diff --git a/build.gradle b/build.gradle
index 1468900..aac0f38 100644
--- a/build.gradle
+++ b/build.gradle
@@ -21,9 +21,10 @@ repositories {
 	mavenCentral()
 }
 
-//ext {
-//	set('springCloudAzureVersion', "5.18.0")
-//}
+ext {
+	set('springCloudAzureVersion', "5.18.0")
+	set('otelInstrumentationVersion','2.10.0')
+}
 
 dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-actuator'
@@ -42,6 +43,12 @@ dependencies {
 	implementation("org.openapitools:jackson-databind-nullable:0.2.6")
 	implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310")
 	implementation("org.springframework.boot:spring-boot-starter-validation")
+
+	// opentelemetry
+	// implementation("io.opentelemetry.instrumentation:opentelemetry-spring-boot-starter")
+	// provides the same functionality of spring-boot-starter but configure the azure exporter
+	implementation("com.azure.spring:spring-cloud-azure-starter-monitor:1.0.0-beta.6")
+
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testImplementation 'org.springframework.security:spring-security-test'
 	testImplementation 'io.projectreactor:reactor-test'
@@ -50,7 +57,8 @@ dependencies {
 
 dependencyManagement {
 	imports {
-//		mavenBom "com.azure.spring:spring-cloud-azure-dependencies:${springCloudAzureVersion}"
+		mavenBom "com.azure.spring:spring-cloud-azure-dependencies:${springCloudAzureVersion}"
+		mavenBom "io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom:${otelInstrumentationVersion}"
 	}
 }
 
@@ -99,6 +107,15 @@ openApiGenerate {
     ])
 }
 
+graalvmNative {
+	binaries {
+		main {
+			buildArgs.add("--initialize-at-build-time=org.slf4j.helpers")
+			jvmArgs.add("-Djava.security.properties=${file("${projectDir}/src/main/resources/custom.security").absolutePath}")
+		}
+	}
+}
+
 test {
 	finalizedBy jacocoTestReport // report is always generated after tests run
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index b8ef53d..bc924fc 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,6 +1,5 @@
 logging.level.root=INFO
 
-
 spring.application.name=rtp-activator
 
 # enable spring boot actuator health endpoint
diff --git a/src/main/resources/custom.security b/src/main/resources/custom.security
new file mode 100644
index 0000000..9861c93
--- /dev/null
+++ b/src/main/resources/custom.security
@@ -0,0 +1 @@
+jdk.jar.disabledAlgorithms=MD2, MD5, RSA, DSA
\ No newline at end of file
diff --git a/src/main/terraform/container_app.tf b/src/main/terraform/container_app.tf
index 08278a1..bc4e510 100644
--- a/src/main/terraform/container_app.tf
+++ b/src/main/terraform/container_app.tf
@@ -46,6 +46,22 @@ resource "azurerm_container_app" "rtp-activator" {
         name        = "IDENTITY_CLIENT_ID"
         secret_name = "identity-client-id"
       }
+
+      dynamic "env" {
+        for_each = var.rtp_environment_configs
+        content {
+          name = env.key
+          value = env.value
+        }
+      }
+
+      dynamic "env" {
+        for_each = var.rtp_environment_secrets
+        content {
+          name = env.key
+          secret_name = replace(lower(env.key), "_", "-")
+        }
+      }
     }
 
     max_replicas = var.rtp_activator_max_replicas
@@ -57,6 +73,16 @@ resource "azurerm_container_app" "rtp-activator" {
     value = "${data.azurerm_user_assigned_identity.rtp-activator.client_id}"
   }
 
+
+  dynamic "secret" {
+    for_each = var.rtp_environment_secrets
+    content {
+      name = replace(lower(secret.key), "_", "-")
+      key_vault_secret_id = "${data.azurerm_key_vault.rtp-kv.vault_uri}secrets/${secret.value}"
+      identity            = data.azurerm_user_assigned_identity.rtp-activator.id
+    }
+  }
+
   identity {
     type = "UserAssigned"
     identity_ids = [data.azurerm_user_assigned_identity.rtp-activator.id]
diff --git a/src/main/terraform/data.tf b/src/main/terraform/data.tf
index b11a715..60f0888 100644
--- a/src/main/terraform/data.tf
+++ b/src/main/terraform/data.tf
@@ -13,3 +13,11 @@ data "azurerm_user_assigned_identity" "rtp-activator" {
   name                = var.id_name
   resource_group_name = var.id_resource_group_name
 }
+
+# ------------------------------------------------------------------------------
+# General purpose key vault used to protect secrets.
+# ------------------------------------------------------------------------------
+data "azurerm_key_vault" "rtp-kv" {
+  name                = local.rtp_kv_name
+  resource_group_name = local.rtp_kv_resource_group_name
+}
diff --git a/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars b/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars
index d6d8f6e..b3c4910 100644
--- a/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars
+++ b/src/main/terraform/env/cstar-d-weu-rtp/terraform.tfvars
@@ -22,8 +22,8 @@ tags = {
 # ------------------------------------------------------------------------------
 cae_name                       = "cstar-d-mcshared-cae"
 cae_resource_group_name        = "cstar-d-mcshared-app-rg"
-id_name                        = "cstar-d-mcshared-auth-id"
-id_resource_group_name         = "cstar-d-mcshared-identity-rg"
+id_name                        = "cstar-d-weu-rtp-activator-id"
+id_resource_group_name         = "cstar-d-weu-rtp-identity-rg"
 
