diff --git a/static/env-vars/activitylog.yaml b/static/env-vars/activitylog.yaml
index 7241a2df..b2bdf545 100644
--- a/static/env-vars/activitylog.yaml
+++ b/static/env-vars/activitylog.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: activitylog.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/activitylog_configvars.md b/static/env-vars/activitylog_configvars.md
index aad2f438..d3e04384 100644
--- a/static/env-vars/activitylog_configvars.md
+++ b/static/env-vars/activitylog_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **activitylog** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`ACTIVITYLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`ACTIVITYLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`ACTIVITYLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`ACTIVITYLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`ACTIVITYLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`ACTIVITYLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`ACTIVITYLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -43,5 +39,5 @@ Environment variables for the **activitylog** service
 |`OC_DEFAULT_LANGUAGE`| 1.0.0 |string|`The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details.`|`en`|
 |`OC_SERVICE_ACCOUNT_ID`<br/>`ACTIVITYLOG_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``|
 |`OC_SERVICE_ACCOUNT_SECRET`<br/>`ACTIVITYLOG_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``|
-|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| next |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|`10s`|
-|`ACTIVITYLOG_MAX_ACTIVITIES`| next |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|`6000`|
+|`ACTIVITYLOG_WRITE_BUFFER_DURATION`| 4.0.0 |Duration|`The duration to wait before flushing the write buffer. This is used to reduce the number of writes to the store.`|`10s`|
+|`ACTIVITYLOG_MAX_ACTIVITIES`| 4.0.0 |int|`The maximum number of activities to keep in the store per resource. If the number of activities exceeds this value, the oldest activities will be removed.`|`6000`|
diff --git a/static/env-vars/activitylog_readme.md b/static/env-vars/activitylog_readme.md
index 108eed5d..eeab4f25 100644
--- a/static/env-vars/activitylog_readme.md
+++ b/static/env-vars/activitylog_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Activitylog
-date: 2025-11-13T17:22:55.092232+01:00
+date: 2025-11-27T22:19:23.792254+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/activitylog
diff --git a/static/env-vars/antivirus.yaml b/static/env-vars/antivirus.yaml
index 9f0249b3..43a9d201 100644
--- a/static/env-vars/antivirus.yaml
+++ b/static/env-vars/antivirus.yaml
@@ -12,11 +12,6 @@ debug:
   token: ""
   pprof: false
   zpages: false
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 infected-file-handling: delete
 events:
   endpoint: 127.0.0.1:9233
diff --git a/static/env-vars/antivirus_configvars.md b/static/env-vars/antivirus_configvars.md
index d0f6703e..092c14d0 100644
--- a/static/env-vars/antivirus_configvars.md
+++ b/static/env-vars/antivirus_configvars.md
@@ -10,10 +10,6 @@ Environment variables for the **antivirus** service
 |`ANTIVIRUS_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``|
 |`ANTIVIRUS_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`|
 |`ANTIVIRUS_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`|
-|`OC_TRACING_ENABLED`<br/>`ANTIVIRUS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`ANTIVIRUS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`ANTIVIRUS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`ANTIVIRUS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`ANTIVIRUS_INFECTED_FILE_HANDLING`| 1.0.0 |string|`Defines the behaviour when a virus has been found. Supported options are: 'delete', 'continue' and 'abort '. Delete will delete the file. Continue will mark the file as infected but continues further processing. Abort will keep the file in the uploads folder for further admin inspection and will not move it to its final destination.`|`delete`|
 |`OC_EVENTS_ENDPOINT`<br/>`ANTIVIRUS_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`|
 |`OC_EVENTS_CLUSTER`<br/>`ANTIVIRUS_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`|
diff --git a/static/env-vars/antivirus_readme.md b/static/env-vars/antivirus_readme.md
index 6fd10596..d0d08972 100644
--- a/static/env-vars/antivirus_readme.md
+++ b/static/env-vars/antivirus_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Antivirus
-date: 2025-11-13T17:22:55.092547+01:00
+date: 2025-11-27T22:19:23.792531+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/antivirus
diff --git a/static/env-vars/app-provider.yaml b/static/env-vars/app-provider.yaml
index eb29648d..8e19ea51 100644
--- a/static/env-vars/app-provider.yaml
+++ b/static/env-vars/app-provider.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: app-provider.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/app-provider_configvars.md b/static/env-vars/app-provider_configvars.md
index 3d975d82..ae45b515 100644
--- a/static/env-vars/app-provider_configvars.md
+++ b/static/env-vars/app-provider_configvars.md
@@ -3,10 +3,6 @@ Environment variables for the **app-provider** service
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
 |`APP_PROVIDER_SERVICE_NAME`| 1.0.0 |string|`The name of the service. This needs to be changed when using more than one app provider. Each app provider configured needs to be identified by a unique service name. Possible examples are: 'app-provider-collabora', 'app-provider-onlyoffice', 'app-provider-office365'.`|`app-provider`|
-|`OC_TRACING_ENABLED`<br/>`APP_PROVIDER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`APP_PROVIDER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`APP_PROVIDER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`APP_PROVIDER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`APP_PROVIDER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`APP_PROVIDER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`APP_PROVIDER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/app-provider_readme.md b/static/env-vars/app-provider_readme.md
index e7d88d64..3f508f4b 100644
--- a/static/env-vars/app-provider_readme.md
+++ b/static/env-vars/app-provider_readme.md
@@ -1,6 +1,6 @@
 ---
-title: Antivirus
-date: 2025-11-12T11:19:19.198072+01:00
+title: App Provider
+date: 2025-11-27T22:19:23.792735+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/app-provider
@@ -13,97 +13,29 @@ geekdocCollapseSection: true
 ## Abstract
 
 
-The `antivirus` service is responsible for scanning files for viruses.
+The `app-provider` service provides the CS3 App Provider API for OpenCloud. It is responsible for managing and serving applications that can open files based on their MIME types.
+
+The service works in conjunction with the `app-registry` service, which maintains the registry of available applications and their supported MIME types. When a client requests to open a file with a specific application, the `app-provider` service handles the request and coordinates with the application to provide the appropriate interface.
 
 
 ## Table of Contents
 
-* [Memory Considerations](#memory-considerations)
+* [Integration](#integration)
 * [Configuration](#configuration)
-  * [Antivirus Scanner Type](#antivirus-scanner-type)
-  * [Maximum Scan Size](#maximum-scan-size)
-  * [Antivirus Workers](#antivirus-workers)
-  * [Infected File Handling](#infected-file-handling)
-  * [Scanner Inaccessibility](#scanner-inaccessibility)
-* [Operation Modes](#operation-modes)
-  * [Postprocessing](#postprocessing)
-  * [Scaling in Kubernetes](#scaling-in-kubernetes)
-
-## Memory Considerations
-
-The antivirus service can consume considerable amounts of memory.
-This is relevant to provide or define sufficient memory for the deployment selected.
-To avoid out of memory (OOM) situations, the following equation gives a rough overview based on experiences made.
-The memory calculation comes without any guarantee, is intended as overview only and subject of change.
+* [Scalability](#scalability)
 
-`memory limit` = `max file size` x `workers` x `factor 8 - 14`
+## Integration
 
-With:
-`ANTIVIRUS_WORKERS` == 1
-```plaintext
- 50MB file --> factor 14   --> 700MB memory
-844MB file --> factor  8,3 -->   7GB memory
-```
+The `app-provider` service integrates with:
+- `app-registry` - For discovering which applications are available for specific MIME types
+- `frontend` - The frontend service forwards app provider requests (default endpoint `/app`) to this service
 
 ## Configuration
 
-### Antivirus Scanner Type
-
-The antivirus service currently supports [ICAP](https://tools.ietf.org/html/rfc3507) and [ClamAV](http://www.clamav.net/index.html) as antivirus scanners.
-The `ANTIVIRUS_SCANNER_TYPE` environment variable is used to select the scanner.
-The detailed configuration for each scanner heavily depends on the scanner type selected.
-See the environment variables for more details.
-
-  -   For `icap`, only scanners using the `X-Infection-Found` header are currently supported.
-  -   For `clamav` only local sockets can currently be configured.
-
-### Maximum Scan Size
-
-Several factors can make it necessary to limit the maximum filesize the antivirus service uses for scanning.
-Use the `ANTIVIRUS_MAX_SCAN_SIZE` environment variable to scan only a given number of bytes,
-or to skip the whole resource.
-
-Even if it's recommended to scan the whole file, several factors like scanner type and version,
-bandwidth, performance issues, etc. might make a limit necessary.
-
-In such cases, the antivirus the max scan size mode can be handy, the following modes are available:
-
-  -   `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE=partial`
-  -   `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE=skip`
-
-**IMPORTANT**
-> Streaming of files to the virus scan service still [needs to be implemented](https://github.com/owncloud/ocis/issues/6803).
-> To prevent OOM errors `ANTIVIRUS_MAX_SCAN_SIZE` needs to be set lower than available ram and or the maximum file size that can be scanned by the virus scanner.
-
-### Antivirus Workers
-
-The number of concurrent scans can be increased by setting `ANTIVIRUS_WORKERS`. Be aware that this will also increase memory usage.
-
-### Infected File Handling
-
-The antivirus service allows three different ways of handling infected files. Those can be set via the `ANTIVIRUS_INFECTED_FILE_HANDLING` environment variable:
-
-  -   `delete`: (default): Infected files will be deleted immediately, further postprocessing is cancelled.
-  -   `abort`:  (advanced option): Infected files will be kept, further postprocessing is cancelled. Files can be manually retrieved and inspected by an admin. To identify the file for further investigation, the antivirus service logs the abort/infected state including the file ID. The file is located in the `storage/users/uploads` folder of the OpenCloud data directory and persists until it is manually deleted by the admin via the [Manage Unfinished Uploads](https://github.com/opencloud-eu/opencloud/tree/main/services/storage-users#manage-unfinished-uploads) command.
-  -   `continue`:  (not recommended): Infected files will be marked via metadata as infected, but postprocessing continues normally. Note: Infected Files are moved to their final destination and therefore not prevented from download, which includes the risk of spreading viruses.
-
-In all cases, a log entry is added declaring the infection and handling method and a notification via the `userlog` service sent.
-
-### Scanner Inaccessibility
-
-In case a scanner is not accessible by the antivirus service like a network outage, service outage or hardware outage, the antivirus service uses the `abort` case for further processing, independent of the actual setting made. In any case, an error is logged noting the inaccessibility of the scanner used.
-
-## Operation Modes
-
-The antivirus service can scan files during `postprocessing`. `on demand` scanning is currently not available and might be added in a future release.
-
-### Postprocessing
-
-The antivirus service will scan files during postprocessing. It listens for a postprocessing step called `virusscan`. This step can be added in the environment variable `POSTPROCESSING_STEPS`. Read the documentation of the [postprocessing service](https://github.com/opencloud-eu/opencloud/tree/main/services/postprocessing) for more details.
-
-The number of concurrent scans can be increased by setting `ANTIVIRUS_WORKERS`, but be aware that this will also increase the memory usage.
+The service can be configured via environment variables. Key configuration options include:
+- `APP_PROVIDER_EXTERNAL_ADDR` - External address where the gateway service can reach the app provider
 
