app/07_gh_runner.tf
+++ b/src/domains/receipts-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/receipts-app/99_main.tf b/src/domains/receipts-app/99_main.tf
index 0b1968105..f3fc515cd 100644
--- a/src/domains/receipts-app/99_main.tf
+++ b/src/domains/receipts-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
 
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
diff --git a/src/domains/selfcare-app/07_gh_runner.tf b/src/domains/selfcare-app/07_gh_runner.tf
index a7bfd31d9..75bcc712e 100644
--- a/src/domains/selfcare-app/07_gh_runner.tf
+++ b/src/domains/selfcare-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/selfcare-app/99_main.tf b/src/domains/selfcare-app/99_main.tf
index d3ba7a99a..3470e7712 100644
--- a/src/domains/selfcare-app/99_main.tf
+++ b/src/domains/selfcare-app/99_main.tf
@@ -48,7 +48,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
 
diff --git a/src/domains/shared-app/07_gh_runner.tf b/src/domains/shared-app/07_gh_runner.tf
index 9906032e3..dd942fd51 100644
--- a/src/domains/shared-app/07_gh_runner.tf
+++ b/src/domains/shared-app/07_gh_runner.tf
@@ -12,6 +12,7 @@ module "gh_runner_job" {
   environment_name   = local.tools_cae_name
   environment_rg     = local.tools_cae_rg
   gh_identity_suffix = "job-01"
+  gh_env             = var.env
   runner_labels      = ["self-hosted-job", "${var.env}"]
   gh_repositories = [
     {
diff --git a/src/domains/shared-app/99_main.tf b/src/domains/shared-app/99_main.tf
index 496d78605..da0d2d9fa 100644
--- a/src/domains/shared-app/99_main.tf
+++ b/src/domains/shared-app/99_main.tf
@@ -61,7 +61,7 @@ provider "helm" {
 
 
 module "__v3__" {
-  # v8.60.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=551a56a4bf841cd431b51ec951639e74260daf6a"
+  # v8.62.0
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
 }
 

From 71b14a3f39ee1fa49d5c538e2f2ac55a7dac0b22 Mon Sep 17 00:00:00 2001
From: Angelo Caporaso <56113767+cap-ang@users.noreply.github.com>
Date: Thu, 5 Dec 2024 16:37:26 +0100
Subject: [PATCH 3/5] feat(GPD): Update rate-limit (#2633)

---
 src/domains/gps-app/api/gpd-upload-service/v1/_base_policy.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/domains/gps-app/api/gpd-upload-service/v1/_base_policy.xml b/src/domains/gps-app/api/gpd-upload-service/v1/_base_policy.xml
index 187897e48..0137a2b2b 100644
--- a/src/domains/gps-app/api/gpd-upload-service/v1/_base_policy.xml
+++ b/src/domains/gps-app/api/gpd-upload-service/v1/_base_policy.xml
@@ -2,7 +2,7 @@
 <inbound>
   <base />
   <!-- rate limit by subscription key -->
-  <rate-limit calls="1" renewal-period="1" remaining-calls-variable-name="remainingCallsPerSubscription"/>
+  <rate-limit calls="10" renewal-period="1" remaining-calls-variable-name="remainingCallsPerSubscription"/>
   <!-- Calling Authorizer's fragment -->
   <set-variable name="application_domain" value="gpd" />
   <choose>

From 4e384381009da4905b4ef9b861056953feef1583 Mon Sep 17 00:00:00 2001
From: Marco Mari <130982006+mamari90@users.noreply.github.com>
Date: Thu, 5 Dec 2024 16:38:56 +0100
Subject: [PATCH 4/5] feat: Upgraded tf module to add gh identity permission
 (#2634)

upgraded tf module to add gh identity permission
---
 src/domains/aca-common/README.md              |   6 +-
 src/domains/afm-app/07_gh_runner.tf           |  10 +-
 src/domains/afm-app/99_main.tf                |   4 +-
 src/domains/afm-app/README.md                 |   2 +-
 src/domains/afm-common/03_cosmosdb_afm.tf     |  12 +--
 src/domains/afm-common/README.md              |  13 +--
 .../afm-common/env/weu-prod/terraform.tfvars  |   4 +-
 src/domains/afm-secrets/README.md             |   6 +-
 src/domains/apiconfig-app/07_gh_runner.tf     |  10 +-
 src/domains/apiconfig-app/99_main.tf          |   4 +-
 src/domains/apiconfig-app/README.md           |   2 +-
 src/domains/apiconfig-common/README.md        |   6 +-
 src/domains/bizevents-app/07_gh_runner.tf     |  10 +-
 src/domains/bizevents-app/99_main.tf          |   4 +-
 src/domains/bizevents-app/README.md           |   2 +-
 src/domains/bizevents-common/02_security.tf   |   2 +-
 src/domains/bizevents-common/README.md        |  12 +--
 src/domains/bizevents-secrets/README.md       |   4 +-
 src/domains/canoneunico/README.md             |   6 +-
 src/domains/checkout-common/README.md         |   4 +-
 src/domains/ebollo-app/04_apim_mbd.tf         |   2 +-
 src/domains/ebollo-app/04_apim_mbd_gps.tf     |   2 +-
 src/domains/ebollo-app/07_gh_runner.tf        |  10 +-
 src/domains/ebollo-app/99_main.tf             |   4 +-
 .../ebollo-common/10_github_identity.tf       |   4 +-
 src/domains/ebollo-common/99_locals.tf        |   2 +-
 src/domains/fdr-app/07_gh_runner.tf           |  18 +---
 src/domains/fdr-app/99_main.tf                |   4 +-
 src/domains/fdr-app/README.md                 |   2 +-
 src/domains/fdr-common/README.md              |   4 +-
 src/domains/fdr-secret/02_azdo.tf             |   4 +-
 src/domains/fdr-secret/README.md              |   5 +-
 src/domains/gps-app/07_gh_runner.tf           |  17 +--
 src/domains/gps-app/99_main.tf                |   4 +-
 src/domains/gps-app/README.md                 |   2 +-
 src/domains/gps-common/02_azdo.tf             |   4 +-
 .../gps-common/env/weu-prod/terraform.tfvars  |   2 +-
 src/domains/gps-secret/README.md              |   4 +-
 src/domains/load-test/README.md               |   4 +-
 src/domains/mock-app/README.md                |   4 +-
 src/domains/mock-common/README.md             |   4 +-
 src/domains/nodo-app/07_gh_runner.tf          |  17 +--
 src/domains/nodo-app/99_main.tf               |   4 +-
 src/domains/nodo-app/README.md                |   2 +-
 src/domains/nodo-cron/README.md               |   4 +-
 src/domains/nodo-secret/02_azdo.tf            |   4 +-
 src/domains/nodo-secret/99_main.tf            |   2 +-
 src/domains/nodo-secret/README.md             |   5 +-
 src/domains/nodo-switcher/README.md           |   4 +-
 .../04_datafactory_linkedservice.tf           |   4 +-
 src/domains/payopt-app/07_gh_runner.tf        |  10 +-
 src/domains/payopt-app/99_main.tf             |   4 +-
 src/domains/payopt-app/README.md              |  14 +--
 src/domains/payopt-common/README.md           |  12 ++-
 src/domains/payopt-secrets/README.md          |   9 +-
 src/domains/printit-app/.terraform.lock.hcl   | 102 ++++++++++++++++++
 src/domains/printit-app/07_gh_runner.tf       |  17 +--
 src/domains/printit-app/99_main.tf            |   4 +-
 src/domains/printit-app/README.md             |   2 +-
 src/domains/printit-common/README.md          |   4 +-
 src/domains/printit-legacy/README.md          |   4 +-
 src/domains/printit-secrets/README.md         |   5 +-
 src/domains/qi-common/02_azdo.tf              |   4 +-
 src/domains/qi-common/README.md               |   8 +-
 src/domains/qi-secrets/99_main.tf             |   2 +-
 src/domains/qi-secrets/README.md              |   5 +-
 src/domains/receipts-app/07_gh_runner.tf      |  10 +-
 src/domains/receipts-app/99_main.tf           |   4 +-
 src/domains/receipts-app/README.md            |   2 +-
 src/domains/receipts-common/README.md         |   4 +-
 src/domains/receipts-secrets/02_azdo.tf       |   4 +-
 src/domains/receipts-secrets/99_main.tf       |   2 +-
 src/domains/receipts-secrets/README.md        |   5 +-
 .../04_apim_backoffice_external.tf            |   2 +-
 src/domains/selfcare-app/07_gh_runner.tf      |  10 +-
 src/domains/selfcare-app/99_main.tf           |   4 +-
 src/domains/selfcare-app/README.md            |   3 +-
 src/domains/selfcare-common/README.md         |   4 +-
 src/domains/shared-app/07_gh_runner.tf        |  10 +-
 src/domains/shared-app/99_main.tf             |   5 +-
 src/domains/shared-app/README.md              |   2 +-
 src/domains/shared-common/README.md           |   4 +-
 src/domains/shared-secrets/README.md          |   4 +-
 src/domains/wallet-common/README.md           |   4 +-
 84 files changed, 322 insertions(+), 242 deletions(-)
 create mode 100644 src/domains/printit-app/.terraform.lock.hcl

diff --git a/src/domains/aca-common/README.md b/src/domains/aca-common/README.md
index 9f99489b3..9baa8ea52 100644
--- a/src/domains/aca-common/README.md
+++ b/src/domains/aca-common/README.md
@@ -1,7 +1,7 @@
 # aca-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -20,6 +20,7 @@
 
 | Name | Type |
 |------|------|
+| [azurerm_api_management_subscription.gpd_like_for_aca_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_key_vault_access_policy.ad_group_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.adgroup_developers_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.azdevops_iac_legacy_policies](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
@@ -40,6 +41,7 @@
 | [azuread_service_principal.iac_deploy_legacy](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
 | [azuread_service_principal.iac_plan_legacy](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
 | [azuread_service_principal.iac_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/service_principal) | data source |
+| [azurerm_api_management_product.apim_aca_product](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/api_management_product) | data source |
 | [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_private_dns_zone.internal](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/private_dns_zone) | data source |
@@ -70,4 +72,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/afm-app/07_gh_runner.tf b/src/domains/afm-app/07_gh_runner.tf
index 5218c70d7..484860287 100644
--- a/src/domains/afm-app/07_gh_runner.tf
+++ b/src/domains/afm-app/07_gh_runner.tf
@@ -48,10 +48,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/afm-app/99_main.tf b/src/domains/afm-app/99_main.tf
index 021d38c6f..4a7ab449a 100644
--- a/src/domains/afm-app/99_main.tf
+++ b/src/domains/afm-app/99_main.tf
@@ -48,6 +48,6 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/afm-app/README.md b/src/domains/afm-app/README.md
index 8705e6d45..c559b8e15 100644
--- a/src/domains/afm-app/README.md
+++ b/src/domains/afm-app/README.md
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_afm_calculator_node_product"></a> [apim\_afm\_calculator\_node\_product](#module\_apim\_afm\_calculator\_node\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_afm_calculator_product"></a> [apim\_afm\_calculator\_product](#module\_apim\_afm\_calculator\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_afm_marketplace_product"></a> [apim\_afm\_marketplace\_product](#module\_apim\_afm\_marketplace\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
diff --git a/src/domains/afm-common/03_cosmosdb_afm.tf b/src/domains/afm-common/03_cosmosdb_afm.tf
index 2b1ea1b2d..3da0b8401 100644
--- a/src/domains/afm-common/03_cosmosdb_afm.tf
+++ b/src/domains/afm-common/03_cosmosdb_afm.tf
@@ -36,8 +36,8 @@ module "afm_marketplace_cosmosdb_account" {
   enable_free_tier           = var.afm_marketplace_cosmos_db_params.enable_free_tier
   analytical_storage_enabled = var.afm_marketplace_cosmos_db_params.analytical_storage_enabled
 