 # ------------------------------------------------------------------------------
 # Names of key vault secrets.
@@ -39,4 +39,12 @@ rtp_activator_cpu                               = 0.25
 rtp_activator_memory                            = "0.5Gi"
 rtp_activator_max_replicas                      = 5
 rtp_activator_min_replicas                      = 1
-rtp_activator_base_url                          = "https://mil-d-apim.azure-api.net/rtp-activator"
\ No newline at end of file
+rtp_activator_base_url                          = "https://mil-d-apim.azure-api.net/rtp-activator"
+
+rtp_environment_configs = {
+  OTEL_TRACES_SAMPLER: "always_on"
+}
+
+rtp_environment_secrets = {
+  APPLICATIONINSIGHTS_CONNECTION_STRING: "appinsights-connection-string"
+}
\ No newline at end of file
diff --git a/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars b/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars
index 33783f5..1e8f10d 100644
--- a/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars
+++ b/src/main/terraform/env/cstar-p-weu-rtp/terraform.tfvars
@@ -22,8 +22,8 @@ tags = {
 # ------------------------------------------------------------------------------
 cae_name                       = "cstar-p-mcshared-cae"
 cae_resource_group_name        = "cstar-p-mcshared-app-rg"
-id_name                        = "cstar-p-mcshared-auth-id"
-id_resource_group_name         = "cstar-p-mcshared-identity-rg"
+id_name                        = "cstar-p-weu-rtp-activator-id"
+id_resource_group_name         = "cstar-p-weu-rtp-identity-rg"
 
 # ------------------------------------------------------------------------------
 # Names of key vault secrets.
@@ -39,4 +39,12 @@ rtp_activator_cpu                               = 0.25
 rtp_activator_memory                            = "0.5Gi"
 rtp_activator_max_replicas                      = 5
 rtp_activator_min_replicas                      = 1
-rtp_activator_base_url                          = "https://mil-d-apim.azure-api.net/rtp_activator"
\ No newline at end of file
+rtp_activator_base_url                          = "https://mil-d-apim.azure-api.net/rtp_activator"
+
+rtp_environment_configs = {
+  OTEL_TRACES_SAMPLER: "always_on"
+}
+
+rtp_environment_secrets = {
+  APPLICATIONINSIGHTS_CONNECTION_STRING: "appinsights-connection-string"
+}
\ No newline at end of file
diff --git a/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars b/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars
index 896f3f1..3bcbe92 100644
--- a/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars
+++ b/src/main/terraform/env/cstar-u-weu-rtp/terraform.tfvars
@@ -22,8 +22,8 @@ tags = {
 # ------------------------------------------------------------------------------
 cae_name                       = "cstar-u-mcshared-cae"
 cae_resource_group_name        = "cstar-u-mcshared-app-rg"
-id_name                        = "cstar-u-mcshared-auth-id"
-id_resource_group_name         = "cstar-u-mcshared-identity-rg"
+id_name                        = "cstar-u-weu-rtp-activator-id"
+id_resource_group_name         = "cstar-u-weu-rtp-identity-rg"
 
 # ------------------------------------------------------------------------------
 # Names of key vault secrets.
@@ -40,3 +40,11 @@ rtp_activator_memory                            = "0.5Gi"
 rtp_activator_max_replicas                      = 5
 rtp_activator_min_replicas                      = 1
 rtp_activator_base_url                          = "https://mil-d-apim.azure-api.net/rtp-activator"
+
+rtp_environment_configs = {
+  OTEL_TRACES_SAMPLER: "always_on"
+}
+
+rtp_environment_secrets = {
+  APPLICATIONINSIGHTS_CONNECTION_STRING: "appinsights-connection-string"
+}
\ No newline at end of file
diff --git a/src/main/terraform/locals.tf b/src/main/terraform/locals.tf
index dea9445..4f0b726 100644
--- a/src/main/terraform/locals.tf
+++ b/src/main/terraform/locals.tf
@@ -3,4 +3,7 @@ locals {
   # Project label.
   #
   project = var.domain == "" ? "${var.prefix}-${var.env_short}" : "${var.prefix}-${var.env_short}-${var.domain}"
+
+  rtp_kv_name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}-kv"
+  rtp_kv_resource_group_name = "${var.prefix}-${var.env_short}-${var.location_short}-${var.domain}-sec-rg"
 }
\ No newline at end of file
diff --git a/src/main/terraform/variables.tf b/src/main/terraform/variables.tf
index 14caa68..0a8289f 100644
--- a/src/main/terraform/variables.tf
+++ b/src/main/terraform/variables.tf
@@ -107,3 +107,13 @@ variable "rtp_activator_memory" {
 variable "rtp_activator_image" {
   type = string
 }
+
+variable "rtp_environment_configs" {
+  type = map(any)
+  default = {}
+}
+
+variable "rtp_environment_secrets" {
+  type = map(any)
+  default = {}
+}
\ No newline at end of file