-### Scaling in Kubernetes
+## Scalability
 
-In kubernetes, `ANTIVIRUS_WORKERS` and `ANTIVIRUS_MAX_SCAN_SIZE` can be used to trigger the horizontal pod autoscaler by requesting a memory size that is below `ANTIVIRUS_MAX_SCAN_SIZE`. Keep in mind that `ANTIVIRUS_MAX_SCAN_SIZE` amount of memory might be held by `ANTIVIRUS_WORKERS` number of go routines.
+The app-provider service can be scaled horizontally as it primarily acts as a coordinator between applications and the OpenCloud backend services.
 
diff --git a/static/env-vars/app-registry.yaml b/static/env-vars/app-registry.yaml
index ec5985db..cd6c50c9 100644
--- a/static/env-vars/app-registry.yaml
+++ b/static/env-vars/app-registry.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: app-registry.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/app-registry_configvars.md b/static/env-vars/app-registry_configvars.md
index ea182854..1546f281 100644
--- a/static/env-vars/app-registry_configvars.md
+++ b/static/env-vars/app-registry_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **app-registry** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`APP_REGISTRY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`APP_REGISTRY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`APP_REGISTRY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`APP_REGISTRY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`APP_REGISTRY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`APP_REGISTRY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`APP_REGISTRY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/app-registry_readme.md b/static/env-vars/app-registry_readme.md
index 859ea723..ab662035 100644
--- a/static/env-vars/app-registry_readme.md
+++ b/static/env-vars/app-registry_readme.md
@@ -1,6 +1,6 @@
 ---
 title: App Registry
-date: 2025-11-13T17:22:55.092655+01:00
+date: 2025-11-27T22:19:23.792926+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/app-registry
@@ -20,7 +20,7 @@ Administrators can set default applications on a per MIME type basis and also al
 
 ## Table of Contents
 
-* [MIME Type Configuration / Creation Allow List](#mime-type-configuration--creation-allow-list)
+* [MIME Type Configuration / Creation Allow List](#mime-type-configuration-/-creation-allow-list)
   * [MIME Type Configuration](#mime-type-configuration)
 * [Endpoint Access](#endpoint-access)
   * [Listing available apps and mime types](#listing-available-apps-and-mime-types)
diff --git a/static/env-vars/audit.yaml b/static/env-vars/audit.yaml
index 6d9864ce..5a0cf91f 100644
--- a/static/env-vars/audit.yaml
+++ b/static/env-vars/audit.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: audit.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/audit_configvars.md b/static/env-vars/audit_configvars.md
index 31c9fa66..103db962 100644
--- a/static/env-vars/audit_configvars.md
+++ b/static/env-vars/audit_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **audit** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`AUDIT_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`AUDIT_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`AUDIT_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`AUDIT_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`AUDIT_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`AUDIT_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`AUDIT_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/audit_readme.md b/static/env-vars/audit_readme.md
index f187fd9f..8868a596 100644
--- a/static/env-vars/audit_readme.md
+++ b/static/env-vars/audit_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Audit
-date: 2025-11-13T17:22:55.092897+01:00
+date: 2025-11-27T22:19:23.793222+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/audit
diff --git a/static/env-vars/auth-app.yaml b/static/env-vars/auth-app.yaml
index b5e41b01..c180ec4e 100644
--- a/static/env-vars/auth-app.yaml
+++ b/static/env-vars/auth-app.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: auth-app.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/auth-app_configvars.md b/static/env-vars/auth-app_configvars.md
index 723c8a87..07f8cda4 100644
--- a/static/env-vars/auth-app_configvars.md
+++ b/static/env-vars/auth-app_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **auth-app** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`AUTH_APP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`AUTH_APP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`AUTH_APP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`AUTH_APP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`AUTH_APP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`AUTH_APP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`AUTH_APP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -32,11 +28,11 @@ Environment variables for the **auth-app** service
 |`AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN`| 1.0.0 |bool|`Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups.`|`false`|
 |`OC_MACHINE_AUTH_API_KEY`<br/>`AUTH_APP_MACHINE_AUTH_API_KEY`| 1.0.0 |string|`The machine auth API key used to validate internal requests necessary to access resources from other services.`|``|
 |`AUTH_APP_ENABLE_IMPERSONATION`| 1.0.0 |bool|`Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments.`|`false`|
-|`AUTH_APP_STORAGE_DRIVER`| next |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|`jsoncs3`|
-|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|
-|`OC_SYSTEM_USER_ID`<br/>`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``|
-|`OC_SYSTEM_USER_IDP`<br/>`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`|
-|`OC_SYSTEM_USER_API_KEY`<br/>`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|``|
-|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| next |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|`diceware`|
-|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| next |int|`The number of words the generated passphrase will have.`|`6`|
-|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| next |int|`The number of charactors the generated passwords will have.`|`0`|
+|`AUTH_APP_STORAGE_DRIVER`| 4.0.0 |string|`Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'.`|`jsoncs3`|
+|`AUTH_APP_JSONCS3_PROVIDER_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|
+|`OC_SYSTEM_USER_ID`<br/>`AUTH_APP_JSONCS3_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``|
+|`OC_SYSTEM_USER_IDP`<br/>`AUTH_APP_JSONCS3_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`|
+|`OC_SYSTEM_USER_API_KEY`<br/>`AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``|
+|`AUTH_APP_JSONCS3_PASSWORD_GENERATOR`| 4.0.0 |string|`The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'.`|`diceware`|
+|`AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS`| 4.0.0 |int|`The number of words the generated passphrase will have.`|`6`|
+|`AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH`| 4.0.0 |int|`The number of charactors the generated passwords will have.`|`0`|
diff --git a/static/env-vars/auth-app_readme.md b/static/env-vars/auth-app_readme.md
index f6a1679f..475db57f 100644
--- a/static/env-vars/auth-app_readme.md
+++ b/static/env-vars/auth-app_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-App
-date: 2025-11-13T17:22:55.093061+01:00
+date: 2025-11-27T22:19:23.793388+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/auth-app
@@ -30,7 +30,7 @@ PROXY_ENABLE_APP_AUTH=false      # mandatory, disables app authentication. In ca
 * [Managing App Tokens](#managing-app-tokens)
   * [Via API](#via-api)
   * [Via Impersonation API](#via-impersonation-api)
-  * [Via CLI (developer only)](#via-cli-developer-only))
+  * [Via CLI (developer only)](#via-cli-(developer-only))
 * [Authenticating using App Tokens](#authenticating-using-app-tokens)
 
 ## App Tokens
diff --git a/static/env-vars/auth-basic.yaml b/static/env-vars/auth-basic.yaml
index d3f951d5..55adb652 100644
--- a/static/env-vars/auth-basic.yaml
+++ b/static/env-vars/auth-basic.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: auth-basic.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/auth-basic_configvars.md b/static/env-vars/auth-basic_configvars.md
index 62e2b5d1..b0cbd468 100644
--- a/static/env-vars/auth-basic_configvars.md
+++ b/static/env-vars/auth-basic_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **auth-basic** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`AUTH_BASIC_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`AUTH_BASIC_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`AUTH_BASIC_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`AUTH_BASIC_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`AUTH_BASIC_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`AUTH_BASIC_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`AUTH_BASIC_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -40,7 +36,7 @@ Environment variables for the **auth-basic** service
 |`OC_LDAP_DISABLE_USER_MECHANISM`<br/>`AUTH_BASIC_DISABLE_USER_MECHANISM`| 1.0.0 |string|`An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed.`|`attribute`|
 |`OC_LDAP_DISABLED_USERS_GROUP_DN`<br/>`AUTH_BASIC_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`|
 |`OC_LDAP_USER_SCHEMA_ID`<br/>`AUTH_BASIC_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openCloudUUID`|
-|`OC_LDAP_USER_SCHEMA_TENANT_ID`<br/>`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``|
+|`OC_LDAP_USER_SCHEMA_TENANT_ID`<br/>`AUTH_BASIC_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``|
 |`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`<br/>`AUTH_BASIC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user IDs.`|`false`|
 |`OC_LDAP_USER_SCHEMA_MAIL`<br/>`AUTH_BASIC_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`|
 |`OC_LDAP_USER_SCHEMA_DISPLAYNAME`<br/>`AUTH_BASIC_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`|
diff --git a/static/env-vars/auth-basic_readme.md b/static/env-vars/auth-basic_readme.md
index df4846c1..fca8e94a 100644
--- a/static/env-vars/auth-basic_readme.md
+++ b/static/env-vars/auth-basic_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-Basic
-date: 2025-11-13T17:22:55.093151+01:00
+date: 2025-11-27T22:19:23.79357+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/auth-basic
@@ -22,7 +22,7 @@ To enable `auth-basic`, you first must set `PROXY_ENABLE_BASIC_AUTH` to `true`.
 
