diff --git a/.gitignore b/.gitignore
index 01d35d64e78c71576561c45c892462bf54e98fd0..c62d1f07832209612e81446d1790673055a1b110 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,8 @@
 .classpath
 /.settings
 
+compose/kubedir/config
+kubernetes/helm/openslice/files/org.etsi.osl.cridge/kubeconfig.yaml
+kubernetes/helm/openslice/files/org.etsi.osl.portal.web/src/js/config.js
+kubernetes/helm/openslice/files/org.etsi.osl.tmf.web/src/assets/config/config.prod.json
+kubernetes/helm/openslice/files/org.etsi.osl.tmf.web/src/assets/config/theming.scss
diff --git a/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh b/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh
index fe7dc19d2c2f6920389804b6ac292c6edd4a8bd6..e9e6bcdd96cc757b13efbff71fe4b9209328cfc0 100644
--- a/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh
+++ b/kubernetes/helm/openslice/files/mysql-init/entrypoint.sh
@@ -22,6 +22,9 @@ create_user() {
 PORTAL_USER="$(< /var/run/secrets/portal/username)"
 PORTAL_DATABASE="$(< /var/run/secrets/portal/database)"
 
+TMF_USER="$(< /var/run/secrets/tmf/username)"
+TMF_DATABASE="$(< /var/run/secrets/tmf/database)"
+
 KEYCLOAK_USER="$(< /var/run/secrets/keycloak/username)"
 KEYCLOAK_DATABASE="$(< /var/run/secrets/keycloak/database)"
 
@@ -32,11 +35,13 @@ run_mysql --execute \
 "
 # create databases
 CREATE DATABASE IF NOT EXISTS $PORTAL_DATABASE;
+CREATE DATABASE IF NOT EXISTS $TMF_DATABASE;
 CREATE DATABASE IF NOT EXISTS $KEYCLOAK_DATABASE;
 CREATE DATABASE IF NOT EXISTS $METRICO_DATABASE;
 "
 
 create_user "$PORTAL_USER" "$(< /var/run/secrets/portal/password)"
+create_user "$TMF_USER" "$(< /var/run/secrets/tmf/password)"
 create_user "$KEYCLOAK_USER" "$(< /var/run/secrets/keycloak/password)"
 create_user "$METRICO_USER" "$(< /var/run/secrets/metrico/password)"
 
@@ -44,6 +49,8 @@ run_mysql --execute \
 "
 # Grant portal user rights to the portal database
 GRANT ALL PRIVILEGES ON $PORTAL_DATABASE.* TO '$PORTAL_USER'@'%';
+# Grant tmf user rights to the tmf database
+GRANT ALL PRIVILEGES ON $TMF_DATABASE.* TO '$TMF_USER'@'%';
 # Grant keycloak user rights to the portal database
 GRANT ALL PRIVILEGES ON $KEYCLOAK_DATABASE.* TO '$KEYCLOAK_USER'@'%';
 # Grant metrico user rights to the portal database
diff --git a/kubernetes/helm/openslice/templates/_helpers.tpl b/kubernetes/helm/openslice/templates/_helpers.tpl
index fa5e591ed3974face4677c85b65907329ad9ec27..b4dd9c5237e9ec2ccf588abe95978acf27875f48 100644
--- a/kubernetes/helm/openslice/templates/_helpers.tpl
+++ b/kubernetes/helm/openslice/templates/_helpers.tpl
@@ -104,6 +104,14 @@ Secrets
 {{- end }}
 {{- end }}
 
