diff --git a/bundles/dev/local-path-core/uds-bundle.yaml b/bundles/dev/local-path-core/uds-bundle.yaml
index 292b941aa..b038433c1 100644
--- a/bundles/dev/local-path-core/uds-bundle.yaml
+++ b/bundles/dev/local-path-core/uds-bundle.yaml
@@ -56,6 +56,9 @@ packages:
             - path: loki.query_scheduler.max_outstanding_requests_per_tenant
               value: 32000 # This is the new default in Loki 3.0
           variables:
+            - name: LOKI_S3_ENDPOINT
+              description: "The S3 endpoint"
+              path: loki.storage.s3.endpoint
             - name: LOKI_CHUNKS_BUCKET
               description: "The object storage bucket for Loki chunks"
               path: loki.storage.bucketNames.chunks
@@ -65,9 +68,6 @@ packages:
             - name: LOKI_ADMIN_BUCKET
               description: "The object storage bucket for Loki admin"
               path: loki.storage.bucketNames.admin
-            - name: LOKI_S3_ENDPOINT
-              description: "The S3 endpoint"
-              path: loki.storage.s3.endpoint
             - name: LOKI_S3_REGION
               description: "The S3 region"
               path: loki.storage.s3.region
@@ -103,8 +103,9 @@ packages:
       keycloak:
         keycloak:
           values:
+            # TODO: this can only be `false` if a Postgres is integrated and accessible in the cluster
             - path: devMode
-              value: false
+              value: true
             - path: fips
               value: true
 
diff --git a/bundles/dev/local-path-core/uds-config.yaml b/bundles/dev/local-path-core/uds-config.yaml
index 39a5df6ea..3388804d7 100644
--- a/bundles/dev/local-path-core/uds-config.yaml
+++ b/bundles/dev/local-path-core/uds-config.yaml
@@ -39,14 +39,9 @@ variables:
 
     velero_use_secret: false
     velero_irsa_role_arn: ""
+    # Zarf variables not available via UDS bundle values path overrides
     velero_bucket: uds
     velero_bucket_region: us-east-1
     velero_bucket_provider_url: http://minio.minio.svc.cluster.local:9000
     velero_bucket_credential_name: uds
     velero_bucket_credential_key: uds-secret
-
-    admin_tls_cert: ../tls.dev.cert
-    admin_tls_key: ../tls.dev.key
-
-    tenant_tls_cert: ../tls.dev.cert
-    tenant_tls_key: ../tls.dev.cert
diff --git a/bundles/latest/local-path-core/uds-bundle.yaml b/bundles/latest/local-path-core/uds-bundle.yaml
index 62fc9ca72..a5127f124 100644
--- a/bundles/latest/local-path-core/uds-bundle.yaml
+++ b/bundles/latest/local-path-core/uds-bundle.yaml
@@ -63,6 +63,9 @@ packages:
             - path: loki.query_scheduler.max_outstanding_requests_per_tenant
               value: 32000 # This is the new default in Loki 3.0
           variables:
+            - name: LOKI_S3_ENDPOINT
+              description: "The S3 endpoint"
+              path: loki.storage.s3.endpoint
             - name: LOKI_CHUNKS_BUCKET
               description: "The object storage bucket for Loki chunks"
               path: loki.storage.bucketNames.chunks
@@ -72,9 +75,6 @@ packages:
             - name: LOKI_ADMIN_BUCKET
               description: "The object storage bucket for Loki admin"
               path: loki.storage.bucketNames.admin
-            - name: LOKI_S3_ENDPOINT
-              description: "The S3 endpoint"
-              path: loki.storage.s3.endpoint
             - name: LOKI_S3_REGION
               description: "The S3 region"
               path: loki.storage.s3.region
@@ -110,8 +110,9 @@ packages:
       keycloak:
         keycloak:
           values:
+            # TODO: this can only be `false` if a Postgres is integrated and accessible in the cluster
             - path: devMode
-              value: false
+              value: true
             - path: fips
               value: true
 