 ## Table of Contents
 
-* [The `auth` Service Family](#the-auth-service-family)
+* [The `auth` Service Family](#the-`auth`-service-family)
 * [Auth Managers](#auth-managers)
   * [LDAP Auth Manager](#ldap-auth-manager)
   * [Other Auth Managers](#other-auth-managers)
diff --git a/static/env-vars/auth-bearer.yaml b/static/env-vars/auth-bearer.yaml
index f4ef9027..3d6569a2 100644
--- a/static/env-vars/auth-bearer.yaml
+++ b/static/env-vars/auth-bearer.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: auth-bearer.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/auth-bearer_configvars.md b/static/env-vars/auth-bearer_configvars.md
index 90a263d2..ce85b095 100644
--- a/static/env-vars/auth-bearer_configvars.md
+++ b/static/env-vars/auth-bearer_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **auth-bearer** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`AUTH_BEARER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`AUTH_BEARER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`AUTH_BEARER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`AUTH_BEARER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`AUTH_BEARER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`AUTH_BEARER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`AUTH_BEARER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/auth-bearer_readme.md b/static/env-vars/auth-bearer_readme.md
index c33a37cf..d2a0a9b0 100644
--- a/static/env-vars/auth-bearer_readme.md
+++ b/static/env-vars/auth-bearer_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-Bearer
-date: 2025-11-13T17:22:55.093335+01:00
+date: 2025-11-27T22:19:23.793732+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/auth-bearer
@@ -18,7 +18,7 @@ The OpenCloud Auth Bearer service communicates with the configured OpenID Connec
 
 ## Table of Contents
 
-* [The `auth` Service Family](#the-auth-service-family)
+* [The `auth` Service Family](#the-`auth`-service-family)
 * [Built in OpenID Connect Identity Provider](#built-in-openid-connect-identity-provider)
 * [Scalability](#scalability)
 
diff --git a/static/env-vars/auth-machine.yaml b/static/env-vars/auth-machine.yaml
index 070c15d6..b916927d 100644
--- a/static/env-vars/auth-machine.yaml
+++ b/static/env-vars/auth-machine.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: auth-machine.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/auth-machine_configvars.md b/static/env-vars/auth-machine_configvars.md
index 797d7b58..11f65a55 100644
--- a/static/env-vars/auth-machine_configvars.md
+++ b/static/env-vars/auth-machine_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **auth-machine** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`AUTH_MACHINE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`AUTH_MACHINE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`AUTH_MACHINE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`AUTH_MACHINE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`AUTH_MACHINE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`AUTH_MACHINE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`AUTH_MACHINE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/auth-machine_readme.md b/static/env-vars/auth-machine_readme.md
index 58c0edf1..9d0b5b17 100644
--- a/static/env-vars/auth-machine_readme.md
+++ b/static/env-vars/auth-machine_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-Machine
-date: 2025-11-13T17:22:55.093564+01:00
+date: 2025-11-27T22:19:23.793954+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/auth-machine
diff --git a/static/env-vars/auth-service.yaml b/static/env-vars/auth-service.yaml
index 8a2230df..d310451f 100644
--- a/static/env-vars/auth-service.yaml
+++ b/static/env-vars/auth-service.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: auth-service.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/auth-service_configvars.md b/static/env-vars/auth-service_configvars.md
index cfad01cb..7b90239d 100644
--- a/static/env-vars/auth-service_configvars.md
+++ b/static/env-vars/auth-service_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **auth-service** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`AUTH_SERVICE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`AUTH_SERVICE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`AUTH_SERVICE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`AUTH_SERVICE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`AUTH_SERVICE_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`AUTH_SERVICE_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`AUTH_SERVICE_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/auth-service_readme.md b/static/env-vars/auth-service_readme.md
index 985994d9..2629517d 100644
--- a/static/env-vars/auth-service_readme.md
+++ b/static/env-vars/auth-service_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Auth-Service
-date: 2025-11-13T17:22:55.093816+01:00
+date: 2025-11-27T22:19:23.79406+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/auth-service
@@ -18,7 +18,7 @@ The OpenCloud Auth Service is used to authenticate service accounts. Compared to
 
 ## Table of Contents
 
-* [The `auth` Service Family](#the-auth-service-family)
+* [The `auth` Service Family](#the-`auth`-service-family)
 * [Service Accounts](#service-accounts)
 * [Configuring Service Accounts](#configuring-service-accounts)
 
diff --git a/static/env-vars/clientlog.yaml b/static/env-vars/clientlog.yaml
index a3af04f3..10419623 100644
--- a/static/env-vars/clientlog.yaml
+++ b/static/env-vars/clientlog.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: clientlog.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/clientlog_configvars.md b/static/env-vars/clientlog_configvars.md
index e876b156..0ba67365 100644
--- a/static/env-vars/clientlog_configvars.md
+++ b/static/env-vars/clientlog_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **clientlog** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`CLIENTLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`CLIENTLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`CLIENTLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`CLIENTLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`CLIENTLOG_USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`CLIENTLOG_USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`CLIENTLOG_USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/clientlog_readme.md b/static/env-vars/clientlog_readme.md
index 02c6600d..761ca412 100644
--- a/static/env-vars/clientlog_readme.md
+++ b/static/env-vars/clientlog_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Clientlog Service
-date: 2025-11-13T17:22:55.094245+01:00
+date: 2025-11-27T22:19:23.794161+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/clientlog
diff --git a/static/env-vars/collaboration.yaml b/static/env-vars/collaboration.yaml
index 1076bcf5..ef04082d 100644
--- a/static/env-vars/collaboration.yaml
+++ b/static/env-vars/collaboration.yaml
@@ -46,11 +46,6 @@ cs3api:
     insecure: false
   grpc_client_tls: null
   app_registration_interval: 30s
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/collaboration_configvars.md b/static/env-vars/collaboration_configvars.md
index b46f67b3..69eaa680 100644
--- a/static/env-vars/collaboration_configvars.md
+++ b/static/env-vars/collaboration_configvars.md
@@ -34,11 +34,7 @@ Environment variables for the **collaboration** service
 |`COLLABORATION_WOPI_SHORTTOKENS`| 1.0.0 |bool|`Use short access tokens for WOPI access. This is useful for office packages, like Microsoft Office Online, which have URL length restrictions. If enabled, a persistent store must be configured.`|`false`|
 |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata.`|`eu.opencloud.api.gateway`|
 |`COLLABORATION_CS3API_DATAGATEWAY_INSECURE`| 1.0.0 |bool|`Connect to the CS3API data gateway insecurely.`|`false`|
-|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| next |Duration|`The interval at which the app provider registers itself.`|`30s`|
-|`OC_TRACING_ENABLED`<br/>`COLLABORATION_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`COLLABORATION_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`COLLABORATION_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`COLLABORATION_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
+|`COLLABORATION_CS3API_APP_REGISTRATION_INTERVAL`| 4.0.0 |Duration|`The interval at which the app provider registers itself.`|`30s`|
 |`OC_LOG_LEVEL`<br/>`COLLABORATION_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`COLLABORATION_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`COLLABORATION_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/collaboration_readme.md b/static/env-vars/collaboration_readme.md
index b9dd5669..6eb7a3f5 100644
--- a/static/env-vars/collaboration_readme.md
+++ b/static/env-vars/collaboration_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Collaboration
-date: 2025-11-13T17:22:55.094416+01:00
+date: 2025-11-27T22:19:23.79433+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/collaboration
diff --git a/static/env-vars/eventhistory.yaml b/static/env-vars/eventhistory.yaml
index a8d559d1..4a0bdc7d 100644
--- a/static/env-vars/eventhistory.yaml
+++ b/static/env-vars/eventhistory.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: eventhistory.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/eventhistory_configvars.md b/static/env-vars/eventhistory_configvars.md
index e41a1d95..00df06cd 100644
--- a/static/env-vars/eventhistory_configvars.md
+++ b/static/env-vars/eventhistory_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **eventhistory** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`EVENTHISTORY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`EVENTHISTORY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`EVENTHISTORY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`EVENTHISTORY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`EVENTHISTORY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`EVENTHISTORY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`EVENTHISTORY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/eventhistory_readme.md b/static/env-vars/eventhistory_readme.md
index 47dd76b4..7ecc8816 100644
--- a/static/env-vars/eventhistory_readme.md
+++ b/static/env-vars/eventhistory_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Eventhistory
-date: 2025-11-13T17:22:55.094497+01:00
+date: 2025-11-27T22:19:23.794499+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/eventhistory
diff --git a/static/env-vars/extended_configvars.md b/static/env-vars/extended_configvars.md
index 01e7e344..a16f8760 100644
--- a/static/env-vars/extended_configvars.md
+++ b/static/env-vars/extended_configvars.md
@@ -2,114 +2,309 @@
 
