diff --git a/scripts/okapi-login b/scripts/okapi-login
index 0847a33..a34c27b 100755
--- a/scripts/okapi-login
+++ b/scripts/okapi-login
@@ -1,13 +1,20 @@
 #! /bin/sh
 USAGE="Usage: `basename $0` [-h] [-u username] [-p password] [-t tenant]"
 
+# We may not be run from this directory
+SCRIPT_DIRECTORY=`dirname "$0"`
 TENANT="diku"
 UN="diku_admin"
 PW="admin"
-OKAPI="http://localhost:9130"
+
+if [ -f .okapirc ]; then
+  . ./.okapirc
+elif [ -f $HOME/.okapirc ]; then
+  . $HOME/.okapirc
+fi
 
 # Parse command line options.
-while getopts hupt: OPT; do
+while getopts "h:u:p:t:" OPT; do
   case "$OPT" in
     h)
       echo $USAGE
@@ -33,8 +40,9 @@ done
 # Remove the options we parsed above.
 shift `expr $OPTIND - 1`
 
-AUTH_TOKEN=$(curl -sSL -D - -X POST -H 'accept: application/json' -H 'Content-type: application/json' \
+AUTH_TOKEN=$(curl -sSL -X POST -H 'accept: application/json' -H 'Content-type: application/json' \
     -H "X-Okapi-Tenant: $TENANT" --connect-timeout 5 --max-time 30 -d "{ \"username\":\"${UN}\", \"password\": \"${PW}\" }" \
-    "${OKAPI}/authn/login" | grep -Fi x-okapi-token | sed -r 's/^.*\:\s*(([A-Za-z0-9+\/]+\.){2}[A-Za-z0-9+\/]+)/\1/' | xargs)
-echo $AUTH_TOKEN
-exit 0
+    "${OKAPI_URL}/authn/login" | jq -rc '.okapiToken' | sed 's/.*: *//' | xargs)
+
+echo "$AUTH_TOKEN"
+exit 0
\ No newline at end of file
diff --git a/scripts/register_and_enable_rancher.sh b/scripts/register_and_enable_rancher.sh
new file mode 100755
index 0000000..6b76059
--- /dev/null
+++ b/scripts/register_and_enable_rancher.sh
@@ -0,0 +1,2 @@
+./secure_register.sh
+./secure_enable.sh
\ No newline at end of file
diff --git a/scripts/run_rancher_desktop.sh b/scripts/run_rancher_desktop.sh
new file mode 100755
index 0000000..dc75fbc
--- /dev/null
+++ b/scripts/run_rancher_desktop.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+MODULE_PORT=8082
+MODULE_NAME=mod-remote-sync
+
+source ~/.okapirc
+
+# This script is for executing a double check that the endpoint calls that work directly
+# also work via okapi.
+
+# see https://docs.spring.io/spring-boot/docs/current/reference/html/boot-features-external-config.html for info on overriding 
+# spring boot app config on the command line
+
+# This script should be run from the mod-rs/service directory after a "grails prod war" build completes
+
+the_jar_file=`ls build/libs/$MODULE_NAME*.jar | tail -n 1`
+
+echo Start mod-rs in external-register mode - Jar will be $the_jar_file
+
+# curl --header "X-Okapi-Tenant: diku" http://localhost:9130/content -X GET
+
+# THis DOES work as expected however - 
+java -Djava.net.preferIPv4Stack=true -Dserver.port=$MODULE_PORT -jar $the_jar_file -Xmx1G --grails.server.host=10.0.2.2 --dataSource.username=okapi_1 --dataSource.password=okapi_1 --dataSource.url=jdbc:postgresql://localhost:30101/okapi_modules
diff --git a/scripts/secure_enable.sh b/scripts/secure_enable.sh
new file mode 100755
index 0000000..46dfa63
--- /dev/null
+++ b/scripts/secure_enable.sh
@@ -0,0 +1,56 @@
+## This script logs into OKAPI and then registers and enables the module
+BASEDIR=$(dirname "$0")
+
+MODULE_PORT=8082
+
+# This script generates the module descriptor for mod-rs and posts it to a secured OKAPI control interface
+# the script is controlled by a ~/.okapirc file where you need to specify the supertenant username (ST_UN)
+# supertnent password (ST_PW) and the OKAPI_URL (For the rancher-desktop install, likely http://localhost:30100)
+
+if [ -f .okapirc ]; then
+  . .okapirc
+elif [ -f $HOME/.okapirc ]; then
+  . $HOME/.okapirc
+else
+  echo You must configure \$HOME/.okapirc
+  echo export IS_SECURE_SUPERTENANT=Y
+  echo export ST_UN=sysadm
+  echo export ST_PW=PASSWORD_FROM_LOCAL_okapi_commander_cfg.json
+  echo export OKAPI_URL=http://localhost:30100
+  exit 0
+fi
+
+echo $BASEDIR
+pushd "$BASEDIR/../service"
+
+DIR="$BASEDIR/../"
+
+echo "Using directory: $DIR"
+
+# Check for decriptor target directory.