-  private_endpoint_sql_name            = "${local.project}-marketplace-cosmos-sql-endpoint" # forced after update module vers
-  private_service_connection_sql_name  = "${local.project}-marketplace-cosmos-sql-endpoint" # forced after update module vers
+  private_endpoint_sql_name           = "${local.project}-marketplace-cosmos-sql-endpoint" # forced after update module vers
+  private_service_connection_sql_name = "${local.project}-marketplace-cosmos-sql-endpoint" # forced after update module vers
 
   public_network_access_enabled      = var.afm_marketplace_cosmos_db_params.public_network_access_enabled
   private_endpoint_enabled           = var.afm_marketplace_cosmos_db_params.private_endpoint_enabled
@@ -94,8 +94,8 @@ locals {
       autoscale_settings = {
         max_throughput = 1000
       },
-      analytical_storage_ttl = -1,  # ingested_2_DL
-      partition_key_version  = null      
+      analytical_storage_ttl = -1, # ingested_2_DL
+      partition_key_version  = null
     },
     {
       name               = "archivedcibundles",
@@ -157,7 +157,7 @@ locals {
       autoscale_settings = {
         max_throughput = 1000
       },
-      analytical_storage_ttl = -1,  # ingested_2_DL
+      analytical_storage_ttl = -1, # ingested_2_DL
       partition_key_version  = null
     },
     {
@@ -166,7 +166,7 @@ locals {
       autoscale_settings = {
         max_throughput = 1000
       },
-      analytical_storage_ttl = -1,  # ingested_2_DL
+      analytical_storage_ttl = -1, # ingested_2_DL
       partition_key_version  = null
     },
     {
diff --git a/src/domains/afm-common/README.md b/src/domains/afm-common/README.md
index 04952e4d8..8bc342e6b 100644
--- a/src/domains/afm-common/README.md
+++ b/src/domains/afm-common/README.md
@@ -1,5 +1,5 @@
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -12,9 +12,9 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_afm_marketplace_cosmosdb_account"></a> [afm\_marketplace\_cosmosdb\_account](#module\_afm\_marketplace\_cosmosdb\_account) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | v6.7.0 |
-| <a name="module_afm_marketplace_cosmosdb_containers"></a> [afm\_marketplace\_cosmosdb\_containers](#module\_afm\_marketplace\_cosmosdb\_containers) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_container | v6.7.0 |
-| <a name="module_afm_marketplace_cosmosdb_database"></a> [afm\_marketplace\_cosmosdb\_database](#module\_afm\_marketplace\_cosmosdb\_database) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_database | v6.7.0 |
+| <a name="module_afm_marketplace_cosmosdb_account"></a> [afm\_marketplace\_cosmosdb\_account](#module\_afm\_marketplace\_cosmosdb\_account) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_account | add-analytical_storage_enabled-2-cosmos |
+| <a name="module_afm_marketplace_cosmosdb_containers"></a> [afm\_marketplace\_cosmosdb\_containers](#module\_afm\_marketplace\_cosmosdb\_containers) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_container | add-analytical_storage_enabled-2-cosmos |
+| <a name="module_afm_marketplace_cosmosdb_database"></a> [afm\_marketplace\_cosmosdb\_database](#module\_afm\_marketplace\_cosmosdb\_database) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cosmosdb_sql_database | add-analytical_storage_enabled-2-cosmos |
 | <a name="module_afm_marketplace_cosmosdb_snet"></a> [afm\_marketplace\_cosmosdb\_snet](#module\_afm\_marketplace\_cosmosdb\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v6.7.0 |
 | <a name="module_afm_storage"></a> [afm\_storage](#module\_afm\_storage) | git::https://github.com/pagopa/terraform-azurerm-v3.git//storage_account | v7.18.0 |
 | <a name="module_identity_cd_01"></a> [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v7.45.0 |
@@ -32,6 +32,7 @@
 | [azurerm_key_vault_access_policy.azdevops_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_access_policy.gha_iac_managed_identities](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_access_policy) | resource |
 | [azurerm_key_vault_secret.afm_calculator_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.afm_fee_reporting_cosmos_pkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.afm_marketplace_cosmos_pkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.afm_marketplace_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.ai_connection_string](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
@@ -71,7 +72,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_afm_marketplace_cosmos_db_params"></a> [afm\_marketplace\_cosmos\_db\_params](#input\_afm\_marketplace\_cosmos\_db\_params) | n/a | <pre>object({<br/>    kind           = string<br/>    capabilities   = list(string)<br/>    offer_type     = string<br/>    server_version = string<br/>    consistency_policy = object({<br/>      consistency_level       = string<br/>      max_interval_in_seconds = number<br/>      max_staleness_prefix    = number<br/>    })<br/>    main_geo_location_zone_redundant = bool<br/>    enable_free_tier                 = bool<br/>    additional_geo_locations = list(object({<br/>      location          = string<br/>      failover_priority = number<br/>      zone_redundant    = bool<br/>    }))<br/>    private_endpoint_enabled          = bool<br/>    public_network_access_enabled     = bool<br/>    is_virtual_network_filter_enabled = bool<br/>    backup_continuous_enabled         = bool<br/>  })</pre> | n/a | yes |
+| <a name="input_afm_marketplace_cosmos_db_params"></a> [afm\_marketplace\_cosmos\_db\_params](#input\_afm\_marketplace\_cosmos\_db\_params) | n/a | <pre>object({<br/>    kind           = string<br/>    capabilities   = list(string)<br/>    offer_type     = string<br/>    server_version = string<br/>    consistency_policy = object({<br/>      consistency_level       = string<br/>      max_interval_in_seconds = number<br/>      max_staleness_prefix    = number<br/>    })<br/>    main_geo_location_zone_redundant = bool<br/>    enable_free_tier                 = bool<br/>    additional_geo_locations = list(object({<br/>      location          = string<br/>      failover_priority = number<br/>      zone_redundant    = bool<br/>    }))<br/>    private_endpoint_enabled          = bool<br/>    public_network_access_enabled     = bool<br/>    is_virtual_network_filter_enabled = bool<br/>    backup_continuous_enabled         = bool<br/>    analytical_storage_enabled        = bool<br/>  })</pre> | n/a | yes |
 | <a name="input_afm_storage_params"></a> [afm\_storage\_params](#input\_afm\_storage\_params) | n/a | <pre>object({<br/>    enable_backup                 = optional(bool, false)<br/>    enabled                       = bool,<br/>    kind                          = string,<br/>    tier                          = string,<br/>    account_replication_type      = string,<br/>    advanced_threat_protection    = bool,<br/>    retention_days                = number,<br/>    public_network_access_enabled = bool,<br/>    backup_retention_days         = optional(number, 0)<br/>  })</pre> | <pre>{<br/>  "account_replication_type": "LRS",<br/>  "advanced_threat_protection": false,<br/>  "backup_retention_days": 0,<br/>  "enable_backup": false,<br/>  "enabled": false,<br/>  "kind": "StorageV2",<br/>  "public_network_access_enabled": false,<br/>  "retention_days": 30,<br/>  "tier": "Standard"<br/>}</pre> | no |
 | <a name="input_application_insights_name"></a> [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes |
 | <a name="input_cidr_subnet_afm_marketplace_cosmosdb"></a> [cidr\_subnet\_afm\_marketplace\_cosmosdb](#input\_cidr\_subnet\_afm\_marketplace\_cosmosdb) | Cosmos DB address space | `list(string)` | `null` | no |
@@ -94,4 +95,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/afm-common/env/weu-prod/terraform.tfvars b/src/domains/afm-common/env/weu-prod/terraform.tfvars
index 53ef933e9..8bfaf61de 100644
--- a/src/domains/afm-common/env/weu-prod/terraform.tfvars
+++ b/src/domains/afm-common/env/weu-prod/terraform.tfvars
@@ -36,8 +36,8 @@ afm_marketplace_cosmos_db_params = {
   offer_type   = "Standard"
   consistency_policy = {
     consistency_level       = "Strong" # "BoundedStaleness"
-    max_interval_in_seconds = 5 # 300
-    max_staleness_prefix    = 100 # 100000
+    max_interval_in_seconds = 5        # 300
+    max_staleness_prefix    = 100      # 100000
   }
   server_version                   = "4.0"
   main_geo_location_zone_redundant = true
diff --git a/src/domains/afm-secrets/README.md b/src/domains/afm-secrets/README.md
index 3d4807787..959548113 100644
--- a/src/domains/afm-secrets/README.md
+++ b/src/domains/afm-secrets/README.md
@@ -1,6 +1,6 @@
 # afm-secrets
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -42,9 +42,9 @@ No modules.
 | <a name="input_location_short"></a> [location\_short](#input\_location\_short) | One of weu, neu | `string` | n/a | yes |
 | <a name="input_location_string"></a> [location\_string](#input\_location\_string) | One of West Europe, North Europe | `string` | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br>  "CreatedBy": "Terraform"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "CreatedBy": "Terraform"<br/>}</pre> | no |
 
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/apiconfig-app/07_gh_runner.tf b/src/domains/apiconfig-app/07_gh_runner.tf
index e15ad8ff4..5446287ff 100644
--- a/src/domains/apiconfig-app/07_gh_runner.tf
+++ b/src/domains/apiconfig-app/07_gh_runner.tf
@@ -36,10 +36,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/apiconfig-app/99_main.tf b/src/domains/apiconfig-app/99_main.tf
index 405766710..cb40d8e8b 100644
--- a/src/domains/apiconfig-app/99_main.tf
+++ b/src/domains/apiconfig-app/99_main.tf
@@ -63,6 +63,6 @@ data "azurerm_subscription" "current" {}
 data "azurerm_client_config" "current" {}
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/apiconfig-app/README.md b/src/domains/apiconfig-app/README.md
index ecd08930b..b40811eb0 100644
--- a/src/domains/apiconfig-app/README.md
+++ b/src/domains/apiconfig-app/README.md
@@ -19,7 +19,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_api_config_fe_cdn"></a> [api\_config\_fe\_cdn](#module\_api\_config\_fe\_cdn) | ./.terraform/modules/__v3__/cdn | n/a |
 | <a name="module_api_config_snet"></a> [api\_config\_snet](#module\_api\_config\_snet) | ./.terraform/modules/__v3__/subnet | n/a |
 | <a name="module_apim_api_apiconfig_cache_node_api_v1_o"></a> [apim\_api\_apiconfig\_cache\_node\_api\_v1\_o](#module\_apim\_api\_apiconfig\_cache\_node\_api\_v1\_o) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/apiconfig-common/README.md b/src/domains/apiconfig-common/README.md
index 9b6b86067..7a812b61a 100644
--- a/src/domains/apiconfig-common/README.md
+++ b/src/domains/apiconfig-common/README.md
@@ -1,7 +1,7 @@
 # apiconfig-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -38,6 +38,8 @@
 | [azurerm_key_vault_secret.apiconfig_selfcare_integration_api_subscription-key](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.cfg_for_node_subscription_key](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.db_postgres_nexi_cfg_password](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.db_postgres_nexi_cfg_password_prf](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
+| [azurerm_key_vault_secret.encrypted_github_token_read_packages_bot](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.github_token_read_packages](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.nodo5_slack_webhook_url](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.oracle_db_cfg_dev_nexi_password](https://registry.terraform.io/providers/hashicorp/azurerm/3.40.0/docs/resources/key_vault_secret) | resource |
@@ -115,4 +117,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/bizevents-app/07_gh_runner.tf b/src/domains/bizevents-app/07_gh_runner.tf
index 0d9a7c019..c0db8229b 100644
--- a/src/domains/bizevents-app/07_gh_runner.tf
+++ b/src/domains/bizevents-app/07_gh_runner.tf
@@ -40,10 +40,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/bizevents-app/99_main.tf b/src/domains/bizevents-app/99_main.tf
index df7ab18e8..8593a4c79 100644
--- a/src/domains/bizevents-app/99_main.tf
+++ b/src/domains/bizevents-app/99_main.tf
@@ -48,7 +48,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
 