 | Name | Type | Description | Default Value |
 |---|---|---|---|
+`APPDATA` |  |  |  |
+`AWS_ACCESS_KEY` |  |  |  |
+`AWS_ACCESS_KEY_ID` |  |  |  |
+`AWS_CONTAINER_AUTHORIZATION_TOKEN` |  |  |  |
+`AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE` |  |  |  |
+`AWS_CONTAINER_CREDENTIALS_FULL_URI` |  |  |  |
+`AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` |  |  |  |
+`AWS_PROFILE` |  |  |  |
+`AWS_REGION` |  |  |  |
+`AWS_ROLE_ARN` |  |  |  |
+`AWS_ROLE_SESSION_NAME` |  |  |  |
+`AWS_SECRET_ACCESS_KEY` |  |  |  |
+`AWS_SECRET_KEY` |  |  |  |
+`AWS_SESSION_TOKEN` |  |  |  |
+`AWS_SHARED_CREDENTIALS_FILE` |  |  |  |
+`AWS_WEB_IDENTITY_TOKEN_FILE` |  |  |  |
+`CEPH_SUITE_VERSION` |  |  |  |
+`CEPH_VOLUME_ALLOW_LOOP_DEVICES` |  |  |  |
 `CI` |  |  |  |
 `CI` |  |  |  |
 `CI` |  |  |  |
+`CI` |  |  |  |
+`CI` |  |  |  |
+`CI` |  |  |  |
+`CI_SYSTEM_NAME` |  |  |  |
 `CI_SYSTEM_NAME` |  |  |  |
 `CI_SYSTEM_NAME` |  |  |  |
 `CI_SYSTEM_NAME` |  |  |  |
+`CI_SYSTEM_NAME` |  |  |  |
+`CONJUR_CLOUD_ADMIN_PASS` |  |  |  |
+`CS3_GATEWAY` |  |  |  |
 `CS3_GATEWAY` |  |  |  |
 `CS3_GATEWAY` |  |  |  |
 `CS3_GATEWAY` |  |  |  |
+    
 `CS3_GATEWAY` |  |  |  |
 `CS3_GATEWAY` |  |  |  |
+    
 `CS3_MACHINE_AUTH_API_KEY` |  |  |  |
 `CS3_MACHINE_AUTH_API_KEY` |  |  |  |
 `CS3_MACHINE_AUTH_API_KEY` |  |  |  |
 `CS3_MACHINE_AUTH_API_KEY` |  |  |  |
 `CS3_MACHINE_AUTH_API_KEY` |  |  |  |
+`CS3_MACHINE_AUTH_API_KEY` |  |  |  |
+    
+    
+`DAYS` |  |  |  |
+    
 `DAYS` |  |  |  |
 `DAYS` |  |  |  |
 `DAYS` |  |  |  |
+    
 `DAYS` |  |  |  |
 `DAYS` |  |  |  |
+`DOCKERCMD` |  |  |  |
+`DaemonMarkVar` |  |  |  |
+`DiscoverDaemonUdev` |  |  |  |
+    
 `GITHUB_API_TOKEN` |  |  |  |
+`GITHUB_TOKEN` |  |  |  |
+`GITHUB_USER` |  |  |  |
+`GOPATH` |  |  |  |
+`GOPATH` |  |  |  |
+`GO_HELPER_PROCESS_PRINT_COMMAND` |  |  |  |
+`GO_HELPER_PROCESS_RETCODE` |  |  |  |
+`GO_HELPER_PROCESS_RETCODE` |  |  |  |
+`GO_HELPER_PROCESS_STDERR` |  |  |  |
+`GO_HELPER_PROCESS_STDERR` |  |  |  |
+`GO_HELPER_PROCESS_STDOUT` |  |  |  |
+`GO_HELPER_PROCESS_STDOUT` |  |  |  |
+`GO_WANT_HELPER_PROCESS` |  |  |  |
+`GO_WANT_HELPER_PROCESS` |  |  |  |
 `GRACEFUL` |  |  |  |
+    
+`GRACEFUL` |  |  |  |
+`HOME` |  |  |  |
+`HOME` |  |  |  |
+    
 `HOSTNAME` |  |  |  |
+    
+    
 `HOSTNAME` |  |  |  |
 `HOSTNAME` |  |  |  |
+    
+    
 `HOSTNAME` |  |  |  |
+    
 `HOSTNAME` |  |  |  |
 `HOSTNAME` |  |  |  |
 `HOSTNAME` |  |  |  |
-`KOPANO_DEBUG_SERVER_REQUEST_LOG` |  |  |  |
-`LDAP_BASEDN` |  |  |  |
-`LDAP_BINDDN` |  |  |  |
-`LDAP_BINDPW` |  |  |  |
-`LDAP_EMAIL_ATTRIBUTE` |  |  |  |
-`LDAP_FAMILY_NAME_ATTRIBUTE` |  |  |  |
-`LDAP_FILTER` |  |  |  |
-`LDAP_GIVEN_NAME_ATTRIBUTE` |  |  |  |
-`LDAP_LOGIN_ATTRIBUTE` |  |  |  |
-`LDAP_NAME_ATTRIBUTE` |  |  |  |
-`LDAP_SCOPE` |  |  |  |
-`LDAP_SUB_ATTRIBUTES` |  |  |  |
-`LDAP_TLS_CACERT` |  |  |  |
-`LDAP_UIDNUMBER_ATTRIBUTE` |  |  |  |
-`LDAP_URI` |  |  |  |
-`LDAP_UUID_ATTRIBUTE` |  |  |  |
-`LDAP_UUID_ATTRIBUTE_TYPE` |  |  |  |
-`LIBREGRAPH_SCOPED_URIS` |  |  |  |
-`LIBREGRAPH_URI` |  |  |  |
-`LICOD_ENCRYPTION_SECRET` |  |  |  |
-`LICOD_SIGNING_KID` |  |  |  |
-`LICOD_VALIDATION_KEYS_PATH` |  |  |  |
+    
+`HOSTNAME` |  |  |  |
+    
+`KRB5CCNAME` |  |  |  |
+`KRB5CCNAME` |  |  |  |
+`KRB5_CONFIG` |  |  |  |
+`KRB5_CONFIG` |  |  |  |
+`KUBECONFIG` |  |  |  |
+`KUBECONFIG` |  |  |  |
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+`LOGNAME` |  |  |  |
+    
+`MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
+`MICRO_LOG_LEVEL` |  |  |  |
+    
+    
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
+    
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
 `MICRO_LOG_LEVEL` |  |  |  |
 `MIDDLEWARE_PROJECT_DIR` |  |  |  |
+`MINIO_ACCESS_KEY` |  |  |  |
+`MINIO_ALIAS` |  |  |  |
+`MINIO_GO_TEST_BUCKET_CORS` |  |  |  |
+`MINIO_ROOT_PASSWORD` |  |  |  |
+`MINIO_ROOT_USER` |  |  |  |
+`MINIO_SECRET_KEY` |  |  |  |
+`MINT_MODE` |  |  |  |
+`MINT_NO_FULL_OBJECT` |  |  |  |
+`MINT_NO_FULL_OBJECT` |  |  |  |
+`MINT_NO_FULL_OBJECT` |  |  |  |
 `MONTH` |  |  |  |
+`MONTH` |  |  |  |
+    
 `MONTH` |  |  |  |
 `MONTH` |  |  |  |
 `MONTH` |  |  |  |
 `MONTH` |  |  |  |
+    
+`NEXTCLOUD` |  |  |  |
 `NEXTCLOUD` |  |  |  |
 `NEXTCLOUD` |  |  |  |
 `NEXTCLOUD` |  |  |  |
 `NEXTCLOUD` |  |  |  |
+`NEXTCLOUD` |  |  |  |
+    
+    
+    
+    
+`NEXTCLOUD` |  |  |  |
+`NEXTCLOUD` |  |  |  |
+`NOTIFY_ACCOUNTID` |  |  |  |
+`NOTIFY_ACCOUNTID` |  |  |  |
+`NOTIFY_BUCKET` |  |  |  |
+`NOTIFY_BUCKET` |  |  |  |
+`NOTIFY_REGION` |  |  |  |
+`NOTIFY_REGION` |  |  |  |
+`NOTIFY_RESOURCE` |  |  |  |
+`NOTIFY_RESOURCE` |  |  |  |
+`NOTIFY_SERVICE` |  |  |  |
+`NOTIFY_SERVICE` |  |  |  |
+`NodeNameEnvVar` |  |  |  |
+`OCIS_BASE_DATA_PATH` |  |  |  |
+`OCIS_CONFIG_DIR` |  |  |  |
+`OCIS_INSECURE` |  |  |  |
 `OC_BASE_DATA_PATH` |  |  |  |
+    
 `OC_BASE_DATA_PATH` |  |  |  |
 `OC_BASE_DATA_PATH` |  |  |  |
+    
 `OC_BASE_DATA_PATH` |  |  |  |
 `OC_BASE_DATA_PATH` |  |  |  |
+    
 `OC_CONFIG_DIR` |  |  |  |
 `OC_CONFIG_DIR` |  |  |  |
 `OC_CONFIG_DIR` |  |  |  |
+    
 `OC_CONFIG_DIR` |  |  |  |
 `OC_CONFIG_DIR` |  |  |  |
+    
 `OC_GRPC_MAX_RECEIVED_MESSAGE_SIZE` |  |  |  |
+`OPERATOR_RESOURCES_SPECIFIED` |  |  |  |
 `OX_BLACKLISTED_PACKAGES` |  |  |  |
 `OX_WHITELISTED_PACKAGES` |  |  |  |
+`PATH` |  |  |  |
+`PATH` |  |  |  |
+`PATH` |  |  |  |
+`PLUGIN_ACCESS_KEY` |  |  |  |
+`PLUGIN_BUCKET` |  |  |  |
+`PLUGIN_ENDPOINT` |  |  |  |
+`PLUGIN_REGION` |  |  |  |
+`PLUGIN_SECRET_KEY` |  |  |  |
+`POD_NAMESPACE` |  |  |  |
+`PodNameEnvVar` |  |  |  |
+`PodNamespaceEnvVar` |  |  |  |
+`PodNamespaceEnvVar` |  |  |  |
+`PodNamespaceEnvVar` |  |  |  |
+`RCLONE_CONFIG` |  |  |  |
+`RCLONE_CONFIG` |  |  |  |
+`RCLONE_CONFIG_PASS` |  |  |  |
+`RCLONE_PASSWORD_CHANGE` |  |  |  |
+`RCLONE_PLUGIN_PATH` |  |  |  |
+    
 `REDIS_ADDRESS` |  |  |  |
+`RESTORE_TIMESTAMP` |  |  |  |
+    
+`REVA_APPPROVIDER_IOPSECRET` |  |  |  |
 `REVA_APPPROVIDER_IOPSECRET` |  |  |  |
 `REVA_SMTP_SENDER_PASSWORD` |  |  |  |
+    
+`REVA_SMTP_SENDER_PASSWORD` |  |  |  |
+`ROOK_CEPH_MON_HOST` |  |  |  |
+`ROOK_CEPH_MON_RUN_AS_ROOT` |  |  |  |
+`ROOK_CEPH_STATUS_CHECK_INTERVAL` |  |  |  |
+`ROOK_CEPH_VERSION` |  |  |  |
+`ROOK_CLUSTER_NAME` |  |  |  |
+`ROOK_CRUSHMAP_HOSTNAME` |  |  |  |
+`ROOK_CUSTOM_HOSTNAME_LABEL` |  |  |  |
+`ROOK_HOSTPATH_REQUIRES_PRIVILEGED` |  |  |  |
+`ROOK_MON_HEALTHCHECK_INTERVAL` |  |  |  |
+`ROOK_MON_OUT_TIMEOUT` |  |  |  |
+`ROOK_OSD_ID` |  |  |  |
+`ROOK_TMP_FILE` |  |  |  |
+`ROOK_UNIT_JQ_PATH` |  |  |  |
+`ROOK_UNREACHABLE_NODE_TOLERATION_SECONDS` |  |  |  |
 `RUN_CMD_TEST` |  |  |  |
 `RUN_CMD_TEST` |  |  |  |
+    
+    
 `RUN_CMD_TEST` |  |  |  |
 `RUN_CMD_TEST` |  |  |  |
 `RUN_CMD_TEST` |  |  |  |
+`RUN_CMD_TEST` |  |  |  |
+    
 `RUN_LDAP_TESTS` |  |  |  |
+    
 `RUN_LDAP_TESTS` |  |  |  |
+`RUN_ON_FAIL` |  |  |  |
+`S3_ACCESS_KEY` |  |  |  |
+`S3_ACCESS_KEY` |  |  |  |
+`S3_BUCKET` |  |  |  |
+`S3_BUCKET` |  |  |  |
+`S3_ENDPOINT` |  |  |  |
+`S3_ENDPOINT` |  |  |  |
+`S3_SECRET_KEY` |  |  |  |
+`S3_SECRET_KEY` |  |  |  |
+`S3_USE_SSL` |  |  |  |
+`S3_USE_SSL` |  |  |  |
+`SKIP_CLEANUP_POLICY` |  |  |  |
+`SKIP_TEST_CLEANUP` |  |  |  |
+    
 `SQL_ADDRESS` |  |  |  |
+`SQL_ADDRESS` |  |  |  |
+    
 `SQL_DBNAME` |  |  |  |
+`SQL_DBNAME` |  |  |  |
+    
 `SQL_PASSWORD` |  |  |  |
+`SQL_PASSWORD` |  |  |  |
+    
 `SQL_USERNAME` |  |  |  |
+`SQL_USERNAME` |  |  |  |
+`SSL_CERT_FILE` |  |  |  |
+`TERM` |  |  |  |
+`TEST_HELM_PATH` |  |  |  |
+`TEST_PANIC_DOCHAN` |  |  |  |
+`TEST_PANIC_DOCHAN` |  |  |  |
+`USER` |  |  |  |
+`USE_TESTCONTAINERS` |  |  |  |
 `USE_TESTCONTAINERS` |  |  |  |
 `USE_TESTCONTAINERS` |  |  |  |
 `USE_TESTCONTAINERS` |  |  |  |
+`USE_TESTCONTAINERS` |  |  |  |
+`VAULT_TOKEN` |  |  |  |
+`XDG_CONFIG_HOME` |  |  |  |
+    
 `YEAR` |  |  |  |
 `YEAR` |  |  |  |
+`YEAR` |  |  |  |
+    
 `YEAR` |  |  |  |
 `YEAR` |  |  |  |
 `YEAR` |  |  |  |
+`_RCLONE_CONFIG_KEY_FILE` |  |  |  |
 `_registryAddressEnv` |  |  |  |
+    
 `_registryAddressEnv` |  |  |  |
 `_registryAddressEnv` |  |  |  |
 `_registryAddressEnv` |  |  |  |
@@ -117,24 +312,41 @@
 `_registryAddressEnv` |  |  |  |
 `_registryAddressEnv` |  |  |  |
 `_registryAddressEnv` |  |  |  |
+`_registryAddressEnv` |  |  |  |
+    
 `_registryAddressEnv` |  |  |  |
 `_registryAddressEnv` |  |  |  |
+`_registryAddressEnv` |  |  |  |
+    
+    
+    
 `_registryEnv` |  |  |  |
 `_registryEnv` |  |  |  |
 `_registryEnv` |  |  |  |
+`_registryEnv` |  |  |  |
+    
 `_registryEnv` |  |  |  |
 `_registryEnv` |  |  |  |
 `_registryPasswordEnv` |  |  |  |
 `_registryPasswordEnv` |  |  |  |
+`_registryPasswordEnv` |  |  |  |
+    
 `_registryPasswordEnv` |  |  |  |
 `_registryPasswordEnv` |  |  |  |
+    
 `_registryPasswordEnv` |  |  |  |
 `_registryRegisterIntervalEnv` |  |  |  |
+`_registryRegisterIntervalEnv` |  |  |  |
+    
+    
 `_registryRegisterIntervalEnv` |  |  |  |
 `_registryRegisterIntervalEnv` |  |  |  |
 `_registryRegisterIntervalEnv` |  |  |  |
 `_registryRegisterIntervalEnv` |  |  |  |
 `_registryRegisterTTLEnv` |  |  |  |
+`_registryRegisterTTLEnv` |  |  |  |
+    
+    
 `_registryRegisterTTLEnv` |  |  |  |
 `_registryRegisterTTLEnv` |  |  |  |
 `_registryRegisterTTLEnv` |  |  |  |
@@ -143,17 +355,145 @@
 `_registryUsernameEnv` |  |  |  |
 `_registryUsernameEnv` |  |  |  |
 `_registryUsernameEnv` |  |  |  |
+    
+`_registryUsernameEnv` |  |  |  |
+    
 `_registryUsernameEnv` |  |  |  |
+    
 `_serverMaxConnectionAgeEnv` |  |  |  |
 `_serverMaxConnectionAgeEnv` |  |  |  |
 `_serverMaxConnectionAgeEnv` |  |  |  |
+    
 `_serverMaxConnectionAgeEnv` |  |  |  |
 `_serverMaxConnectionAgeEnv` |  |  |  |
 `_serverMaxConnectionAgeEnv` |  |  |  |
     