@@ -121,10 +122,10 @@ packages:
           variables:
             - name: ADMIN_TLS_CERT
               description: "The TLS cert for the admin gateway (must be base64 encoded)"
-              path: ../tls.dev.cert
+              path: ../tls.cert
             - name: ADMIN_TLS_KEY
               description: "The TLS key for the admin gateway (must be base64 encoded)"
-              path: ../tls.dev.key
+              path: ../tls.key
 
       istio-tenant-gateway:
         # Access to UDS application services (e.g., *.uds.dev, ai.uds.dev)
@@ -132,10 +133,10 @@ packages:
           variables:
             - name: TENANT_TLS_CERT
               description: "The TLS cert for the tenant gateway (must be base64 encoded)"
-              path: ../tls.dev.cert
+              path: ../tls.cert
             - name: TENANT_TLS_KEY
               description: "The TLS key for the tenant gateway (must be base64 encoded)"
-              path: ../tls.dev.key
+              path: ../tls.key
 
   - name: uds-rke2-exemptions
     description: "Deploys the UDS Core Pepr policy exemptions"
diff --git a/bundles/latest/local-path-core/uds-config.yaml b/bundles/latest/local-path-core/uds-config.yaml
index 2ca2a8933..1484d9c34 100644
--- a/bundles/latest/local-path-core/uds-config.yaml
+++ b/bundles/latest/local-path-core/uds-config.yaml
@@ -39,14 +39,9 @@ variables:
 
     velero_use_secret: false
     velero_irsa_role_arn: ""
+    # Zarf variables not available via UDS bundle values path overrides
     velero_bucket: uds
     velero_bucket_region: us-east-1
     velero_bucket_provider_url: http://minio.minio.svc.cluster.local:9000
     velero_bucket_credential_name: uds
     velero_bucket_credential_key: uds-secret
-
-    admin_tls_cert: ../tls.dev.cert
-    admin_tls_key: ../tls.dev.key
-
-    tenant_tls_cert: ../tls.dev.cert
-    tenant_tls_key: ../tls.dev.cert
diff --git a/tasks.yaml b/tasks.yaml
index 94ca764f6..93c86e86f 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -31,18 +31,12 @@ tasks:
   - name: uds-rke2-local-path-core
     description: "Bootstrap a new RKE2 cluster, with the Local Path Provisioner + MinIO Zarf Init and UDS Core packages (LATEST)"
     actions:
-      - task: setup:create-lvm
-      - task: create:tls-cert
-
       - task: create:local-path-core-bundle
       - task: deploy:local-path-core-bundle
 
   - name: uds-rke2-local-path-core-dev
     description: "Bootstrap a new RKE2 cluster, with the Local Path Provisioner + MinIO Zarf Init and UDS Core packages (DEV)"
     actions:
-      - task: setup:create-lvm
-      - task: create:tls-cert-dev
-
       - task: release-packages-dev
       - task: create:local-path-core-bundle-dev
       - task: deploy:local-path-core-bundle-dev
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
index 6561defca..924a2b78a 100644
--- a/tasks/deploy.yaml
+++ b/tasks/deploy.yaml
@@ -1,6 +1,10 @@
 # TODO: renovate setup
 # yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.4/tasks.schema.json
 
+includes:
+  - create: create.yaml
+  - setup: setup.yaml
+
 variables:
   - name: VERSION
     description: "Explicitly set the version, overriding the official release tag"
@@ -87,6 +91,9 @@ tasks:
   - name: local-path-core-bundle
     description: "Deploy the Local Path Provisioner UDS RKE2 bootstrapping bundle"
     actions:
+      - task: setup:create-lvm
+      - task: create:tls-cert
+
       - task: bundle
         with:
           name: uds-rke2-local-path-core
@@ -99,6 +106,9 @@ tasks:
   - name: local-path-core-bundle-dev
     description: "Deploy the Local Path Provisioner UDS RKE2 bootstrapping bundle"
     actions:
+      - task: setup:create-lvm
+      - task: create:tls-cert-dev
+
       - task: bundle
         with:
           name: uds-rke2-local-path-core