diff --git a/src/domains/bizevents-app/README.md b/src/domains/bizevents-app/README.md
index 30bbd6aac..250ef3bf0 100644
--- a/src/domains/bizevents-app/README.md
+++ b/src/domains/bizevents-app/README.md
@@ -14,7 +14,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_bizevents_api_v1"></a> [apim\_api\_bizevents\_api\_v1](#module\_apim\_api\_bizevents\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_bizevents_helpdesk_api_v1"></a> [apim\_api\_bizevents\_helpdesk\_api\_v1](#module\_apim\_api\_bizevents\_helpdesk\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_bizevents_lap_api_jwt_v1"></a> [apim\_api\_bizevents\_lap\_api\_jwt\_v1](#module\_apim\_api\_bizevents\_lap\_api\_jwt\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/bizevents-common/02_security.tf b/src/domains/bizevents-common/02_security.tf
index e26d87169..16e83043f 100644
--- a/src/domains/bizevents-common/02_security.tf
+++ b/src/domains/bizevents-common/02_security.tf
@@ -40,7 +40,7 @@ resource "azurerm_key_vault_access_policy" "adgroup_developers_policy" {
   key_permissions     = ["Get", "List", "Update", "Create", "Import", "Delete", "Encrypt", "Decrypt", "GetRotationPolicy", "Purge", "Recover", "Restore"]
   secret_permissions  = ["Get", "List", "Set", "Delete", "Purge", "Recover", "Restore"]
   storage_permissions = []
-  certificate_permissions = [ "Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Purge", "Recover"
+  certificate_permissions = ["Get", "List", "Update", "Create", "Import", "Delete", "Restore", "Purge", "Recover"
   ]
 }
 
diff --git a/src/domains/bizevents-common/README.md b/src/domains/bizevents-common/README.md
index 807da83ee..cf9c4e76f 100644
--- a/src/domains/bizevents-common/README.md
+++ b/src/domains/bizevents-common/README.md
@@ -1,5 +1,5 @@
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -132,7 +132,7 @@
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_application_insights_name"></a> [application\_insights\_name](#input\_application\_insights\_name) | Specifies the name of the Application Insights. | `string` | n/a | yes |
-| <a name="input_bizevents_datastore_cosmos_db_params"></a> [bizevents\_datastore\_cosmos\_db\_params](#input\_bizevents\_datastore\_cosmos\_db\_params) | n/a | <pre>object({<br>    kind           = string<br>    capabilities   = list(string)<br>    offer_type     = string<br>    server_version = string<br>    consistency_policy = object({<br>      consistency_level       = string<br>      max_interval_in_seconds = number<br>      max_staleness_prefix    = number<br>    })<br>    main_geo_location_zone_redundant = bool<br>    enable_free_tier                 = bool<br>    additional_geo_locations = list(object({<br>      location          = string<br>      failover_priority = number<br>      zone_redundant    = bool<br>    }))<br>    private_endpoint_enabled          = bool<br>    public_network_access_enabled     = bool<br>    is_virtual_network_filter_enabled = bool<br>    backup_continuous_enabled         = bool<br>    container_default_ttl             = number<br>    ip_range_filter                   = string<br>    max_throughput                    = number<br>    max_throughput_alt                = number<br>  })</pre> | n/a | yes |
+| <a name="input_bizevents_datastore_cosmos_db_params"></a> [bizevents\_datastore\_cosmos\_db\_params](#input\_bizevents\_datastore\_cosmos\_db\_params) | n/a | <pre>object({<br/>    kind           = string<br/>    capabilities   = list(string)<br/>    offer_type     = string<br/>    server_version = string<br/>    consistency_policy = object({<br/>      consistency_level       = string<br/>      max_interval_in_seconds = number<br/>      max_staleness_prefix    = number<br/>    })<br/>    main_geo_location_zone_redundant = bool<br/>    enable_free_tier                 = bool<br/>    additional_geo_locations = list(object({<br/>      location          = string<br/>      failover_priority = number<br/>      zone_redundant    = bool<br/>    }))<br/>    private_endpoint_enabled          = bool<br/>    public_network_access_enabled     = bool<br/>    is_virtual_network_filter_enabled = bool<br/>    backup_continuous_enabled         = bool<br/>    container_default_ttl             = number<br/>    ip_range_filter                   = string<br/>    max_throughput                    = number<br/>    max_throughput_alt                = number<br/>  })</pre> | n/a | yes |
 | <a name="input_bizevents_datastore_fn_sa_advanced_threat_protection"></a> [bizevents\_datastore\_fn\_sa\_advanced\_threat\_protection](#input\_bizevents\_datastore\_fn\_sa\_advanced\_threat\_protection) | Enable contract threat advanced protection | `bool` | `false` | no |
 | <a name="input_bizevents_datastore_fn_sa_delete_retention_days"></a> [bizevents\_datastore\_fn\_sa\_delete\_retention\_days](#input\_bizevents\_datastore\_fn\_sa\_delete\_retention\_days) | Number of days to retain deleted. | `number` | `30` | no |
 | <a name="input_bizevents_datastore_fn_sa_enable_versioning"></a> [bizevents\_datastore\_fn\_sa\_enable\_versioning](#input\_bizevents\_datastore\_fn\_sa\_enable\_versioning) | Enable sa versioning | `bool` | `false` | no |
@@ -140,7 +140,7 @@
 | <a name="input_dns_zone_internal_prefix"></a> [dns\_zone\_internal\_prefix](#input\_dns\_zone\_internal\_prefix) | The dns subdomain. | `string` | `null` | no |
 | <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |
 | <a name="input_enable_iac_pipeline"></a> [enable\_iac\_pipeline](#input\_enable\_iac\_pipeline) | If true create the key vault policy to allow used by azure devops iac pipelines. | `bool` | `false` | no |
-| <a name="input_enabled_features"></a> [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | <pre>object({<br>  })</pre> | `{}` | no |
+| <a name="input_enabled_features"></a> [enabled\_features](#input\_enabled\_features) | Features enabled in this domain | <pre>object({<br/>  })</pre> | `{}` | no |
 | <a name="input_env"></a> [env](#input\_env) | n/a | `string` | n/a | yes |
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
 | <a name="input_external_domain"></a> [external\_domain](#input\_external\_domain) | Domain for delegation | `string` | `null` | no |
@@ -151,13 +151,13 @@
 | <a name="input_log_analytics_workspace_name"></a> [log\_analytics\_workspace\_name](#input\_log\_analytics\_workspace\_name) | Specifies the name of the Log Analytics Workspace. | `string` | n/a | yes |
 | <a name="input_log_analytics_workspace_resource_group_name"></a> [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | The name of the resource group in which the Log Analytics workspace is located in. | `string` | n/a | yes |
 | <a name="input_monitor_resource_group_name"></a> [monitor\_resource\_group\_name](#input\_monitor\_resource\_group\_name) | Monitor resource group name | `string` | n/a | yes |
-| <a name="input_negative_bizevents_datastore_cosmos_db_params"></a> [negative\_bizevents\_datastore\_cosmos\_db\_params](#input\_negative\_bizevents\_datastore\_cosmos\_db\_params) | n/a | <pre>object({<br>    kind           = string<br>    capabilities   = list(string)<br>    offer_type     = string<br>    server_version = string<br>    consistency_policy = object({<br>      consistency_level       = string<br>      max_interval_in_seconds = number<br>      max_staleness_prefix    = number<br>    })<br>    main_geo_location_zone_redundant = bool<br>    enable_free_tier                 = bool<br>    additional_geo_locations = list(object({<br>      location          = string<br>      failover_priority = number<br>      zone_redundant    = bool<br>    }))<br>    private_endpoint_enabled          = bool<br>    public_network_access_enabled     = bool<br>    is_virtual_network_filter_enabled = bool<br>    backup_continuous_enabled         = bool<br>    container_default_ttl             = number<br>    max_throughput                    = number<br>  })</pre> | n/a | yes |
+| <a name="input_negative_bizevents_datastore_cosmos_db_params"></a> [negative\_bizevents\_datastore\_cosmos\_db\_params](#input\_negative\_bizevents\_datastore\_cosmos\_db\_params) | n/a | <pre>object({<br/>    kind           = string<br/>    capabilities   = list(string)<br/>    offer_type     = string<br/>    server_version = string<br/>    consistency_policy = object({<br/>      consistency_level       = string<br/>      max_interval_in_seconds = number<br/>      max_staleness_prefix    = number<br/>    })<br/>    main_geo_location_zone_redundant = bool<br/>    enable_free_tier                 = bool<br/>    additional_geo_locations = list(object({<br/>      location          = string<br/>      failover_priority = number<br/>      zone_redundant    = bool<br/>    }))<br/>    private_endpoint_enabled          = bool<br/>    public_network_access_enabled     = bool<br/>    is_virtual_network_filter_enabled = bool<br/>    backup_continuous_enabled         = bool<br/>    container_default_ttl             = number<br/>    max_throughput                    = number<br/>  })</pre> | n/a | yes |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_redis_ha_enabled"></a> [redis\_ha\_enabled](#input\_redis\_ha\_enabled) | (Required) enables usage of HA deployed redis instance | `bool` | n/a | yes |
 | <a name="input_storage_account_replication_type"></a> [storage\_account\_replication\_type](#input\_storage\_account\_replication\_type) | (Optional) biz event fn storage account replication type | `string` | `"LRS"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br>  "CreatedBy": "Terraform"<br>}</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `map(any)` | <pre>{<br/>  "CreatedBy": "Terraform"<br/>}</pre> | no |
 
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/bizevents-secrets/README.md b/src/domains/bizevents-secrets/README.md
index 2c8341092..c3aed67c4 100644
--- a/src/domains/bizevents-secrets/README.md
+++ b/src/domains/bizevents-secrets/README.md
@@ -1,7 +1,7 @@
 # qi-secrets
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -48,4 +48,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/canoneunico/README.md b/src/domains/canoneunico/README.md
index 863caf03e..bbca37627 100644
--- a/src/domains/canoneunico/README.md
+++ b/src/domains/canoneunico/README.md
@@ -1,6 +1,6 @@
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -102,7 +102,7 @@
 | Name | Description |
 |------|-------------|
 | <a name="output_sshPassword"></a> [sshPassword](#output\_sshPassword) | n/a |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
 