+`_serverMaxConnectionAgeEnv` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`accessKey` |  |  |  |
+`crushDeviceClassVarName` |  |  |  |
+`discoverDaemon.DiscoverDaemonUdev` |  |  |  |
+`enableHTTPS` |  |  |  |
+`enableHTTPS` |  |  |  |
+`enableHTTPS` |  |  |  |
+`enableHTTPS` |  |  |  |
+`enableHTTPS` |  |  |  |
+`enableHTTPS` |  |  |  |
+`enableKMS` |  |  |  |
+`enableKMS` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`enableSecurity` |  |  |  |
+`env` |  |  |  |
+`env` |  |  |  |
+`envKey(name, "type` |  |  |  |
+`envVar` |  |  |  |
+`fallbackCephSecretEnvVar` |  |  |  |
+`k8sutil.NodeNameEnvVar` |  |  |  |
+`k8sutil.NodeNameEnvVar` |  |  |  |
+`k8sutil.PodNameEnvVar` |  |  |  |
+`k8sutil.PodNameEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`k8sutil.PodNamespaceEnvVar` |  |  |  |
+`key` |  |  |  |
+`kms.IbmKeyProtectServiceApiKey` |  |  |  |
+`name` |  |  |  |
     
+    
+`object.DisableOBCEnvVar` |  |  |  |
+`object.DisableOBCEnvVar` |  |  |  |
+`opcontroller.CSICephFSRadosNamesaceEnv` |  |  |  |
+`opcontroller.CephBlockPoolNameEnv` |  |  |  |
+`opcontroller.CephBlockPoolNameEnv` |  |  |  |
+`opcontroller.CephBlockPoolRadosNamespaceEnv` |  |  |  |
+`opcontroller.CephFSMetaDataPoolNameEnv` |  |  |  |
+`opcontroller.CephFSNameEnv` |  |  |  |
+`opcontroller.CephFSSubVolumeGroupNameEnv` |  |  |  |
+`oposd.CephVolumeEncryptedKeyEnvVarName` |  |  |  |
+`oposd.CephVolumeEncryptedKeyEnvVarName` |  |  |  |
+`oposd.CrushDeviceClassVarName` |  |  |  |
+`oposd.CrushDeviceClassVarName` |  |  |  |
+`oposd.CrushRootVarName` |  |  |  |
+`oposd.EncryptedDeviceEnvVarName` |  |  |  |
+`oposd.EncryptedDeviceEnvVarName` |  |  |  |
+`oposd.OSDStoreTypeVarName` |  |  |  |
+`oposd.PVCBackedOSDVarName` |  |  |  |
+`oposd.PVCNameEnvVarName` |  |  |  |
+`oposd.PVCNameEnvVarName` |  |  |  |
+`oposd.PVCNameEnvVarName` |  |  |  |
+`oposd.PVCNameEnvVarName` |  |  |  |
+`oposd.PVCNameEnvVarName` |  |  |  |
+`pair[0]` |  |  |  |
+`pair[0]` |  |  |  |
+`parts[0]` |  |  |  |
+`parts[0]` |  |  |  |
 `parts[0]` |  |  |  |
 `parts[0]` |  |  |  |
-    
 `parts[0]` |  |  |  |
-    
\ No newline at end of file
+    
+    
+    
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`secretKey` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`serverEndpoint` |  |  |  |
+`skipCERTValidation` |  |  |  |
\ No newline at end of file
diff --git a/static/env-vars/frontend.yaml b/static/env-vars/frontend.yaml
index 092bfef4..b9bcafae 100644
--- a/static/env-vars/frontend.yaml
+++ b/static/env-vars/frontend.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: frontend.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
@@ -83,6 +78,7 @@ enable_federated_sharing_outgoing: false
 search_min_length: 3
 edition: ""
 disable_sse: false
+disable_radicale: false
 default_link_permissions: 1
 public_url: https://localhost:9200
 max_concurrency: 1
diff --git a/static/env-vars/frontend_configvars.md b/static/env-vars/frontend_configvars.md
index 14a6fb74..394cd932 100644
--- a/static/env-vars/frontend_configvars.md
+++ b/static/env-vars/frontend_configvars.md
@@ -1,5 +1,5 @@
 