+
+DESCRIPTORDIR="../service/build/resources/main/okapi"
+
+if [ ! -d "$DESCRIPTORDIR" ]; then
+    echo "No descriptors found. Let's try building them."
+    
+    ./gradlew generateDescriptors
+fi
+
+# DEP_DESC=`cat ${DESCRIPTORDIR}/DeploymentDescriptor.json | jq -c ".url=\"$2\""`
+DEP_DESC=`cat ${DESCRIPTORDIR}/DeploymentDescriptor.json | jq -c ".url=\"http://192.168.5.2:$MODULE_PORT/\""`
+SVC_ID=`echo $DEP_DESC | jq -rc '.srvcId'`
+INS_ID=`echo $DEP_DESC | jq -rc '.instId'`
+
+AUTH_TOKEN=`../scripts/okapi-login -u $ST_UN -p $ST_PW -t supertenant`
+
+echo "AUTH_TOKEN: $AUTH_TOKEN"
+echo "SUPERTENANT UN: $ST_UN, PASSWORD: $ST_PW"
+
+ENABLE_DOC=`echo $DEP_DESC | jq -c '[{id: .srvcId, action: "enable"}]'`
+echo "Enable service - enable doc is $ENABLE_DOC"
+
+curl -XPOST -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/proxy/tenants/$TENANT/install?tenantParameters=loadSample%3Dtest,loadReference%3Dother" -d "$ENABLE_DOC"
+echo
+
+echo Done
\ No newline at end of file
diff --git a/scripts/secure_register.sh b/scripts/secure_register.sh
new file mode 100755
index 0000000..767d351
--- /dev/null
+++ b/scripts/secure_register.sh
@@ -0,0 +1,72 @@
+## This script logs into OKAPI and then registers and enables the module
+BASEDIR=$(dirname "$0")
+
+MODULE_PORT=8082
+
+# This script generates the module descriptor for mod-rs and posts it to a secured OKAPI control interface
+# the script is controlled by a ~/.okapirc file where you need to specify the supertenant username (ST_UN)
+# supertnent password (ST_PW) and the OKAPI_URL (For the rancher-desktop install, likely http://localhost:30100)
+
+if [ -f .okapirc ]; then
+  . .okapirc
+elif [ -f $HOME/.okapirc ]; then
+  . $HOME/.okapirc
+else
+  echo You must configure \$HOME/.okapirc
+  echo export IS_SECURE_SUPERTENANT=Y
+  echo export ST_UN=sysadm
+  echo export ST_PW=PASSWORD_FROM_LOCAL_okapi_commander_cfg.json
+  echo export OKAPI_URL=http://localhost:30100
+  exit 0
+fi
+
+echo $BASEDIR
+pushd "$BASEDIR/../service"
+
+DIR="$BASEDIR/../"
+
+echo "Using directory: $DIR"
+
+# Check for decriptor target directory.
+
+DESCRIPTORDIR="../service/build/resources/main/okapi"
+
+if [ ! -d "$DESCRIPTORDIR" ]; then
+    echo "No descriptors found. Let's try building them."
