diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go
index 86beadaf0..eae924113 100644
--- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go
+++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go
@@ -2,7 +2,6 @@ package featureflags
 
 import (
 	"fmt"
-	"net/url"
 
 	crd "github.com/RedHatInsights/clowder/apis/cloud.redhat.com/v1alpha1"
 	"github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/config"
@@ -109,19 +108,16 @@ func (ff *localFeatureFlagsProvider) EnvProvide() error {
 
 	username := utils.RandString(16)
 	hostname := fmt.Sprintf("%v.%v.svc", namespacedNameDb.Name, namespacedNameDb.Namespace)
-	passwordEncode := url.QueryEscape(password)
-	connectionURL := fmt.Sprintf("postgres://%s:%s@%s/%s", username, passwordEncode, hostname, "unleash")
 
 	dataInitDb := func() map[string]string {
 
 		return map[string]string{
-			"hostname":      hostname,
-			"port":          "5432",
-			"username":      username,
-			"password":      password,
-			"pgPass":        pgPassword,
-			"name":          "unleash",
-			"connectionURL": connectionURL,
+			"hostname": hostname,
+			"port":     "5432",
+			"username": username,
+			"password": password,
+			"pgPass":   pgPassword,
+			"name":     "unleash",
 		}
 	}
 
@@ -149,7 +145,7 @@ func (ff *localFeatureFlagsProvider) EnvProvide() error {
 		},
 	}
 
-	provutils.MakeLocalDB(dd, namespacedNameDb, ff.Env, labels, &dbCfg, "quay.io/cloudservices/postgresql-rds:12-9ee2984", ff.Env.Spec.Providers.FeatureFlags.PVC, "unleash", &res)
+	provutils.MakeLocalDB(dd, namespacedNameDb, ff.Env, labels, &dbCfg, "quay.io/cloudservices/postgresql-rds:15-53ac80c", ff.Env.Spec.Providers.FeatureFlags.PVC, "unleash", &res)
 
 	if err = ff.Cache.Update(LocalFFDBDeployment, dd); err != nil {
 		return err
@@ -220,17 +216,6 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov
 	keycloakSecret := core.Secret{}
 	cache.Get(web.WebKeycloakSecret, &keycloakSecret)
 
-	/*
-		   NOTE: about the order ... set the order in the impl. of each provider
-			REACH the provider, get the data from the cache.
-
-			make "somethingsomething" -> made with component system (make component cache exists)
-			There was a pattern, all compontents were created the same way each time
-			the name is makeCachecomponent (or makecomponentcache, one or the other)
-
-			the objMap ...
-	*/
-
 	dd := objMap[LocalFFDeployment].(*apps.Deployment)
 	svc := objMap[LocalFFService].(*core.Service)
 
@@ -250,25 +235,43 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov
 
 	port := int32(4242)
 
-	envVars := []core.EnvVar{{
-		Name: "DATABASE_PASSWORD",
-		ValueFrom: &core.EnvVarSource{
-			SecretKeyRef: &core.SecretKeySelector{
-				LocalObjectReference: core.LocalObjectReference{
-					Name: "featureflags-db",
-				},
-				Key: "password",
-			},
-		},
-	},
+	envVars := []core.EnvVar{
 		{
 			Name:  "DATABASE_SSL",
 			Value: "false",
 		},
+		{
+			Name:  "KC_HOST",
+			Value: fmt.Sprintf("http://%s-%s.%s.svc:8080", o.GetClowdName(), "keycloak", o.GetClowdNamespace()),
+		},
+		{
+			Name:  "KC_REALM",
+			Value: "unleash",
+		},
+		{
+			Name:  "KC_CLIENT_ID",
+			Value: "unleash",
+		},
+		{
+			Name:  "KC_ADMIN_ROLES",
+			Value: "admin",
+		},
+		{
+			Name:  "KC_EDITOR_ROLES",
+			Value: "editor",
+		},
+		{
+			Name:  "KC_VIEWER_ROLES",
+			Value: "viewer",
+		},
 	}
 
 	envVars = provutils.AppendEnvVarsFromSecret(envVars, "featureflags-db",
-		provutils.NewSecretEnvVar("DATABASE_URL", "connectionURL"),
+		provutils.NewSecretEnvVar("DATABASE_HOST", "hostname"),
+		provutils.NewSecretEnvVar("DATABASE_PORT", "port"),
+		provutils.NewSecretEnvVar("DATABASE_USERNAME", "username"),
+		provutils.NewSecretEnvVar("DATABASE_PASSWORD", "password"),
+		provutils.NewSecretEnvVar("DATABASE_NAME", "name"),
 	)
 	envVars = provutils.AppendEnvVarsFromSecret(envVars, nn.Name,
 		provutils.NewSecretEnvVar("INIT_CLIENT_API_TOKENS", "clientAccessToken"),
diff --git a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go
index 5d818092b..480b09c78 100644
--- a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go
+++ b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go
@@ -199,10 +199,10 @@ func configureKeycloak(web *localWebProvider) error {
 }
 
 func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, password string) error {
-	userData := &core.Secret{}
+	importData := &core.Secret{}
 	userDataNN := providers.GetNamespacedName(o, "keycloak-realm-import")
 
-	if err := cache.Create(WebKeycloakImportSecret, userDataNN, userData); err != nil {
+	if err := cache.Create(WebKeycloakImportSecret, userDataNN, importData); err != nil {
 		return err
 	}
 
@@ -211,20 +211,32 @@ func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, pas
 
 	labeler := utils.MakeLabeler(userDataNN, labels, o)
 
-	labeler(userData)
+	labeler(importData)
 
-	userImportData, err := os.ReadFile("./jsons/redhat-external-realm.json")
+	readhatRealmData, err := os.ReadFile("./jsons/redhat-external-realm.json")
 	if err != nil {
 		return fmt.Errorf("could not read user data: %w", err)
 	}
 
-	userData.StringData = map[string]string{}
-	userImportDataString := string(userImportData)
-	userImportDataString = strings.Replace(userImportDataString, "########PASSWORD########", password, 1)
+	unleashRealmData, err := os.ReadFile("./jsons/unleash-realm.json")
+	if err != nil {
+		return fmt.Errorf("could not read unleash-realm data: %w", err)
+	}
+
+	unleashUsersData, err := os.ReadFile("./jsons/unleash-users.json")
+	if err != nil {
+		return fmt.Errorf("could not read unleash-users data: %w", err)
+	}
+
+	importData.StringData = map[string]string{}
+	redhatRealmDataString := string(readhatRealmData)
+	redhatRealmDataString = strings.Replace(redhatRealmDataString, "########PASSWORD########", password, 1)
 
-	userData.StringData["redhat-external-realm.json"] = string(userImportDataString)
+	importData.StringData["redhat-external-realm.json"] = string(redhatRealmDataString)
+	importData.StringData["unleash-realm.json"] = string(unleashRealmData)
+	importData.StringData["unleash-users.json"] = string(unleashUsersData)
 
-	return cache.Update(WebKeycloakImportSecret, userData)
+	return cache.Update(WebKeycloakImportSecret, importData)
 }
 
 func baseProbeHandler(port int32, path string) core.ProbeHandler {
@@ -307,10 +319,6 @@ func makeKeycloak(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.Obj
 			Name:  "PROXY_ADDRESS_FORWARDING",
 			Value: "true",
 		},
-		{
-			Name:  "KEYCLOAK_IMPORT",
-			Value: "/json/redhat-external-realm.json",
-		},
 	}
 
 	envVars = provutils.AppendEnvVarsFromSecret(envVars, "keycloak-db",