-2025-11-13-17-19-28
+2025-11-27-22-15-43
 
 # Deprecation Notice
 
@@ -25,10 +25,6 @@ Environment variables for the **frontend** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`FRONTEND_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`FRONTEND_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`FRONTEND_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`FRONTEND_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`FRONTEND_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`FRONTEND_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`FRONTEND_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -61,6 +57,7 @@ Environment variables for the **frontend** service
 |`FRONTEND_SEARCH_MIN_LENGTH`| 1.0.0 |int|`Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed.`|`3`|
 |`OC_EDITION`<br/>`FRONTEND_EDITION`| 1.0.0 |string|`Edition of OpenCloud. Used for branding purposes.`|``|
 |`OC_DISABLE_SSE`<br/>`FRONTEND_DISABLE_SSE`| 1.0.0 |bool|`When set to true, clients are informed that the Server-Sent Events endpoint is not accessible.`|`false`|
+|`FRONTEND_DISABLE_RADICALE`| 4.0.0 |bool|`When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible.`|`false`|
 |`FRONTEND_DEFAULT_LINK_PERMISSIONS`| 1.0.0 |int|`Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1.`|`1`|
 |`OC_URL`<br/>`FRONTEND_PUBLIC_URL`| 1.0.0 |string|`The public facing URL of the OpenCloud frontend.`|`https://localhost:9200`|
 |`OC_MAX_CONCURRENCY`<br/>`FRONTEND_MAX_CONCURRENCY`| 1.0.0 |int|`Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used.`|`1`|
diff --git a/static/env-vars/frontend_readme.md b/static/env-vars/frontend_readme.md
index e92f3983..1814375b 100644
--- a/static/env-vars/frontend_readme.md
+++ b/static/env-vars/frontend_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Frontend
-date: 2025-11-13T17:22:55.094687+01:00
+date: 2025-11-27T22:19:23.794686+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/frontend
diff --git a/static/env-vars/gateway.yaml b/static/env-vars/gateway.yaml
index cca54e1e..6831c5c6 100644
--- a/static/env-vars/gateway.yaml
+++ b/static/env-vars/gateway.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: gateway.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/gateway_configvars.md b/static/env-vars/gateway_configvars.md
index 568a1816..c17ecb8a 100644
--- a/static/env-vars/gateway_configvars.md
+++ b/static/env-vars/gateway_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **gateway** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`GATEWAY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`GATEWAY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`GATEWAY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`GATEWAY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`GATEWAY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`GATEWAY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`GATEWAY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/gateway_readme.md b/static/env-vars/gateway_readme.md
index f54beee8..75b8086c 100644
--- a/static/env-vars/gateway_readme.md
+++ b/static/env-vars/gateway_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Gateway
-date: 2025-11-13T17:22:55.094903+01:00
+date: 2025-11-27T22:19:23.794888+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/gateway
diff --git a/static/env-vars/global_configvars.md b/static/env-vars/global_configvars.md
index c2e00332..d8465259 100644
--- a/static/env-vars/global_configvars.md
+++ b/static/env-vars/global_configvars.md
@@ -7,26 +7,26 @@
 `OC_ASYNC_UPLOADS` | 1.0.0 | bool | Enable asynchronous file uploads. | true |
 `OC_CACHE_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. |  |
 `OC_CACHE_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the cache. Only applies when store type 'nats-js-kv' is configured. |  |
-`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-userinfo |
+`OC_CACHE_DATABASE` | 1.0.0 | string | The database name the configured store should use. | cache-stat |
 `OC_CACHE_DISABLE_PERSISTENCE` | 1.0.0 | bool | Disables persistence of the cache. Only applies when store type 'nats-js-kv' is configured. Defaults to false. | false |
 `OC_CACHE_STORE` | 1.0.0 | string | The type of the cache store. Supported values are: 'memory', 'redis-sentinel', 'nats-js-kv', 'noop'. See the text description for details. | memory |
-`OC_CACHE_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] |
-`OC_CACHE_TTL` | 1.0.0 | Duration | Default time to live for user info in the user info cache. Only applied when access tokens has no expiration. See the Environment Variable Types description for more details. | 10s |
-`OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS. See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | false |
-`OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Origin Accept Content-Type Depth Authorization Ocs-Apirequest If-None-Match If-Match Destination Overwrite X-Request-Id X-Requested-With Tus-Resumable Tus-Checksum-Algorithm Upload-Concat Upload-Length Upload-Metadata Upload-Defer-Length Upload-Expires Upload-Checksum Upload-Offset X-HTTP-Method-Override] |
-`OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [OPTIONS HEAD GET PUT PATCH POST DELETE MKCOL PROPFIND PROPPATCH MOVE COPY REPORT SEARCH] |
+`OC_CACHE_STORE_NODES` | 1.0.0 | []string | A list of nodes to access the configured store. This has no effect when 'memory' store are configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details. | [127.0.0.1:9233] |
+`OC_CACHE_TTL` | 1.0.0 | Duration | Time to live for cache records in the graph. Defaults to '336h' (2 weeks). See the Environment Variable Types description for more details. | 336h0m0s |
+`OC_CORS_ALLOW_CREDENTIALS` | 1.0.0 | bool | Allow credentials for CORS.See following chapter for more details: *Access-Control-Allow-Credentials* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | false |
+`OC_CORS_ALLOW_HEADERS` | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: *Access-Control-Request-Headers* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [] |
+`OC_CORS_ALLOW_METHODS` | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: *Access-Control-Request-Method* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [] |
 `OC_CORS_ALLOW_ORIGINS` | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: *Access-Control-Allow-Origin* at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [https://localhost:9200] |
 `OC_DECOMPOSEDFS_PROPAGATOR` | 1.0.0 | string | The propagator used for decomposedfs. At the moment, only 'sync' is fully supported, 'async' is available as an experimental option. | sync |
 `OC_DEFAULT_LANGUAGE` | 1.0.0 | string | The default language used by services and the WebUI. If not defined, English will be used as default. See the documentation for more details. |  |
 `OC_DISABLE_VERSIONING` | 1.0.0 | bool | Disables versioning of files. When set to true, new uploads with the same filename will overwrite existing files instead of creating a new version. | false |
 `OC_EDITION` | 1.0.0 | string | Edition of OpenCloud. Used for branding purposes. |  |
-`OC_ENABLE_OCM` | 1.0.0 | bool | Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed. | false |
+`OC_ENABLE_OCM` | 1.0.0 | bool | Include OCM sharees when listing users. | false |
 `OC_EVENTS_AUTH_PASSWORD` | 1.0.0 | string | The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. |  |
 `OC_EVENTS_AUTH_USERNAME` | 1.0.0 | string | The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. |  |
-`OC_EVENTS_CLUSTER` | 1.0.0 | string | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. | opencloud-cluster |
+`OC_EVENTS_CLUSTER` | 1.0.0 | string | The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. | opencloud-cluster |
 `OC_EVENTS_ENABLE_TLS` | 1.0.0 | bool | Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services. | false |
-`OC_EVENTS_ENDPOINT` | 1.0.0 | string | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events. | 127.0.0.1:9233 |
-`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false. |  |
+`OC_EVENTS_ENDPOINT` | 1.0.0 | string | The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. | 127.0.0.1:9233 |
+`OC_EVENTS_TLS_ROOT_CA_CERTIFICATE` | 1.0.0 | string | The root CA certificate used to validate the server's TLS certificate. Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided. |  |
 `OC_GATEWAY_GRPC_ADDR` | 1.0.0 | string | The bind address of the GRPC service. | 127.0.0.1:9142 |
 `OC_GRPC_CLIENT_TLS_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |  |
 `OC_GRPC_CLIENT_TLS_MODE` | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. |  |
@@ -34,51 +34,51 @@
 `OC_HTTP_TLS_CERTIFICATE` | 1.0.0 | string | Path/File name of the TLS server certificate (in PEM format) for the http services. |  |
 `OC_HTTP_TLS_ENABLED` | 1.0.0 | bool | Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. | false |
 `OC_HTTP_TLS_KEY` | 1.0.0 | string | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. |  |
-`OC_INSECURE` | 1.0.0 | bool | Disable TLS certificate validation for connections to the IDP. Note that this is not recommended for production environments. | false |
+`OC_INSECURE` | 1.0.0 | bool | Allow insecure connections to the WEBFINGER service. | false |
 `OC_JWT_SECRET` | 1.0.0 | string | The secret to mint and validate jwt tokens. |  |
 `OC_KEYCLOAK_BASE_PATH` | 1.0.0 | string | The URL to access keycloak. |  |
-`OC_KEYCLOAK_CLIENT_ID` | 1.0.0 | string | The client ID to authenticate with keycloak. |  |
+`OC_KEYCLOAK_CLIENT_ID` | 1.0.0 | string | The client id to authenticate with keycloak. |  |
 `OC_KEYCLOAK_CLIENT_REALM` | 1.0.0 | string | The realm the client is defined in. |  |
 `OC_KEYCLOAK_CLIENT_SECRET` | 1.0.0 | string | The client secret to use in authentication. |  |
 `OC_KEYCLOAK_INSECURE_SKIP_VERIFY` | 1.0.0 | bool | Disable TLS certificate validation for Keycloak connections. Do not set this in production environments. | false |
 `OC_KEYCLOAK_USER_REALM` | 1.0.0 | string | The realm users are defined. |  |
-`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=idp,ou=sysusers,o=libregraph-idm |
+`OC_LDAP_BIND_DN` | 1.0.0 | string | LDAP DN to use for simple bind authentication with the target LDAP server. | uid=libregraph,ou=sysusers,o=libregraph-idm |
 `OC_LDAP_BIND_PASSWORD` | 1.0.0 | string | Password to use for authenticating the 'bind_dn'. |  |
-`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. | /Users/t.schweiger/.opencloud/idm/ldap.crt |
+`OC_LDAP_CACERT` | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the LDAP service. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idm. | /Users/t.schweiger/.opencloud/idm/ldap.crt |
 `OC_LDAP_DISABLED_USERS_GROUP_DN` | 1.0.0 | string | The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'. | cn=DisabledUsersGroup,ou=groups,o=libregraph-idm |
-`OC_LDAP_DISABLE_USER_MECHANISM` | 1.0.0 | string | An option to control the behavior for disabling users. Valid options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. | attribute |
+`OC_LDAP_DISABLE_USER_MECHANISM` | 1.0.0 | string | An option to control the behavior for disabling users. Supported options are 'none', 'attribute' and 'group'. If set to 'group', disabling a user via API will add the user to the configured group for disabled users, if set to 'attribute' this will be done in the ldap user entry, if set to 'none' the disable request is not processed. Default is 'attribute'. | attribute |
 `OC_LDAP_GROUP_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP groups. | ou=groups,o=libregraph-idm |
 `OC_LDAP_GROUP_FILTER` | 1.0.0 | string | LDAP filter to add to the default filters for group searches. |  |
 `OC_LDAP_GROUP_OBJECTCLASS` | 1.0.0 | string | The object class to use for groups in the default group search filter ('groupOfNames'). | groupOfNames |
 `OC_LDAP_GROUP_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of groups (often the same as groupname attribute). | cn |
 `OC_LDAP_GROUP_SCHEMA_GROUPNAME` | 1.0.0 | string | LDAP Attribute to use for the name of groups. | cn |
 `OC_LDAP_GROUP_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique id for groups. This should be a stable globally unique ID like a UUID. | openCloudUUID |
-`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'id' attribute for groups is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the group ID's. | false |
+`OC_LDAP_GROUP_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for groups is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the group ID's. | false |
 `OC_LDAP_GROUP_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of groups (can be empty). | mail |
 `OC_LDAP_GROUP_SCHEMA_MEMBER` | 1.0.0 | string | LDAP Attribute that is used for group members. | member |
 `OC_LDAP_GROUP_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up groups. Supported scopes are 'base', 'one' and 'sub'. | sub |
 `OC_LDAP_INSECURE` | 1.0.0 | bool | Disable TLS certificate validation for the LDAP connections. Do not set this in production environments. | false |