 ## Requirements
 
@@ -183,4 +183,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/checkout-common/README.md b/src/domains/checkout-common/README.md
index be44c510d..a525c0021 100644
--- a/src/domains/checkout-common/README.md
+++ b/src/domains/checkout-common/README.md
@@ -1,7 +1,7 @@
 # checkout-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -70,4 +70,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/ebollo-app/04_apim_mbd.tf b/src/domains/ebollo-app/04_apim_mbd.tf
index 79ef1d3e2..5166d79e6 100644
--- a/src/domains/ebollo-app/04_apim_mbd.tf
+++ b/src/domains/ebollo-app/04_apim_mbd.tf
@@ -6,7 +6,7 @@ locals {
 }
 
 module "apim_mdb_product" {
-  source    = "./.terraform/modules/__v3__/api_management_product"
+  source = "./.terraform/modules/__v3__/api_management_product"
 
   product_id   = "pagopa_ebollo"
   display_name = local.apim_mdb_pagopa_api.display_name
diff --git a/src/domains/ebollo-app/04_apim_mbd_gps.tf b/src/domains/ebollo-app/04_apim_mbd_gps.tf
index 70d852b6c..9def66c1c 100644
--- a/src/domains/ebollo-app/04_apim_mbd_gps.tf
+++ b/src/domains/ebollo-app/04_apim_mbd_gps.tf
@@ -6,7 +6,7 @@ locals {
 }
 
 module "apim_mbd_gps_product" {
-  source    = "./.terraform/modules/__v3__/api_management_product"
+  source = "./.terraform/modules/__v3__/api_management_product"
 
   product_id   = "ebollo-gps-service"
   display_name = local.apim_mbd_gps_pagopa_api.display_name
diff --git a/src/domains/ebollo-app/07_gh_runner.tf b/src/domains/ebollo-app/07_gh_runner.tf
index ff1026cfb..a23ae3565 100644
--- a/src/domains/ebollo-app/07_gh_runner.tf
+++ b/src/domains/ebollo-app/07_gh_runner.tf
@@ -39,10 +39,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.project}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/ebollo-app/99_main.tf b/src/domains/ebollo-app/99_main.tf
index 59e4164aa..5319f5349 100644
--- a/src/domains/ebollo-app/99_main.tf
+++ b/src/domains/ebollo-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/ebollo-common/10_github_identity.tf b/src/domains/ebollo-common/10_github_identity.tf
index 03218dfeb..c8e3690f4 100644
--- a/src/domains/ebollo-common/10_github_identity.tf
+++ b/src/domains/ebollo-common/10_github_identity.tf
@@ -133,7 +133,7 @@ resource "null_resource" "github_runner_app_permissions_to_namespace_cd_01" {
 
 # create a module for each 20 repos
 module "identity_pr_01" {
-  source = "./.terraform/modules/__v3__/github_federated_identity"
+  source    = "./.terraform/modules/__v3__/github_federated_identity"
   prefix    = var.prefix
   env_short = var.env_short
   domain    = "${var.domain}-01-pr"
@@ -172,7 +172,7 @@ resource "azurerm_key_vault_access_policy" "gha_pr_iac_managed_identities" {
 
 # create a module for each 20 repos
 module "identity_ref_01" {
-  source = "./.terraform/modules/__v3__/github_federated_identity"
+  source    = "./.terraform/modules/__v3__/github_federated_identity"
   prefix    = var.prefix
   env_short = var.env_short
   domain    = "${var.domain}-01-ref"
diff --git a/src/domains/ebollo-common/99_locals.tf b/src/domains/ebollo-common/99_locals.tf
index 639d68710..ef6793ff4 100644
--- a/src/domains/ebollo-common/99_locals.tf
+++ b/src/domains/ebollo-common/99_locals.tf
@@ -27,6 +27,6 @@ locals {
     "azdo-${var.env}-pagopa-iac-plan"]
   )
 
-  msg_resource_group_name      = "${local.product}-msg-rg"
+  msg_resource_group_name = "${local.product}-msg-rg"
 
 }
diff --git a/src/domains/fdr-app/07_gh_runner.tf b/src/domains/fdr-app/07_gh_runner.tf
index 522774ae9..7ccaaa24c 100644
--- a/src/domains/fdr-app/07_gh_runner.tf
+++ b/src/domains/fdr-app/07_gh_runner.tf
@@ -40,19 +40,11 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  function_deploy = {
-    enabled = true
-    function_rg = [
-      azurerm_resource_group.reporting_fdr_rg.name,
-      data.azurerm_resource_group.fdr_re_rg.name,
-      data.azurerm_resource_group.fdr_rg.name,
-    ]
-  }
-
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
 
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/fdr-app/99_main.tf b/src/domains/fdr-app/99_main.tf
index a33ed9acb..d577dcddb 100644
--- a/src/domains/fdr-app/99_main.tf
+++ b/src/domains/fdr-app/99_main.tf
@@ -50,7 +50,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
 
diff --git a/src/domains/fdr-app/README.md b/src/domains/fdr-app/README.md
index 178b8bf46..fd9cdb947 100644
--- a/src/domains/fdr-app/README.md
+++ b/src/domains/fdr-app/README.md
@@ -17,7 +17,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_fdr_api_v1_internal"></a> [apim\_api\_fdr\_api\_v1\_internal](#module\_apim\_api\_fdr\_api\_v1\_internal) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_fdr_api_v1_org"></a> [apim\_api\_fdr\_api\_v1\_org](#module\_apim\_api\_fdr\_api\_v1\_org) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_fdr_api_v1_psp"></a> [apim\_api\_fdr\_api\_v1\_psp](#module\_apim\_api\_fdr\_api\_v1\_psp) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/fdr-common/README.md b/src/domains/fdr-common/README.md
index 662562aae..8ebe7b6b3 100644
--- a/src/domains/fdr-common/README.md
+++ b/src/domains/fdr-common/README.md
@@ -1,7 +1,7 @@
 # apiconfig-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -180,4 +180,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/fdr-secret/02_azdo.tf b/src/domains/fdr-secret/02_azdo.tf
index 84282bc73..f835fee3b 100644
--- a/src/domains/fdr-secret/02_azdo.tf
+++ b/src/domains/fdr-secret/02_azdo.tf
@@ -15,8 +15,8 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" {
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id
 
-  secret_permissions = ["Get", "List", "Set"]
-  key_permissions = ["Get", "GetRotationPolicy", "Decrypt"]
+  secret_permissions      = ["Get", "List", "Set"]
+  key_permissions         = ["Get", "GetRotationPolicy", "Decrypt"]
   certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
 
   storage_permissions = []
diff --git a/src/domains/fdr-secret/README.md b/src/domains/fdr-secret/README.md
index 3aa023240..baf519f71 100644
--- a/src/domains/fdr-secret/README.md
+++ b/src/domains/fdr-secret/README.md
@@ -1,7 +1,7 @@
 # nodo-secret
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -59,6 +59,7 @@
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
 | <a name="input_input_file"></a> [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes |
 | <a name="input_instance"></a> [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
+| <a name="input_k8s_kube_config_path_prefix"></a> [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
 | <a name="input_kv-certificate-permissions-read"></a> [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "GetIssuers",<br/>  "List",<br/>  "ListIssuers"<br/>]</pre> | no |
 | <a name="input_kv-key-permissions-read"></a> [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
 | <a name="input_kv-secret-permissions-read"></a> [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
@@ -75,4 +76,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/gps-app/07_gh_runner.tf b/src/domains/gps-app/07_gh_runner.tf
index 89a24b49e..753e16231 100644
--- a/src/domains/gps-app/07_gh_runner.tf
+++ b/src/domains/gps-app/07_gh_runner.tf
@@ -67,17 +67,10 @@ module "gh_runner_job" {
     cluster_name = "${local.product}-${var.location_short}-${var.instance}-aks"
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
-  function_deploy = {
-    enabled = true
-    function_rg = [
-      azurerm_resource_group.gpd_rg.name
-    ]
-  }
-
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/gps-app/99_main.tf b/src/domains/gps-app/99_main.tf
index 86d6ee35b..0d6ac6c5a 100644
--- a/src/domains/gps-app/99_main.tf
+++ b/src/domains/gps-app/99_main.tf
@@ -66,6 +66,6 @@ provider "kubectl" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/gps-app/README.md b/src/domains/gps-app/README.md
index bd74a8801..2a769e13c 100644
--- a/src/domains/gps-app/README.md
+++ b/src/domains/gps-app/README.md
@@ -18,7 +18,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_aca_integration_product"></a> [apim\_aca\_integration\_product](#module\_apim\_aca\_integration\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_api_debt_positions_api_v1"></a> [apim\_api\_debt\_positions\_api\_v1](#module\_apim\_api\_debt\_positions\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_debt_positions_api_v2"></a> [apim\_api\_debt\_positions\_api\_v2](#module\_apim\_api\_debt\_positions\_api\_v2) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/gps-common/02_azdo.tf b/src/domains/gps-common/02_azdo.tf
index 82f053b97..d4df69263 100644
--- a/src/domains/gps-common/02_azdo.tf
+++ b/src/domains/gps-common/02_azdo.tf
@@ -15,8 +15,8 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" {
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id
 
-  secret_permissions = ["Get", "List", "Set", ]
-  key_permissions = ["Get", "GetRotationPolicy", "Decrypt"]
+  secret_permissions      = ["Get", "List", "Set", ]
+  key_permissions         = ["Get", "GetRotationPolicy", "Decrypt"]
   certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
 
   storage_permissions = []
diff --git a/src/domains/gps-common/env/weu-prod/terraform.tfvars b/src/domains/gps-common/env/weu-prod/terraform.tfvars
index f716ce39d..ec056a0ab 100644
--- a/src/domains/gps-common/env/weu-prod/terraform.tfvars
+++ b/src/domains/gps-common/env/weu-prod/terraform.tfvars
@@ -165,4 +165,4 @@ gpd_sftp_sa_delete                                             = 60
 
 # GPD Archive account
 gpd_archive_replication_type = "GZRS"
-gpd_sftp_ip_rules = ["37.179.98.148"]
+gpd_sftp_ip_rules            = ["37.179.98.148"]
diff --git a/src/domains/gps-secret/README.md b/src/domains/gps-secret/README.md
index 60c39878c..5d130b874 100644
--- a/src/domains/gps-secret/README.md
+++ b/src/domains/gps-secret/README.md
@@ -1,7 +1,7 @@
 # qi-secrets
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -48,4 +48,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/load-test/README.md b/src/domains/load-test/README.md
index 6ad270736..0fd6606a1 100644
--- a/src/domains/load-test/README.md
+++ b/src/domains/load-test/README.md
@@ -1,7 +1,7 @@
 # load-test
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -49,4 +49,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/mock-app/README.md b/src/domains/mock-app/README.md
index f2e0ce9a7..9266a1571 100644
--- a/src/domains/mock-app/README.md
+++ b/src/domains/mock-app/README.md
@@ -1,7 +1,7 @@
 # mock-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -134,4 +134,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/mock-common/README.md b/src/domains/mock-common/README.md
index 8c6e342be..b935057a2 100644
--- a/src/domains/mock-common/README.md
+++ b/src/domains/mock-common/README.md
@@ -1,7 +1,7 @@
 # mock-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -113,4 +113,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/nodo-app/07_gh_runner.tf b/src/domains/nodo-app/07_gh_runner.tf
index 1ad9142e5..13e71c675 100644
--- a/src/domains/nodo-app/07_gh_runner.tf
+++ b/src/domains/nodo-app/07_gh_runner.tf
@@ -76,17 +76,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  function_deploy = {
-    enabled = true
-    function_rg = [
-      data.azurerm_resource_group.nodo_verify_ko_rg.name
-    ]
-  }
-
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/nodo-app/99_main.tf b/src/domains/nodo-app/99_main.tf
index 9dc8c442c..920dd6c80 100644
--- a/src/domains/nodo-app/99_main.tf
+++ b/src/domains/nodo-app/99_main.tf
@@ -53,6 +53,6 @@ provider "helm" {
 