+{{- define "openslice.secrets.tmf.mysql" -}}
+{{- if .Values.oscreds.mysql.tmf.existingSecret }}
+{{- .Values.oscreds.mysql.tmf.existingSecret }}
+{{- else }}
+{{- include "openslice.fullname" . }}-mysql-tmf-secrets
+{{- end }}
+{{- end }}
+
 {{- define "openslice.secrets.metrico.mysql" -}}
 {{- if .Values.oscreds.mysql.metrico.existingSecret }}
 {{- .Values.oscreds.mysql.metrico.existingSecret }}
diff --git a/kubernetes/helm/openslice/templates/mysql-tmf-secret.yaml b/kubernetes/helm/openslice/templates/mysql-tmf-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8d5a50c696e63f664cda71ef4ac4c027d96a3bdb
--- /dev/null
+++ b/kubernetes/helm/openslice/templates/mysql-tmf-secret.yaml
@@ -0,0 +1,16 @@
+{{- if not .Values.oscreds.mysql.tmf.existingSecret -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ include "openslice.fullname" . }}
+    org.etsi.osl.service: mysql
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    {{- include "openslice.labels" . | nindent 4 }}
+  name: {{ include "openslice.fullname" . }}-mysql-tmf-secrets
+data:
+  username: {{ .Values.oscreds.mysql.tmf.username | default "tmfuser" | b64enc }}
+  password: {{ .Values.oscreds.mysql.tmf.password | default "12345" | b64enc }}
+  database: {{ .Values.oscreds.mysql.tmf.database | default "ostmfdb" | b64enc }}
+{{- end -}}
diff --git a/kubernetes/helm/openslice/templates/mysql.yaml b/kubernetes/helm/openslice/templates/mysql.yaml
index e0cc23dfb2a71ab6a7383dae787116f9e635b329..aebd6fb8e6626306bf3293b7edd7fb178f58e8f1 100644
--- a/kubernetes/helm/openslice/templates/mysql.yaml
+++ b/kubernetes/helm/openslice/templates/mysql.yaml
@@ -58,6 +58,9 @@ spec:
             - mountPath: "/var/run/secrets/portal"
               readOnly: true
               name: mysql-portal-secrets
+            - mountPath: "/var/run/secrets/tmf"
+              readOnly: true
+              name: mysql-tmf-secrets
             - mountPath: "/var/run/secrets/keycloak"
               readOnly: true
               name: mysql-keycloak-secrets
@@ -92,6 +95,9 @@ spec:
         - name: mysql-portal-secrets
           secret:
             secretName: {{ include "openslice.secrets.portal.mysql" . }}
+        - name: mysql-tmf-secrets
+          secret:
+            secretName: {{ include "openslice.secrets.tmf.mysql" . }}
         - name: mysql-keycloak-secrets
           secret:
             secretName: {{ include "openslice.secrets.keycloak.mysql" . }}
diff --git a/kubernetes/helm/openslice/templates/oasapi.yaml b/kubernetes/helm/openslice/templates/oasapi.yaml
index 0efc1ab56160b5547db22a168547d079cab6e255..427e2ff01f48c027ee7d3611945067fff69141dc 100644
--- a/kubernetes/helm/openslice/templates/oasapi.yaml
+++ b/kubernetes/helm/openslice/templates/oasapi.yaml
@@ -28,7 +28,7 @@ spec:
       - name: init-keycloak
         image: busybox:1.28
         command: ['sh', '-c', "until nslookup {{ include "openslice.fullname" . }}-keycloak; do echo waiting for keycloak; sleep 2; done"]
-      - name: init-mysql-portal
+      - name: init-mysql
         image: busybox:1.28
         command: ['sh', '-c', "until nslookup {{ include "openslice.fullname" . }}-mysql; do echo waiting for mysql; sleep 2; done"]
       hostNetwork: {{ .Values.hostNetwork }}
@@ -42,7 +42,7 @@ spec:
                 {
                   "origins":"{{ .Values.rooturl }}",
                   "spring.config.import": "configtree:/etc/config/",
-                  "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.portal.database }}",
+                  "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.tmf.database }}",
                   "spring-addons.issuers[0].uri": "{{ .Values.rooturl }}/auth/realms/openslice",
                   "spring-addons.issuers[0].username-json-path":"$.preferred_username", 
                   "spring-addons.issuers[0].claims[0].jsonPath":"$.realm_access.roles", 
@@ -65,11 +65,11 @@ spec:
               port: 13101
           volumeMounts:
             - mountPath: "/etc/config/spring.datasource.username"
-              name: mysql-portal-secrets
+              name: mysql-tmf-secrets
               subPath: username
               readOnly: true
             - mountPath: "/etc/config/spring.datasource.password"
-              name: mysql-portal-secrets
+              name: mysql-tmf-secrets
               subPath: password
               readOnly: true
             - mountPath: "/etc/config/spring.activemq.user"
@@ -85,9 +85,9 @@ spec:
         - name: artemis-secrets