 `OC_LDAP_SERVER_WRITE_ENABLED` | 1.0.0 | bool | Allow creating, modifying and deleting LDAP users via the GRAPH API. This can only be set to 'true' when keeping default settings for the LDAP user and group attribute types (the 'OC_LDAP_USER_SCHEMA_* and 'OC_LDAP_GROUP_SCHEMA_* variables). | true |
-`OC_LDAP_URI` | 1.0.0 | string | Url of the LDAP service to use as IDP. | ldaps://localhost:9235 |
+`OC_LDAP_URI` | 1.0.0 | string | URI of the LDAP Server to connect to. Supported URI schemes are 'ldaps://' and 'ldap://' | ldaps://localhost:9235 |
 `OC_LDAP_USER_BASE_DN` | 1.0.0 | string | Search base DN for looking up LDAP users. | ou=users,o=libregraph-idm |
 `OC_LDAP_USER_ENABLED_ATTRIBUTE` | 1.0.0 | string | LDAP Attribute to use as a flag telling if the user is enabled or disabled. | openCloudUserEnabled |
 `OC_LDAP_USER_FILTER` | 1.0.0 | string | LDAP filter to add to the default filters for user search like '(objectclass=openCloudUser)'. |  |
-`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | LDAP User ObjectClass like 'inetOrgPerson'. | inetOrgPerson |
-`OC_LDAP_USER_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the displayname of users. | displayname |
-`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP User UUID attribute like 'uid'. | openCloudUUID |
-`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's. | false |
-`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP User email attribute like 'mail'. | mail |
-`OC_LDAP_USER_SCHEMA_TENANT_ID` | next | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. |  |
-`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP User name attribute like 'displayName'. | displayName |
+`OC_LDAP_USER_OBJECTCLASS` | 1.0.0 | string | The object class to use for users in the default user search filter ('inetOrgPerson'). | inetOrgPerson |
+`OC_LDAP_USER_SCHEMA_DISPLAYNAME` | 1.0.0 | string | LDAP Attribute to use for the display name of users. | displayName |
+`OC_LDAP_USER_SCHEMA_ID` | 1.0.0 | string | LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID. | openCloudUUID |
+`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING` | 1.0.0 | bool | Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is required when using the 'objectGUID' attribute of Active Directory for the user ID's. | false |
+`OC_LDAP_USER_SCHEMA_MAIL` | 1.0.0 | string | LDAP Attribute to use for the email address of users. | mail |
+`OC_LDAP_USER_SCHEMA_TENANT_ID` | 4.0.0 | string | LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment. |  |
+`OC_LDAP_USER_SCHEMA_USERNAME` | 1.0.0 | string | LDAP Attribute to use for username of users. | uid |
 `OC_LDAP_USER_SCHEMA_USER_TYPE` | 1.0.0 | string | LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'. | openCloudUserType |
 `OC_LDAP_USER_SCOPE` | 1.0.0 | string | LDAP search scope to use when looking up users. Supported scopes are 'base', 'one' and 'sub'. | sub |
 `OC_LOG_COLOR` | 1.0.0 | bool | Activates colorized log output. | false |
 `OC_LOG_FILE` | 1.0.0 | string | The path to the log file. Activates logging to this file if set. |  |
 `OC_LOG_LEVEL` | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |  |
 `OC_LOG_PRETTY` | 1.0.0 | bool | Activates pretty log output. | false |
-`OC_MACHINE_AUTH_API_KEY` | 1.0.0 | string | Machine auth API key used to validate internal requests necessary to access resources from other services. |  |
-`OC_MAX_CONCURRENCY` | 1.0.0 | int | Maximum number of concurrent go-routines. Higher values can potentially get work done faster but will also cause more load on the system. Values of 0 or below will be ignored and the default value will be used. | 1 |
-`OC_OIDC_ISSUER` | 1.0.0 | string | URL of the OIDC issuer. It defaults to URL of the builtin IDP. | https://localhost:9200 |
+`OC_MACHINE_AUTH_API_KEY` | 1.0.0 | string | Machine auth API key used to validate internal requests necessary for the access to resources from other services. |  |
+`OC_MAX_CONCURRENCY` | 1.0.0 | int | The maximum number of concurrent requests the service will handle. | 20 |
+`OC_OIDC_ISSUER` | 1.0.0 | string | The identity provider href for the openid-discovery relation. | https://localhost:9200 |
 `OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST` | 1.0.0 | string | Path to the 'banned passwords list' file. This only impacts public link password validation. See the documentation for more details. |  |
 `OC_PASSWORD_POLICY_DISABLED` | 1.0.0 | bool | Disable the password policy. Defaults to false if not set. | false |
 `OC_PASSWORD_POLICY_MIN_CHARACTERS` | 1.0.0 | int | Define the minimum password length. Defaults to 8 if not set. | 8 |
@@ -95,23 +95,19 @@
 `OC_SERVICE_ACCOUNT_ID` | 1.0.0 | string | The ID of the service account the service should use. See the 'auth-service' service description for more details. |  |
 `OC_SERVICE_ACCOUNT_SECRET` | 1.0.0 | string | The service account secret. |  |
 `OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on all public shares. | true |
-`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords on Uploader, Editor or Contributor shares. If not using the global OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD, you must define the FRONTEND_OCS_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD (deprecated) in the frontend service. | false |
+`OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD` | 1.0.0 | bool | Set this to true if you want to enforce passwords for writable shares. Only effective if the setting for 'passwords on all public shares' is set to false. | false |
 `OC_SHOW_USER_EMAIL_IN_RESULTS` | 1.0.0 | bool | Include user email addresses in responses. If absent or set to false emails will be omitted from results. Please note that admin users can always see all email addresses. | false |
 `OC_SPACES_MAX_QUOTA` | 1.0.0 | uint64 | Set the global max quota value in bytes. A value of 0 equals unlimited. The value is provided via capabilities. | 0 |
-`OC_SYSTEM_USER_API_KEY` | 1.0.0 | string | API key for the STORAGE-SYSTEM system user. |  |
-`OC_SYSTEM_USER_ID` | 1.0.0 | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |  |
-`OC_SYSTEM_USER_IDP` | 1.0.0 | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal |
-`OC_TRACING_COLLECTOR` | 1.0.0 | string | The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |  |
-`OC_TRACING_ENABLED` | 1.0.0 | bool | Activates tracing. | false |
-`OC_TRACING_ENDPOINT` | 1.0.0 | string | The endpoint of the tracing agent. |  |
-`OC_TRACING_TYPE` | 1.0.0 | string | The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |  |
+`OC_SYSTEM_USER_API_KEY` | 4.0.0 | string | API key for the STORAGE-SYSTEM system user. |  |
+`OC_SYSTEM_USER_ID` | 4.0.0 | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |  |
+`OC_SYSTEM_USER_IDP` | 4.0.0 | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal |
 `OC_TRANSFER_SECRET` | 1.0.0 | string | Transfer secret for signing file up- and download requests. |  |
 `OC_TRANSLATION_PATH` | 1.0.0 | string | (optional) Set this to a path with custom translations to overwrite the builtin translations. Note that file and folder naming rules apply, see the documentation for more details. |  |
-`OC_URL` | 1.0.0 | string | Base URL to load themes from. Will be prepended to the theme path. | https://localhost:9200 |
+`OC_URL` | 1.0.0 | string | The identity provider href for the openid-discovery relation. | https://localhost:9200 |
 `OC_WOPI_DISABLE_CHAT` | 1.0.0 | bool | Disable chat in the office web frontend. This feature applies to OnlyOffice and Microsoft. | false |
-`SEARCH_EVENTS_ACK_WAIT` | next | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s |
-`SEARCH_EVENTS_MAX_ACK_PENDING` | next | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 1000 |
-`STORAGE_GATEWAY_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system |
-`STORAGE_GRPC_ADDR` | 1.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system |
+`SEARCH_EVENTS_ACK_WAIT` | 4.0.0 | Duration | The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes. | 1m0s |
+`SEARCH_EVENTS_MAX_ACK_PENDING` | 4.0.0 | int | The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time. | 1000 |
+`STORAGE_GATEWAY_GRPC_ADDR` | 4.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system |
+`STORAGE_GRPC_ADDR` | 4.0.0 | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system |
 `STORAGE_USERS_ASYNC_PROPAGATOR_PROPAGATION_DELAY` | 1.0.0 | Duration | The delay between a change made to a tree and the propagation start on treesize and treetime. Multiple propagations are computed to a single one. See the Environment Variable Types description for more details. | 0s |
 `STORAGE_USERS_PERMISSION_ENDPOINT` | 1.0.0 | string | Endpoint of the permissions service. The endpoints can differ for 'decomposed' and 'decomposeds3'. | eu.opencloud.api.settings |
\ No newline at end of file
diff --git a/static/env-vars/graph.yaml b/static/env-vars/graph.yaml
index 4c571479..e48fcd3c 100644
--- a/static/env-vars/graph.yaml
+++ b/static/env-vars/graph.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: graph.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/graph_configvars.md b/static/env-vars/graph_configvars.md
index 797ff621..4751ada7 100644
--- a/static/env-vars/graph_configvars.md
+++ b/static/env-vars/graph_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **graph** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`GRAPH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`GRAPH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`GRAPH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`GRAPH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`GRAPH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`GRAPH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`GRAPH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -111,12 +107,12 @@ Environment variables for the **graph** service
 |`OC_KEYCLOAK_INSECURE_SKIP_VERIFY`<br/>`GRAPH_KEYCLOAK_INSECURE_SKIP_VERIFY`| 1.0.0 |bool|`Disable TLS certificate validation for Keycloak connections. Do not set this in production environments.`|`false`|
 |`OC_SERVICE_ACCOUNT_ID`<br/>`GRAPH_SERVICE_ACCOUNT_ID`| 1.0.0 |string|`The ID of the service account the service should use. See the 'auth-service' service description for more details.`|``|
 |`OC_SERVICE_ACCOUNT_SECRET`<br/>`GRAPH_SERVICE_ACCOUNT_SECRET`| 1.0.0 |string|`The service account secret.`|``|
-|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`<br/>`STORAGE_GATEWAY_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|
-|`GRAPH_STORAGE_GRPC_ADDR`<br/>`STORAGE_GRPC_ADDR`| next |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|
-|`OC_SYSTEM_USER_ID`<br/>`GRAPH_SYSTEM_USER_ID`| next |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``|
-|`OC_SYSTEM_USER_IDP`<br/>`GRAPH_SYSTEM_USER_IDP`| next |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`|
-|`OC_SYSTEM_USER_API_KEY`| next |string|`API key for the STORAGE-SYSTEM system user.`|``|
-|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| next |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|`0s`|
+|`GRAPH_STORAGE_GATEWAY_GRPC_ADDR`<br/>`STORAGE_GATEWAY_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|
+|`GRAPH_STORAGE_GRPC_ADDR`<br/>`STORAGE_GRPC_ADDR`| 4.0.0 |string|`GRPC address of the STORAGE-SYSTEM service.`|`eu.opencloud.api.storage-system`|
+|`OC_SYSTEM_USER_ID`<br/>`GRAPH_SYSTEM_USER_ID`| 4.0.0 |string|`ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format.`|``|
+|`OC_SYSTEM_USER_IDP`<br/>`GRAPH_SYSTEM_USER_IDP`| 4.0.0 |string|`IDP of the OpenCloud STORAGE-SYSTEM system user.`|`internal`|
+|`OC_SYSTEM_USER_API_KEY`| 4.0.0 |string|`API key for the STORAGE-SYSTEM system user.`|``|
+|`GRAPH_USER_SOFT_DELETE_RETENTION_TIME`| 4.0.0 |Duration|`The time after which a soft-deleted user is permanently deleted. If set to 0 (default), there is no soft delete retention time and users are deleted immediately after being soft-deleted. If set to a positive value, the user will be kept in the system for that duration before being permanently deleted.`|`0s`|
 |`OC_PERSISTENT_STORE_NODES`<br/>`GRAPH_STORE_NODES`| 1.0.0 |[]string|`A list of nodes to access the configured store. This has no effect when 'memory' store is configured. Note that the behaviour how nodes are used is dependent on the library of the configured store. See the Environment Variable Types description for more details.`|`[127.0.0.1:9233]`|
 |`GRAPH_STORE_DATABASE`| 1.0.0 |string|`The database name the configured store should use.`|`graph`|
 |`OC_PERSISTENT_STORE_AUTH_USERNAME`<br/>`GRAPH_STORE_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the store. Only applies when store type 'nats-js-kv' is configured.`|``|
diff --git a/static/env-vars/graph_readme.md b/static/env-vars/graph_readme.md
index e9e4e276..10a51780 100644
--- a/static/env-vars/graph_readme.md
+++ b/static/env-vars/graph_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Graph
-date: 2025-11-13T17:22:55.095124+01:00
+date: 2025-11-27T22:19:23.795172+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/graph
@@ -95,14 +95,6 @@ The `graph` service can use a configured store via `GRAPH_CACHE_STORE`. Possible
 