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/nodo-app/README.md b/src/domains/nodo-app/README.md
index dcfb87913..292e3b042 100644
--- a/src/domains/nodo-app/README.md
+++ b/src/domains/nodo-app/README.md
@@ -17,7 +17,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_mock_ec_api_replica_v1"></a> [apim\_api\_mock\_ec\_api\_replica\_v1](#module\_apim\_api\_mock\_ec\_api\_replica\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_mock_ec_api_v1"></a> [apim\_api\_mock\_ec\_api\_v1](#module\_apim\_api\_mock\_ec\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_mock_ec_secondary_api_replica_v1"></a> [apim\_api\_mock\_ec\_secondary\_api\_replica\_v1](#module\_apim\_api\_mock\_ec\_secondary\_api\_replica\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/nodo-cron/README.md b/src/domains/nodo-cron/README.md
index d86173f04..2d4ceabfb 100644
--- a/src/domains/nodo-cron/README.md
+++ b/src/domains/nodo-cron/README.md
@@ -1,7 +1,7 @@
 # nodo-app
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -73,4 +73,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/nodo-secret/02_azdo.tf b/src/domains/nodo-secret/02_azdo.tf
index 82f053b97..d4df69263 100644
--- a/src/domains/nodo-secret/02_azdo.tf
+++ b/src/domains/nodo-secret/02_azdo.tf
@@ -15,8 +15,8 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" {
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id
 
-  secret_permissions = ["Get", "List", "Set", ]
-  key_permissions = ["Get", "GetRotationPolicy", "Decrypt"]
+  secret_permissions      = ["Get", "List", "Set", ]
+  key_permissions         = ["Get", "GetRotationPolicy", "Decrypt"]
   certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
 
   storage_permissions = []
diff --git a/src/domains/nodo-secret/99_main.tf b/src/domains/nodo-secret/99_main.tf
index 2046b1f02..685fcbf2a 100644
--- a/src/domains/nodo-secret/99_main.tf
+++ b/src/domains/nodo-secret/99_main.tf
@@ -38,7 +38,7 @@ provider "azurerm" {
 }
 
 provider "kubernetes" {
-  config_path    = "${var.k8s_kube_config_path_prefix}/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
+  config_path = "${var.k8s_kube_config_path_prefix}/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
 }
 
 data "azurerm_subscription" "current" {}
diff --git a/src/domains/nodo-secret/README.md b/src/domains/nodo-secret/README.md
index 8ee33263c..6a443a6c5 100644
--- a/src/domains/nodo-secret/README.md
+++ b/src/domains/nodo-secret/README.md
@@ -1,7 +1,7 @@
 # nodo-secret
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -65,6 +65,7 @@
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
 | <a name="input_input_file"></a> [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes |
 | <a name="input_instance"></a> [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
+| <a name="input_k8s_kube_config_path_prefix"></a> [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
 | <a name="input_kv-certificate-permissions-read"></a> [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "GetIssuers",<br/>  "List",<br/>  "ListIssuers"<br/>]</pre> | no |
 | <a name="input_kv-key-permissions-read"></a> [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
 | <a name="input_kv-secret-permissions-read"></a> [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
@@ -83,4 +84,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/nodo-switcher/README.md b/src/domains/nodo-switcher/README.md
index dc318be87..acec6341e 100644
--- a/src/domains/nodo-switcher/README.md
+++ b/src/domains/nodo-switcher/README.md
@@ -25,7 +25,7 @@ opening slack on your browser and navigating to the desired channel, you will fi
 - `YYYYY` is the channel id
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -82,4 +82,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/observability/04_datafactory_linkedservice.tf b/src/domains/observability/04_datafactory_linkedservice.tf
index 35cdc6a46..e20032b48 100644
--- a/src/domains/observability/04_datafactory_linkedservice.tf
+++ b/src/domains/observability/04_datafactory_linkedservice.tf
@@ -56,9 +56,9 @@ resource "azurerm_data_factory_linked_service_azure_blob_storage" "afm_gec_stora
   data_factory_id   = data.azurerm_data_factory.obeserv_data_factory.id
   connection_string = data.azurerm_storage_account.observ_storage_account.primary_connection_string
 
-  integration_runtime_name   = "AutoResolveIntegrationRuntime"
+  integration_runtime_name = "AutoResolveIntegrationRuntime"
   # connection_string_insecure = "DefaultEndpointsProtocol=https;AccountName=pagopa${var.env_short}itnobservsa;EndpointSuffix=core.windows.net;"
-  use_managed_identity       = true
+  use_managed_identity = true
 
   lifecycle {
     ignore_changes = [
diff --git a/src/domains/payopt-app/07_gh_runner.tf b/src/domains/payopt-app/07_gh_runner.tf
index 1f8c12a8c..39982b864 100644
--- a/src/domains/payopt-app/07_gh_runner.tf
+++ b/src/domains/payopt-app/07_gh_runner.tf
@@ -35,10 +35,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.project}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/payopt-app/99_main.tf b/src/domains/payopt-app/99_main.tf
index 59e4164aa..5319f5349 100644
--- a/src/domains/payopt-app/99_main.tf
+++ b/src/domains/payopt-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/payopt-app/README.md b/src/domains/payopt-app/README.md
index 6cbabfb2d..96a8ddb71 100644
--- a/src/domains/payopt-app/README.md
+++ b/src/domains/payopt-app/README.md
@@ -6,24 +6,25 @@
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6.0 |
-| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 2.47.0 |
+| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | <= 3.0.2 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | <= 3.116.0 |
-| <a name="requirement_helm"></a> [helm](#requirement\_helm) | <= 2.12.1 |
-| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | <= 2.29.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | <= 3.2.1 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | <= 2.16.0 |
+| <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | <= 2.33.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | <= 3.2.3 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_pay_opt_mock_api"></a> [apim\_api\_pay\_opt\_mock\_api](#module\_apim\_api\_pay\_opt\_mock\_api) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_payment_options_mock_product"></a> [apim\_payment\_options\_mock\_product](#module\_apim\_payment\_options\_mock\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_payment_options_product"></a> [apim\_payment\_options\_product](#module\_apim\_payment\_options\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
+| <a name="module_cert_mounter"></a> [cert\_mounter](#module\_cert\_mounter) | ./.terraform/modules/__v3__/cert_mounter | n/a |
 | <a name="module_gh_runner_job"></a> [gh\_runner\_job](#module\_gh\_runner\_job) | ./.terraform/modules/__v3__/gh_runner_container_app_job_domain_setup | n/a |
 | <a name="module_kubernetes_service_account"></a> [kubernetes\_service\_account](#module\_kubernetes\_service\_account) | ./.terraform/modules/__v3__/kubernetes_service_account | n/a |
-| <a name="module_pod_identity"></a> [pod\_identity](#module\_pod\_identity) | ./.terraform/modules/__v3__/kubernetes_pod_identity | n/a |
 | <a name="module_tls_checker"></a> [tls\_checker](#module\_tls\_checker) | ./.terraform/modules/__v3__/tls_checker | n/a |
+| <a name="module_workload_identity"></a> [workload\_identity](#module\_workload\_identity) | ./.terraform/modules/__v3__/kubernetes_workload_identity_configuration | n/a |
 
 ## Resources
 
@@ -47,7 +48,6 @@
 | [azurerm_monitor_scheduled_query_rules_alert.pagopa-payment-options-rest-availability-upd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
 | [azurerm_monitor_scheduled_query_rules_alert.pagopa-payment-options-service-responsetime-upd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_scheduled_query_rules_alert) | resource |
 | [azurerm_private_dns_a_record.ingress](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_a_record) | resource |
-| [helm_release.cert_mounter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [helm_release.reloader](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubernetes_namespace.namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_namespace.namespace_system](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
diff --git a/src/domains/payopt-common/README.md b/src/domains/payopt-common/README.md
index c5647a5ac..6cd642d78 100644
--- a/src/domains/payopt-common/README.md
+++ b/src/domains/payopt-common/README.md
@@ -14,11 +14,13 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eventhub_namespace"></a> [eventhub\_namespace](#module\_eventhub\_namespace) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub | v8.22.0 |
-| <a name="module_eventhub_paymentoptions_configuration"></a> [eventhub\_paymentoptions\_configuration](#module\_eventhub\_paymentoptions\_configuration) | git::https://github.com/pagopa/terraform-azurerm-v3.git//eventhub_configuration | v8.22.0 |
-| <a name="module_identity_cd_01"></a> [identity\_cd\_01](#module\_identity\_cd\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 |
-| <a name="module_identity_pr_01"></a> [identity\_pr\_01](#module\_identity\_pr\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.22.0 |
-| <a name="module_identity_ref_01"></a> [identity\_ref\_01](#module\_identity\_ref\_01) | github.com/pagopa/terraform-azurerm-v3//github_federated_identity | v8.36.1 |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module_eventhub_namespace"></a> [eventhub\_namespace](#module\_eventhub\_namespace) | ./.terraform/modules/__v3__/eventhub | n/a |
+| <a name="module_eventhub_paymentoptions_configuration"></a> [eventhub\_paymentoptions\_configuration](#module\_eventhub\_paymentoptions\_configuration) | ./.terraform/modules/__v3__/eventhub_configuration | n/a |
+| <a name="module_identity_cd_01"></a> [identity\_cd\_01](#module\_identity\_cd\_01) | ./.terraform/modules/__v3__/github_federated_identity | n/a |
+| <a name="module_identity_pr_01"></a> [identity\_pr\_01](#module\_identity\_pr\_01) | ./.terraform/modules/__v3__/github_federated_identity | n/a |
+| <a name="module_identity_ref_01"></a> [identity\_ref\_01](#module\_identity\_ref\_01) | ./.terraform/modules/__v3__/github_federated_identity | n/a |
+| <a name="module_workload_identity"></a> [workload\_identity](#module\_workload\_identity) | ./.terraform/modules/__v3__/kubernetes_workload_identity_init | n/a |
 