           secret:
             secretName: {{ include "openslice.secrets.activemq" . }}
-        - name: mysql-portal-secrets
+        - name: mysql-tmf-secrets
           secret:
-            secretName: {{ include "openslice.secrets.portal.mysql" . }}
+            secretName: {{ include "openslice.secrets.tmf.mysql" . }}
 ---
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/helm/openslice/templates/osportalapi.yaml b/kubernetes/helm/openslice/templates/osportalapi.yaml
index 25d2b417b5ee1ea7bdc6990d74b4c3d6f76e3b1e..5612e67194092a15bc33502c9b59aed5cf8d14e7 100644
--- a/kubernetes/helm/openslice/templates/osportalapi.yaml
+++ b/kubernetes/helm/openslice/templates/osportalapi.yaml
@@ -30,7 +30,7 @@ spec:
         - name: init-keycloak
           image: busybox:1.28
           command: ['sh', '-c', "until nslookup {{ include "openslice.fullname" . }}-keycloak; do echo waiting for keycloak; sleep 2; done"]
-        - name: init-mysql-portal
+        - name: init-mysql
           image: busybox:1.28
           command: ['sh', '-c', "until nslookup {{ include "openslice.fullname" . }}-mysql; do echo waiting for mysql; sleep 2; done"]
       containers:
diff --git a/kubernetes/helm/openslice/templates/osscapi.yaml b/kubernetes/helm/openslice/templates/osscapi.yaml
index 924cdafcac0f75adc34469f21dd9eb5cd5ecdc82..ab1b72d562aae2658c01c10d39c7db14e6a0b457 100644
--- a/kubernetes/helm/openslice/templates/osscapi.yaml
+++ b/kubernetes/helm/openslice/templates/osscapi.yaml
@@ -29,7 +29,7 @@ spec:
       - name: init-keycloak
         image: busybox:1.28
         command: ['sh', '-c', "until nslookup {{ include "openslice.fullname" . }}-keycloak; do echo waiting for keycloak; sleep 2; done"]
-      - name: init-mysql-portal
+      - name: init-mysql
         image: busybox:1.28
         command: ['sh', '-c', "until nslookup {{ include "openslice.fullname" . }}-mysql; do echo waiting for mysql; sleep 2; done"]
       containers:
@@ -42,7 +42,7 @@ spec:
                 {
                   "origins":"{{ .Values.rooturl }}",
                   "spring.config.import": "configtree:/etc/config/",
-                  "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.portal.database }}",
+                  "spring.datasource.url": "jdbc:mysql://{{ include "openslice.fullname" . }}-mysql/{{ .Values.oscreds.mysql.tmf.database }}",
                   "spring-addons.issuers[0].uri":"{{ .Values.rooturl }}/auth/realms/openslice",
                   "spring-addons.issuers[0].username-json-path":"$.preferred_username",
                   "spring-addons.issuers[0].claims[0].jsonPath":"$.realm_access.roles",
@@ -65,11 +65,11 @@ spec:
             - mountPath: /root
               name: osscapi-claim0
             - mountPath: "/etc/config/spring.datasource.username"
-              name: mysql-portal-secrets
+              name: mysql-tmf-secrets
               subPath: username
               readOnly: true
             - mountPath: "/etc/config/spring.datasource.password"
-              name: mysql-portal-secrets
+              name: mysql-tmf-secrets
               subPath: password
               readOnly: true
             - mountPath: "/etc/config/spring.activemq.user"
@@ -92,9 +92,9 @@ spec:
         - name: artemis-secrets
           secret:
             secretName: {{ include "openslice.secrets.activemq" . }}
-        - name: mysql-portal-secrets
+        - name: mysql-tmf-secrets
           secret:
-            secretName: {{ include "openslice.secrets.portal.mysql" . }}
+            secretName: {{ include "openslice.secrets.tmf.mysql" . }}
 ---
 apiVersion: v1
 kind: Service
diff --git a/kubernetes/helm/openslice/values.yaml b/kubernetes/helm/openslice/values.yaml
index 353f10ff740dcb6fda287e8251c8f10345ed4f67..68c48ab6b95050721c47c6da33a153986e2f0c49 100644
--- a/kubernetes/helm/openslice/values.yaml
+++ b/kubernetes/helm/openslice/values.yaml
@@ -136,6 +136,18 @@ oscreds:
       username: keycloak
       password: password
       adminpassword: Pa55w0rd
+    tmf:
+      # The name of an existing secret to use for the tmf portal user.
+      #
+      # The secret requires the following keys:
+      # - `username` the database user
+      # - `password` the database user's password
+      # - `database` the database to use for the tmf apis
+      existingSecret: ""
+
+      database: ostmfdb
+      username: tmfuser
+      password: "12345"
     portal:
       # The name of an existing secret to use for the mysql portal user.
       #