+    
+    ./gradlew generateDescriptors
+fi
+
+# DEP_DESC=`cat ${DESCRIPTORDIR}/DeploymentDescriptor.json | jq -c ".url=\"$2\""`
+DEP_DESC=`cat ${DESCRIPTORDIR}/DeploymentDescriptor.json | jq -c ".url=\"http://192.168.5.2:$MODULE_PORT/\""`
+SVC_ID=`echo $DEP_DESC | jq -rc '.srvcId'`
+INS_ID=`echo $DEP_DESC | jq -rc '.instId'`
+
+AUTH_TOKEN=`../scripts/okapi-login -u $ST_UN -p $ST_PW -t supertenant`
+
+echo "AUTH_TOKEN: $AUTH_TOKEN"
+echo "SUPERTENANT UN: $ST_UN, PASSWORD: $ST_PW"
+
+echo Remove any existing module ${SVC_ID}/${INS_ID}
+echo Waiting for curl -XDELETE "${OKAPI_URL}/_/proxy/tenants/${TENANT_NAME}/modules/${SVC_ID}"
+curl -XDELETE -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/proxy/tenants/${TENANT_NAME}/modules/${SVC_ID}"
+echo
+
+echo Waiting for curl -XDELETE -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/discovery/modules/${SVC_ID}/${INS_ID}"
+curl -XDELETE -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/discovery/modules/${SVC_ID}/${INS_ID}"
+echo
+
+echo Waiting for curl -XDELETE -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/proxy/modules/${SVC_ID}"
+curl -XDELETE -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/proxy/modules/${SVC_ID}"
+echo
+
+# ./gradlew clean generateDescriptors
+echo Install latest module ${SVC_ID}/${INS_ID} 
+curl -XPOST -H "X-Okapi-Token: $AUTH_TOKEN" ${OKAPI_URL}/_/proxy/modules -d @"${DESCRIPTORDIR}/ModuleDescriptor.json"
+echo
+
+echo -e "\n\nPOSTING DEPLOYMENT DESCRIPTOR:"
+curl -XPOST -H "X-Okapi-Token: $AUTH_TOKEN" "${OKAPI_URL}/_/discovery/modules" -d "$DEP_DESC"
+echo
+
+popd
\ No newline at end of file
diff --git a/service/grails-app/conf/application-rancher-desktop-db.yml b/service/grails-app/conf/application-rancher-desktop-db.yml
new file mode 100644
index 0000000..266838f
--- /dev/null
+++ b/service/grails-app/conf/application-rancher-desktop-db.yml
@@ -0,0 +1,45 @@
+##
+# This config file connects to the postgres install from a rancher desktop instance.
+# Use the flag '-Dgrails.env=rancher-desktop-db' when running
+##
+
+dataSource:
+  dbCreate: none
+  url: "jdbc:postgresql://${db.host:localhost}:${db.port:30101}/${db.database:okapi_modules}" # Port 30101 forwarded so as not to clash.
+  username: postgres
+  password: postgres
+  driverClassName: org.postgresql.Driver
+  dialect: com.k_int.hibernate.dialects.postgres.KIPostgres94Dialect
+  schemaHandler: com.k_int.okapi.OkapiSchemaHandler
+  logSql: false
+  properties:
+      jmxEnabled: false
+      initialSize: 5
+      maxActive: ${db.maxpoolsize:5}
+      minIdle: 5
+      maxIdle: 10
+      maxWait: 10000
+      maxAge: 600000
+      timeBetweenEvictionRunsMillis: 5000
+      minEvictableIdleTimeMillis: 60000
+      validationQuery: SELECT 1
+      validationInterval: 30000
+      testOnBorrow: true
+      testWhileIdle: true
+      testOnReturn: false
+      removeAbandoned: true
+      removeAbandonedTimeout: 60
+      abandonWhenPercentageFull: 50
+      jdbcInterceptors: ConnectionState
+      defaultTransactionIsolation: 2 # TRANSACTION_READ_COMMITTED
+server:
+  port: 8082
+okapi: 
+  service:
+    host: localhost
+    port: 30100
+
+#    register: true
+#    deploy: true
+        
+