 ## Resources
 
diff --git a/src/domains/payopt-secrets/README.md b/src/domains/payopt-secrets/README.md
index d167e6b2e..9cc7381c9 100644
--- a/src/domains/payopt-secrets/README.md
+++ b/src/domains/payopt-secrets/README.md
@@ -1,6 +1,6 @@
 # paymentoptions-secrets
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -15,8 +15,9 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | git::https://github.com/pagopa/terraform-azurerm-v3.git//key_vault | v8.22.0 |
-| <a name="module_letsencrypt_paymentoptions"></a> [letsencrypt\_paymentoptions](#module\_letsencrypt\_paymentoptions) | git::https://github.com/pagopa/terraform-azurerm-v3.git///letsencrypt_credential | v8.44.0 |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module_key_vault"></a> [key\_vault](#module\_key\_vault) | ./.terraform/modules/__v3__/key_vault | n/a |
+| <a name="module_letsencrypt_paymentoptions"></a> [letsencrypt\_paymentoptions](#module\_letsencrypt\_paymentoptions) | ./.terraform/modules/__v3__/letsencrypt_credential | n/a |
 
 ## Resources
 
@@ -62,4 +63,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/printit-app/.terraform.lock.hcl b/src/domains/printit-app/.terraform.lock.hcl
new file mode 100644
index 000000000..f87ca95a3
--- /dev/null
+++ b/src/domains/printit-app/.terraform.lock.hcl
@@ -0,0 +1,102 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/azuread" {
+  version     = "2.47.0"
+  constraints = "<= 2.47.0"
+  hashes = [
+    "h1:g8+gBFM4QVOEQFqAEs5pR6iXpbGvgPvcEi1evHwziyw=",
+    "zh:1372d81eb24ef3b4b00ea350fe87219f22da51691b8e42ce91d662f6c2a8af5e",
+    "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7",
+    "zh:1e654a74d171d6ff8f9f6f67e3ff1421d4c5e56a18607703626bf12cd23ba001",
+    "zh:35227fad617a0509c64ab5759a8b703b10d244877f1aa5416bfbcc100c96996f",
+    "zh:357f553f0d78d46a96c7b2ed06d25ee0fc60fc5be19812ccb5d969fa47d62e17",
+    "zh:58faa2940065137e3e87d02eba59ab5cd7137d7a18caf225e660d1788f274569",
+    "zh:7308eda0339620fa24f47cedd22221fc2c02cab9d5be1710c09a783aea84eb3a",
+    "zh:863eabf7f908a8263e28d8aa2ad1381affd6bb5c67755216781f674ef214100e",
+    "zh:8b95b595a7c14ed7b56194d03cdec253527e7a146c1c58961be09e6b5c50baee",
+    "zh:afbca6b4fac9a0a488bc22ff9e51a8f14e986137d25275068fd932f379a51d57",
+    "zh:c6aadec4c81a44c3ffc22c2d90ffc6706bf5a9a903a395d896477516f4be6cbb",
+    "zh:e54a59de7d4ef0f3a18f91fed0b54a2bce18257ae2ee1df8a88226e1023c5811",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/azurerm" {
+  version     = "3.116.0"
+  constraints = "~> 3.30, ~> 3.95, ~> 3.116.0, <= 3.116.0"
+  hashes = [
+    "h1:BCR3NIorFSvGG3v/+JOiiw3VM4PkChLO4m84wzD9NDo=",
+    "zh:02b6606aff025fc2a962b3e568e000300abe959adac987183c24dac8eb057f4d",
+    "zh:2a23a8ce24ff9e885925ffee0c3ea7eadba7a702541d05869275778aa47bdea7",
+    "zh:57d10746384baeca4d5c56e88872727cdc150f437b8c5e14f0542127f7475e24",
+    "zh:59e3ebde1a2e1e094c671e179f231ead60684390dbf02d2b1b7fe67a228daa1a",
+    "zh:5f1f5c7d09efa2ee8ddf21bd9efbbf8286f6e90047556bef305c062fa0ac5880",
+    "zh:a40646aee3c9907276dab926e6123a8d70b1e56174836d4c59a9992034f88d70",
+    "zh:c21d40461bc5836cf56ad3d93d2fc47f61138574a55e972ad5ff1cb73bab66dc",
+    "zh:c56fb91a5ae66153ba0f737a26da1b3d4f88fdef7d41c63e06c5772d93b26953",
+    "zh:d1e60e85f51d12fc150aeab8e31d3f18f859c32f927f99deb5b74cb1e10087aa",
+    "zh:ed35e727e7d79e687cd3d148f52b442961ede286e7c5b4da1dcd9f0128009466",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+    "zh:f6d2a4e7c58f44e7d04a4a9c73f35ed452f412c97c85def68c4b52814cbe03ab",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/helm" {
+  version     = "2.12.1"
+  constraints = "~> 2.12, <= 2.12.1"
+  hashes = [
+    "h1:aBfcqM4cbywa7TAxfT1YoFS+Cst9waerlm4XErFmJlk=",
+    "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004",
+    "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38",
+    "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a",
+    "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50",
+    "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d",
+    "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f",
+    "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93",
+    "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0",
+    "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8",
+    "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad",
+    "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "2.29.0"
+  constraints = "~> 2.27, <= 2.29.0"
+  hashes = [
+    "h1:7C1MinWhowW8EnlSYhhAFV3bte8x5YcSF5QxUPdoXDk=",
+    "zh:3edd5dc319b95fe94e61b82d10c1ce7fb53a2f21b067ddb742f2d7d0d19dd113",
+    "zh:4b9096e6d0cfa0efd4c89270e3d25fea49db570e2cfbe49c5d1de085a15f2578",
+    "zh:5397573838bcb8844248c8d6ac93cca7f39a0b707ac3ce7a7b306c50c261c195",
+    "zh:5d635370720d356b7bcb5756ca28de3275ca32ca1ef0201414caecd3a14759ac",
+    "zh:71a52280408f3fb0ff1866a9ab8059b0d9bde5481869658798e0773461f22eff",
+    "zh:748663ef0248d2d95f5dea2974332432a395165657856878c5dc6f000b37cc25",
+    "zh:7fbc1e084bbbb51e31afd3df0c77e833ae59e88cf42b9e2c17b0b1a1e3894723",
+    "zh:ae89b4be473b446270fa24dc1ef51b0cc4c2a528d9838ec15246d28bac165df3",
+    "zh:b6433970d680a0cc9898f915224508b5ece86ae4418372fa6bebd2a9d344f226",
+    "zh:bf871955cf49015e6a0433e814a22a109c1537a775b8b5dc7b37ad05c324904a",
+    "zh:c16fac91b2197b443a191d98cf37424feed550387ab11bd1427bde819722005e",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+  version     = "3.2.1"
+  constraints = "~> 3.2, <= 3.2.1"
+  hashes = [
+    "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
+    "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
+    "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
+    "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
+    "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
+    "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
+    "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
+    "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
+    "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
+    "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
+    "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
+  ]
+}
diff --git a/src/domains/printit-app/07_gh_runner.tf b/src/domains/printit-app/07_gh_runner.tf
index 2b255635c..d42e5d030 100644
--- a/src/domains/printit-app/07_gh_runner.tf
+++ b/src/domains/printit-app/07_gh_runner.tf
@@ -47,17 +47,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  function_deploy = {
-    enabled = true
-    function_rg = [
-      azurerm_resource_group.printit_pdf_engine_app_service_rg.name
-    ]
-  }
-
-  location            = var.location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.project}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/printit-app/99_main.tf b/src/domains/printit-app/99_main.tf
index ed6db5e73..61d0ac1e8 100644
--- a/src/domains/printit-app/99_main.tf
+++ b/src/domains/printit-app/99_main.tf
@@ -49,7 +49,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
 
diff --git a/src/domains/printit-app/README.md b/src/domains/printit-app/README.md
index fee28d345..a649ffcd0 100644
--- a/src/domains/printit-app/README.md
+++ b/src/domains/printit-app/README.md
@@ -132,7 +132,7 @@ No outputs.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_pdf_engine_api_v1"></a> [apim\_api\_pdf\_engine\_api\_v1](#module\_apim\_api\_pdf\_engine\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_pdf_engine_node_api_v1"></a> [apim\_api\_pdf\_engine\_node\_api\_v1](#module\_apim\_api\_pdf\_engine\_node\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_notices_blob_api_v1"></a> [apim\_notices\_blob\_api\_v1](#module\_apim\_notices\_blob\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/printit-common/README.md b/src/domains/printit-common/README.md
index 5e23f6d96..b02b90403 100644
--- a/src/domains/printit-common/README.md
+++ b/src/domains/printit-common/README.md
@@ -103,7 +103,7 @@
 ## Outputs
 
 No outputs.
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -229,4 +229,4 @@ No outputs.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/printit-legacy/README.md b/src/domains/printit-legacy/README.md
index 6946e21de..19666623e 100644
--- a/src/domains/printit-legacy/README.md
+++ b/src/domains/printit-legacy/README.md
@@ -95,7 +95,7 @@
 ## Outputs
 
 No outputs.
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -142,4 +142,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/printit-secrets/README.md b/src/domains/printit-secrets/README.md
index 18e51e672..a3e485972 100644
--- a/src/domains/printit-secrets/README.md
+++ b/src/domains/printit-secrets/README.md
@@ -5,8 +5,7 @@
 3. run `terraform apply`
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -72,4 +71,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/qi-common/02_azdo.tf b/src/domains/qi-common/02_azdo.tf
index 82f053b97..d4df69263 100644
--- a/src/domains/qi-common/02_azdo.tf
+++ b/src/domains/qi-common/02_azdo.tf
@@ -15,8 +15,8 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" {
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id
 
-  secret_permissions = ["Get", "List", "Set", ]
-  key_permissions = ["Get", "GetRotationPolicy", "Decrypt"]
+  secret_permissions      = ["Get", "List", "Set", ]
+  key_permissions         = ["Get", "GetRotationPolicy", "Decrypt"]
   certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
 
   storage_permissions = []
diff --git a/src/domains/qi-common/README.md b/src/domains/qi-common/README.md
index ab75cb5f7..005bc3cef 100644
--- a/src/domains/qi-common/README.md
+++ b/src/domains/qi-common/README.md
@@ -1,5 +1,5 @@
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -44,10 +44,6 @@
 | [azuread_service_principal.iac_principal](https://registry.terraform.io/providers/hashicorp/azuread/2.38.0/docs/data-sources/service_principal) | data source |
 | [azurerm_application_insights.application_insights](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/application_insights) | data source |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
-| [azurerm_eventhub_authorization_rule.pagopa-evh-ns02_quality-improvement-alerts_pagopa-qi-alert-rx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
-| [azurerm_eventhub_authorization_rule.pagopa-evh-ns02_quality-improvement-alerts_pagopa-qi-alert-rx-debug](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
-| [azurerm_eventhub_authorization_rule.pagopa-evh-ns02_quality-improvement-alerts_pagopa-qi-alert-rx-pdnd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
-| [azurerm_eventhub_authorization_rule.pagopa-evh-ns02_quality-improvement-alerts_pagopa-qi-alert-tx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
 | [azurerm_eventhub_authorization_rule.pagopa-evh-ns04_quality-improvement-alerts_pagopa-qi-alert-rx](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
 | [azurerm_eventhub_authorization_rule.pagopa-evh-ns04_quality-improvement-alerts_pagopa-qi-alert-rx-debug](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
 | [azurerm_eventhub_authorization_rule.pagopa-evh-ns04_quality-improvement-alerts_pagopa-qi-alert-rx-pdnd](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
@@ -85,4 +81,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/qi-secrets/99_main.tf b/src/domains/qi-secrets/99_main.tf
index b685ffd2b..0c164159f 100644
--- a/src/domains/qi-secrets/99_main.tf
+++ b/src/domains/qi-secrets/99_main.tf
@@ -34,7 +34,7 @@ provider "azurerm" {
 }
 
 provider "kubernetes" {
-  config_path    = "${var.k8s_kube_config_path_prefix}/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
+  config_path = "${var.k8s_kube_config_path_prefix}/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
 }
 
 data "azurerm_subscription" "current" {}
diff --git a/src/domains/qi-secrets/README.md b/src/domains/qi-secrets/README.md
index 5d355e42b..7eb451229 100644
--- a/src/domains/qi-secrets/README.md
+++ b/src/domains/qi-secrets/README.md
@@ -1,7 +1,7 @@
 # qi-secrets
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -39,6 +39,7 @@ No modules.
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
 | <a name="input_input_file"></a> [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes |
 | <a name="input_instance"></a> [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
+| <a name="input_k8s_kube_config_path_prefix"></a> [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
 | <a name="input_location"></a> [location](#input\_location) | One of westeurope, northeurope | `string` | n/a | yes |
 | <a name="input_location_short"></a> [location\_short](#input\_location\_short) | One of weu, neu | `string` | n/a | yes |
 | <a name="input_location_string"></a> [location\_string](#input\_location\_string) | One of West Europe, North Europe | `string` | n/a | yes |
@@ -48,4 +49,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/receipts-app/07_gh_runner.tf b/src/domains/receipts-app/07_gh_runner.tf
index b22d6f539..a8cd84705 100644
--- a/src/domains/receipts-app/07_gh_runner.tf
+++ b/src/domains/receipts-app/07_gh_runner.tf
@@ -52,10 +52,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/receipts-app/99_main.tf b/src/domains/receipts-app/99_main.tf
index f3fc515cd..6a9a639f9 100644
--- a/src/domains/receipts-app/99_main.tf
+++ b/src/domains/receipts-app/99_main.tf
@@ -49,6 +49,6 @@ provider "helm" {
 
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
diff --git a/src/domains/receipts-app/README.md b/src/domains/receipts-app/README.md
index 736f25b71..725b9db70 100644
--- a/src/domains/receipts-app/README.md
+++ b/src/domains/receipts-app/README.md
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_receipts_api_v1"></a> [apim\_api\_receipts\_api\_v1](#module\_apim\_api\_receipts\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_receipts_helpdesk_api_v1"></a> [apim\_api\_receipts\_helpdesk\_api\_v1](#module\_apim\_api\_receipts\_helpdesk\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_receipts_product"></a> [apim\_receipts\_product](#module\_apim\_receipts\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
diff --git a/src/domains/receipts-common/README.md b/src/domains/receipts-common/README.md
index 93c64f09c..93f30b76b 100644
--- a/src/domains/receipts-common/README.md
+++ b/src/domains/receipts-common/README.md
@@ -1,7 +1,7 @@
 # receipts-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -100,4 +100,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/receipts-secrets/02_azdo.tf b/src/domains/receipts-secrets/02_azdo.tf
index 82f053b97..d4df69263 100644
--- a/src/domains/receipts-secrets/02_azdo.tf
+++ b/src/domains/receipts-secrets/02_azdo.tf
@@ -15,8 +15,8 @@ resource "azurerm_key_vault_access_policy" "azdevops_iac_managed_identities" {
   tenant_id    = data.azurerm_client_config.current.tenant_id
   object_id    = data.azurerm_user_assigned_identity.iac_federated_azdo[each.key].principal_id
 
-  secret_permissions = ["Get", "List", "Set", ]
-  key_permissions = ["Get", "GetRotationPolicy", "Decrypt"]
+  secret_permissions      = ["Get", "List", "Set", ]
+  key_permissions         = ["Get", "GetRotationPolicy", "Decrypt"]
   certificate_permissions = ["SetIssuers", "DeleteIssuers", "Purge", "List", "Get"]
 
   storage_permissions = []
diff --git a/src/domains/receipts-secrets/99_main.tf b/src/domains/receipts-secrets/99_main.tf
index b664ec6c6..fd6898787 100644
--- a/src/domains/receipts-secrets/99_main.tf
+++ b/src/domains/receipts-secrets/99_main.tf
@@ -34,7 +34,7 @@ provider "azurerm" {
 }
 
 provider "kubernetes" {
-  config_path    = "${var.k8s_kube_config_path_prefix}/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
+  config_path = "${var.k8s_kube_config_path_prefix}/config-${var.prefix}-${var.env_short}-${var.location_short}-${var.env}-aks"
 }
 
 data "azurerm_subscription" "current" {}
diff --git a/src/domains/receipts-secrets/README.md b/src/domains/receipts-secrets/README.md
index 367136d08..4b8470a69 100644
--- a/src/domains/receipts-secrets/README.md
+++ b/src/domains/receipts-secrets/README.md
@@ -1,7 +1,7 @@
 # nodo-secret
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -66,6 +66,7 @@
 | <a name="input_env_short"></a> [env\_short](#input\_env\_short) | n/a | `string` | n/a | yes |
 | <a name="input_input_file"></a> [input\_file](#input\_input\_file) | secret json file | `string` | n/a | yes |
 | <a name="input_instance"></a> [instance](#input\_instance) | One of beta, prod01, prod02 | `string` | n/a | yes |
+| <a name="input_k8s_kube_config_path_prefix"></a> [k8s\_kube\_config\_path\_prefix](#input\_k8s\_kube\_config\_path\_prefix) | n/a | `string` | `"~/.kube"` | no |
 | <a name="input_kv-certificate-permissions-read"></a> [kv-certificate-permissions-read](#input\_kv-certificate-permissions-read) | List of read certificate permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "GetIssuers",<br/>  "List",<br/>  "ListIssuers"<br/>]</pre> | no |
 | <a name="input_kv-key-permissions-read"></a> [kv-key-permissions-read](#input\_kv-key-permissions-read) | List of read key permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
 | <a name="input_kv-secret-permissions-read"></a> [kv-secret-permissions-read](#input\_kv-secret-permissions-read) | List of read secret permissions | `list(string)` | <pre>[<br/>  "Get",<br/>  "List"<br/>]</pre> | no |
@@ -82,4 +83,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/selfcare-app/04_apim_backoffice_external.tf b/src/domains/selfcare-app/04_apim_backoffice_external.tf
index dd64d76a8..7bb839787 100644
--- a/src/domains/selfcare-app/04_apim_backoffice_external.tf
+++ b/src/domains/selfcare-app/04_apim_backoffice_external.tf
@@ -74,7 +74,7 @@ module "apim_selfcare_backoffice_helpdesk_product" {
 # SubKey 4 https://uptime.betterstack.com/team/263223/monitors recover maintenance
 # Status Page Improvement https://pagopa.atlassian.net/wiki/x/AoBBSQ
 resource "azurerm_api_management_subscription" "status_page_improvement_api_key_subkey" {
-  count   = var.env_short == "p" ? 1 : 0 
+  count = var.env_short == "p" ? 1 : 0
 
   api_management_name = local.pagopa_apim_name
   resource_group_name = local.pagopa_apim_rg
diff --git a/src/domains/selfcare-app/07_gh_runner.tf b/src/domains/selfcare-app/07_gh_runner.tf
index 75bcc712e..e9369a635 100644
--- a/src/domains/selfcare-app/07_gh_runner.tf
+++ b/src/domains/selfcare-app/07_gh_runner.tf
@@ -44,10 +44,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.gh_runner_job_location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.gh_runner_job_location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/selfcare-app/99_main.tf b/src/domains/selfcare-app/99_main.tf
index 3470e7712..8348aa8fe 100644
--- a/src/domains/selfcare-app/99_main.tf
+++ b/src/domains/selfcare-app/99_main.tf
@@ -48,7 +48,7 @@ provider "helm" {
 }
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
 
diff --git a/src/domains/selfcare-app/README.md b/src/domains/selfcare-app/README.md
index 0ebc8ff63..9a84cec29 100644
--- a/src/domains/selfcare-app/README.md
+++ b/src/domains/selfcare-app/README.md
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_selfcare_backoffice_external_ec_product"></a> [apim\_selfcare\_backoffice\_external\_ec\_product](#module\_apim\_selfcare\_backoffice\_external\_ec\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_selfcare_backoffice_external_psp_product"></a> [apim\_selfcare\_backoffice\_external\_psp\_product](#module\_apim\_selfcare\_backoffice\_external\_psp\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
 | <a name="module_apim_selfcare_backoffice_helpdesk_product"></a> [apim\_selfcare\_backoffice\_helpdesk\_product](#module\_apim\_selfcare\_backoffice\_helpdesk\_product) | ./.terraform/modules/__v3__/api_management_product | n/a |
@@ -35,6 +35,7 @@
 | [azurerm_api_management_api_operation_policy.pagopa_token_exchange_policy](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_api_operation_policy) | resource |
 | [azurerm_api_management_certificate.pagopa_token_exchange_cert_jwt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_certificate) | resource |
 | [azurerm_api_management_subscription.notices_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
+| [azurerm_api_management_subscription.status_page_improvement_api_key_subkey](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management_subscription) | resource |
 | [azurerm_key_vault_certificate.pagopa_jwt_signing_cert](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_certificate) | resource |
 | [azurerm_key_vault_secret.aks_apiserver_url](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
 | [azurerm_key_vault_secret.azure_devops_sa_cacrt](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
diff --git a/src/domains/selfcare-common/README.md b/src/domains/selfcare-common/README.md
index 97ef8526f..d2337f80d 100644
--- a/src/domains/selfcare-common/README.md
+++ b/src/domains/selfcare-common/README.md
@@ -1,5 +1,5 @@
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -121,4 +121,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/shared-app/07_gh_runner.tf b/src/domains/shared-app/07_gh_runner.tf
index dd942fd51..970ed5bb6 100644
--- a/src/domains/shared-app/07_gh_runner.tf
+++ b/src/domains/shared-app/07_gh_runner.tf
@@ -48,10 +48,10 @@ module "gh_runner_job" {
     rg           = "${local.product}-${var.location_short}-${var.instance}-aks-rg"
   }
 
-  location            = var.location
-  prefix              = var.prefix
-  resource_group_name = data.azurerm_resource_group.identity_rg.name
-
-  tags = var.tags
+  location                = var.location
+  prefix                  = var.prefix
+  resource_group_name     = data.azurerm_resource_group.identity_rg.name
+  domain_security_rg_name = "${local.product}-${var.domain}-sec-rg"
+  tags                    = var.tags
 
 }
diff --git a/src/domains/shared-app/99_main.tf b/src/domains/shared-app/99_main.tf
index da0d2d9fa..c6933889f 100644
--- a/src/domains/shared-app/99_main.tf
+++ b/src/domains/shared-app/99_main.tf
@@ -61,7 +61,6 @@ provider "helm" {
 
 
 module "__v3__" {
-  # v8.62.0
-  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f7230488c0f9336a9b5d0b652c7c1b1720904b3f"
+  # v8.62.1
+  source = "git::https://github.com/pagopa/terraform-azurerm-v3?ref=f3485105e35ce8c801209dcbb4ef72f3d944f0e5"
 }
-
diff --git a/src/domains/shared-app/README.md b/src/domains/shared-app/README.md
index c99eb9194..2c2f625e8 100644
--- a/src/domains/shared-app/README.md
+++ b/src/domains/shared-app/README.md
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | 551a56a4bf841cd431b51ec951639e74260daf6a |
+| <a name="module___v3__"></a> [\_\_v3\_\_](#module\_\_\_v3\_\_) | git::https://github.com/pagopa/terraform-azurerm-v3 | f3485105e35ce8c801209dcbb4ef72f3d944f0e5 |
 | <a name="module_apim_api_authorizer_api_v1"></a> [apim\_api\_authorizer\_api\_v1](#module\_apim\_api\_authorizer\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_authorizer_config_api_v1"></a> [apim\_api\_authorizer\_config\_api\_v1](#module\_apim\_api\_authorizer\_config\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
 | <a name="module_apim_api_enrolled_orgs_api_v1"></a> [apim\_api\_enrolled\_orgs\_api\_v1](#module\_apim\_api\_enrolled\_orgs\_api\_v1) | ./.terraform/modules/__v3__/api_management_api | n/a |
diff --git a/src/domains/shared-common/README.md b/src/domains/shared-common/README.md
index 33f2b9a6d..863e60fb8 100644
--- a/src/domains/shared-common/README.md
+++ b/src/domains/shared-common/README.md
@@ -144,7 +144,7 @@
 ## Outputs
 
 No outputs.
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -286,4 +286,4 @@ No outputs.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/shared-secrets/README.md b/src/domains/shared-secrets/README.md
index 441fc9ab9..ff423cac3 100644
--- a/src/domains/shared-secrets/README.md
+++ b/src/domains/shared-secrets/README.md
@@ -1,7 +1,7 @@
 # qi-secrets
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -56,4 +56,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/domains/wallet-common/README.md b/src/domains/wallet-common/README.md
index 0b553f3b0..a1651e15a 100644
--- a/src/domains/wallet-common/README.md
+++ b/src/domains/wallet-common/README.md
@@ -1,7 +1,7 @@
 # wallet-common
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -126,4 +126,4 @@
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->

From 99d7ce454c2b74ea09adbdf01f48b250804865ad Mon Sep 17 00:00:00 2001
From: Marco Mari <130982006+mamari90@users.noreply.github.com>
Date: Fri, 6 Dec 2024 10:46:21 +0100
Subject: [PATCH 5/5] feat: Added monitoring subscription key (#2637)

* added monitoring subscription key

* precommit
---
 src/next-core-secrets/README.md                          | 4 ++--
 src/next-core-secrets/secret/dev/noedit_secret_enc.json  | 5 +++--
 src/next-core-secrets/secret/prod/noedit_secret_enc.json | 5 +++--
 src/next-core-secrets/secret/uat/noedit_secret_enc.json  | 5 +++--
 4 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/next-core-secrets/README.md b/src/next-core-secrets/README.md
index 6052f122a..d98162a34 100644
--- a/src/next-core-secrets/README.md
+++ b/src/next-core-secrets/README.md
@@ -4,7 +4,7 @@
 2. run `terraform apply`
 
 <!-- markdownlint-disable -->
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
 ## Requirements
 
 | Name | Version |
@@ -51,4 +51,4 @@ No modules.
 ## Outputs
 
 No outputs.
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- END_TF_DOCS -->
diff --git a/src/next-core-secrets/secret/dev/noedit_secret_enc.json b/src/next-core-secrets/secret/dev/noedit_secret_enc.json
index 8009ab2f3..43ddc5dfe 100644
--- a/src/next-core-secrets/secret/dev/noedit_secret_enc.json
+++ b/src/next-core-secrets/secret/dev/noedit_secret_enc.json
@@ -1,5 +1,6 @@
 {
 	"gh-runner-job-pat": "ENC[AES256_GCM,data:QKm6Fp7PbJe2eMhbeAF+AxDI2bksEB34smWmJGxbdst3lP61EBsUQw==,iv:2hLQkmvSATpBE37LyGkN1l6rr3XpbKb7MbpVYlUbeMg=,tag:aMihkm8AzqIqkJvMgKqSfA==,type:str]",
+	"synthetic-monitoring-nodo-subscription-key": "ENC[AES256_GCM,data:Bo28SEKBYhshLs2s3EsQhF5hBoieyevQA8lmYqBUgL8=,iv:fDU9nwUcOybHPbxHRWWxr6bjJK8KHecq1AyxMATqSn0=,tag:xNUV5mw3sAL0QlshNAcWeg==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -14,8 +15,8 @@
 		],
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-11-18T16:23:52Z",
-		"mac": "ENC[AES256_GCM,data:zy86eINOeRLzqquQs30eUuCU6aKwHj2Qx5tIgE739KVinY+InkiNhes696EOfqfVM+pZZKO/LUFahP0gqACrJGa/G+yobSpNk3hY59MAP9l1Dx66NtV2H2KgBAhvUd3szEMsmvPdY93MFUtIEO/Fro8tLpCba6VR+j1e8eiMUyc=,iv:RQmarQdwa4z0GG6mQhZQEU4Eo9DfBgZyxNyeiLlmOl8=,tag:vAEYVa+na+toClEVPwrO0A==,type:str]",
+		"lastmodified": "2024-12-05T09:05:04Z",
+		"mac": "ENC[AES256_GCM,data:4nGIVYu5dIkN1qss9WQ+yJ52iyYyuxSrWWTuuHytjUs/xzFz8eY7WB3yxSrHsL/f3E58kG3dsbwm7CH33Z6T0KF1dwDe8zhxHSS+HBNlVQku8qHuFoZ/5PqrK+7yUWTXELug0wa1O3PIFXLc8In753YgheKdVXuiMtg0utl8IXk=,iv:NUOmsKc9CY2WcKCGVoh/V2go+fzq5upEyuvQ0zEPfnE=,tag:wBR+93fOPUXpf0zmFr7LLw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"
diff --git a/src/next-core-secrets/secret/prod/noedit_secret_enc.json b/src/next-core-secrets/secret/prod/noedit_secret_enc.json
index 2cfa3a945..405827411 100644
--- a/src/next-core-secrets/secret/prod/noedit_secret_enc.json
+++ b/src/next-core-secrets/secret/prod/noedit_secret_enc.json
@@ -1,6 +1,7 @@
 {
 	"opsgenie-infra-webhook-token": "ENC[AES256_GCM,data:LYnWUk4XgpYkIMyrg3sg+eGi3Xptn2zWj9Ay4ARn1mXFGewK,iv:F+O5mwLEmDN9Yn34az1iVyS8M2KE2HWM007S9ijlR1E=,tag:Kk3X5GwzOtwDowh/LmEBuQ==,type:str]",
 	"gh-runner-job-pat": "ENC[AES256_GCM,data:77kooAdxm6QCRfqJN43iVq4+tREnZBOvGviLvO29rjD3AdBwp2EAvQ==,iv:c4UQv/OsR3O7awpaUbLdgYckLPpWJaknSq7zRkP4DTY=,tag:nMWiGukQPDSCx0ZdmOMXrg==,type:str]",
+	"synthetic-monitoring-nodo-subscription-key": "ENC[AES256_GCM,data:JyfBRS4JwBFZmhYCveiUDgi6PzUgjPmlk6NqLsUtsgg=,iv:P2DNfqO9lg8ghX+YyCkH5XeHo5xEprJ2YcsG2gAxi+A=,tag:g/sEimtMIVsFZH2fFFtDTQ==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -15,8 +16,8 @@
 		],
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-11-18T16:30:16Z",
-		"mac": "ENC[AES256_GCM,data:NPf7jiNHlyBoqIfLA+c3j5/0NZsm3CffZVlTQO2y5rb1ckdxvRRGs6pL37TwKqk3EwI5bgSMeYKFMS9FdGxvdkCGmXi8u48m5tRd01/SnzDhKdI0ajPXADlWT77jbANYzkdVf2Sl86flCvRHF8qbtGXUQPALwhgqCLOEKdbThFo=,iv:QOPqa/T81lfnCuE7J2sCfikMvJt/e/UizXVztvwVo60=,tag:xHqDWWwRWmOJKyFfXB60GQ==,type:str]",
+		"lastmodified": "2024-12-05T09:05:32Z",
+		"mac": "ENC[AES256_GCM,data:UvuH9mUvyuzbJepO4LWlUniPu9W2Oqvmb4V3YDrXEq970GmugzC8cSY2GTxftVib611RuHOglDwAOTiHrfPY87GdKdsZm8xJpqa0Vq2kYASi5TtA583rvia+ncF/H+bt2IyDV1cGsxPhGAjqf40Lx+G86/1fco3bCHmRPCD6q1M=,iv:S1llScSgrFJIpM93MX9T9J3wSN5uh6xT88jVrtLmnco=,tag:JoK7X/BIQ8bsFSYG6+2bZw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"
diff --git a/src/next-core-secrets/secret/uat/noedit_secret_enc.json b/src/next-core-secrets/secret/uat/noedit_secret_enc.json
index 69d0ca2c0..d2acc50e9 100644
--- a/src/next-core-secrets/secret/uat/noedit_secret_enc.json
+++ b/src/next-core-secrets/secret/uat/noedit_secret_enc.json
@@ -1,5 +1,6 @@
 {
 	"gh-runner-job-pat": "ENC[AES256_GCM,data:1P7dbdO3QqbvEEA4yWAcnqWfhmwiqxsIA1ylgEsO0H7k9RL2CsN68Q==,iv:HJMWABY268DcsHB8tn12FLjEBKo2EVpKLjvRgSpd0kw=,tag:kWvSRvqs2gzToP0nvrLgEw==,type:str]",
+	"synthetic-monitoring-nodo-subscription-key": "ENC[AES256_GCM,data:soaLyhz/Cl8oBTHeHuIM4AHtT9odPgvcyZBScBLpL7Q=,iv:Fed8gkKEEdY7Eb6KuSsWLFf/ZYRD5fjO6YSbUmAPiq8=,tag:g6jpnZM93yps9Tp+Hxv+uA==,type:str]",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
@@ -14,8 +15,8 @@
 		],
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-11-18T16:29:40Z",
-		"mac": "ENC[AES256_GCM,data:pqwuLKjK0OsoKiD5zzCd+4Y+JYpxuICTl3B+h0tgQtr1Uu0w2Rr0FlNpwPP7BvB+lYNZpSKELqR/uJ50kVSF032pVIzuH91YBsFgOvPE3vcSViPXgkTdVnn63h9DlkU4p6xijqsjrFy7Yuf4vepe6p/8YFEn1jQMzlLFBqxPO/U=,iv:GmMH6Zp5FKeGttSszFYzni3GDIqALNprsB1m2sU3l+Y=,tag:e5LpVebq8mef4KNE9Y5L1Q==,type:str]",
+		"lastmodified": "2024-12-05T09:04:39Z",
+		"mac": "ENC[AES256_GCM,data:QEmR9qrUX4+h++b7l8D7U5YYo/TeJP0sSiztS9UqSqBpaHK2sssYYZcJdw4eguzc6VANRcIYSP349WvE1ryJey/Y/uTU31ami7Ru2UOS2Ngp/CDdbFncNy93JrZGrwlI5x/2NShIDrpo0h+4JlhDcnPHroRBZf4OW0j4a/qCZ8A=,iv:38+oAeZIjgx7fIFcFYTqqs+Tm+qgwrwT5gPuiopVoFQ=,tag:Iw53bzWX3KvgRfJmwBUrvw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"