 Other store types may work but are not supported currently.
 
-:::note 
-The service can only be scaled if not using `memory` store and the stores are configured identically over all instances!
-:::
-
-:::note 
-If you have used one of the deprecated stores, you should reconfigure to one of the supported ones as the deprecated stores will be removed in a later version.
-:::
-
 Store specific notes:
   -   When using `redis-sentinel`, the Redis master to use is configured via e.g. `OC_CACHE_STORE_NODES` in the form of `<sentinel-host>:<sentinel-port>/<redis-master>` like `10.10.0.200:26379/mymaster`.
   -   When using `nats-js-kv` it is recommended to set `OC_CACHE_STORE_NODES` to the same value as `OC_EVENTS_ENDPOINT`. That way the cache uses the same nats instance as the event bus.
@@ -221,3 +213,5 @@ The output of this command includes the following information for each role:
 |                                      |          |                                |                                | libre.graph/driveItem/basic/read         |
 +--------------------------------------+----------+--------------------------------+--------------------------------+------------------------------------------+
 ```
+
+
diff --git a/static/env-vars/groups.yaml b/static/env-vars/groups.yaml
index 76024bb9..f7658265 100644
--- a/static/env-vars/groups.yaml
+++ b/static/env-vars/groups.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: groups.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/groups_configvars.md b/static/env-vars/groups_configvars.md
index b39ce647..1acd9972 100644
--- a/static/env-vars/groups_configvars.md
+++ b/static/env-vars/groups_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **groups** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`GROUPS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`GROUPS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`GROUPS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`GROUPS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`GROUPS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`GROUPS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`GROUPS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/groups_readme.md b/static/env-vars/groups_readme.md
index 50dd82e8..860cb5e3 100644
--- a/static/env-vars/groups_readme.md
+++ b/static/env-vars/groups_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Groups
-date: 2025-11-12T16:20:03.607824+01:00
+date: 2025-11-27T22:19:23.795368+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/groups
@@ -13,9 +13,39 @@ geekdocCollapseSection: true
 ## Abstract
 
 
-The `groups` service provides group management functionality within OpenCloud.
+The `groups` service provides the CS3 Groups API for OpenCloud. It is responsible for managing group information and memberships within the OpenCloud instance.
+
+This service implements the CS3 identity group provider interface, allowing other services to query and manage groups. It works as a backend provider for the `graph` service when using the CS3 backend mode.
+
 
 ## Table of Contents
 
+* [Backend Integration](#backend-integration)
+* [API](#api)
+* [Usage](#usage)
+* [Scalability](#scalability)
+
+## Backend Integration
+
+The groups service can work with different storage backends:
+- LDAP integration through the graph service
+- Direct CS3 API implementation
+
+When using the `graph` service with the CS3 backend (`GRAPH_IDENTITY_BACKEND=cs3`), the graph service queries group information through this service.
+
+## API
+
+The service provides CS3 gRPC APIs for:
+- Listing groups
+- Getting group information
+- Finding groups by name or ID
+- Managing group memberships
+
+## Usage
+
+The groups service is only used internally by other OpenCloud services and not being accessed directly by clients. The `frontend` and `ocs` services translate HTTP API requests into CS3 API calls to this service.
+
+## Scalability
 
+Since the groups service queries backend systems (like LDAP through the configured identity backend), it can be scaled horizontally without additional configuration when using stateless backends.
 
diff --git a/static/env-vars/idm.yaml b/static/env-vars/idm.yaml
index f3587e26..7ff0717c 100644
--- a/static/env-vars/idm.yaml
+++ b/static/env-vars/idm.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: idm.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/idm_configvars.md b/static/env-vars/idm_configvars.md
index 84fc5cb0..e8ff34df 100644
--- a/static/env-vars/idm_configvars.md
+++ b/static/env-vars/idm_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **idm** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`IDM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`IDM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`IDM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`IDM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`IDM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`IDM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`IDM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/idm_readme.md b/static/env-vars/idm_readme.md
index fd3a561d..56e6d5b7 100644
--- a/static/env-vars/idm_readme.md
+++ b/static/env-vars/idm_readme.md
@@ -1,6 +1,6 @@
 ---
 title: IDM
-date: 2025-11-13T17:22:55.095332+01:00
+date: 2025-11-27T22:19:23.795555+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/idm
diff --git a/static/env-vars/idp.yaml b/static/env-vars/idp.yaml
index 7cfce2d7..661528a7 100644
--- a/static/env-vars/idp.yaml
+++ b/static/env-vars/idp.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: idp.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/idp_configvars.md b/static/env-vars/idp_configvars.md
index e3d2d36b..cf0d3aad 100644
--- a/static/env-vars/idp_configvars.md
+++ b/static/env-vars/idp_configvars.md
@@ -3,10 +3,6 @@ Environment variables for the **idp** service
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
 |`IDP_PASSWORD_RESET_URI`| 1.0.0 |string|`The URI where a user can reset their password.`|``|
-|`OC_TRACING_ENABLED`<br/>`IDP_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`IDP_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`IDP_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`IDP_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`IDP_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`IDP_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`IDP_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -37,7 +33,7 @@ Environment variables for the **idp** service
 |`IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION`| 1.0.0 |bool|`Allow dynamic client registration.`|`false`|
 |`IDP_ENCRYPTION_SECRET_FILE`| 1.0.0 |string|`Path to the encryption secret file, if unset, a new certificate will be autogenerated upon each restart, thus invalidating all existing sessions. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp.`|`/Users/t.schweiger/.opencloud/idp/encryption.key`|
 |`IDP_DEFAULT_SIGNIN_PAGE_TEXT`| 2.0.0 |string|``|``|
-|`IDP_DEFAULT_LOGO_TARGET_URI`| next |string|`Default logo target URI.`|`https://opencloud.eu`|
+|`IDP_DEFAULT_LOGO_TARGET_URI`| 4.0.0 |string|`Default logo target URI.`|`https://opencloud.eu`|
 |`IDP_SIGNING_KID`| 1.0.0 |string|`Value of the KID (Key ID) field which is used in created tokens to uniquely identify the signing-private-key.`|`private-key`|
 |`IDP_SIGNING_METHOD`| 1.0.0 |string|`Signing method of IDP requests like 'PS256'`|`PS256`|
 |`IDP_SIGNING_PRIVATE_KEY_FILES`| 1.0.0 |[]string|`A list of private key files for signing IDP requests. If not defined, the root directory derives from $OC_BASE_DATA_PATH/idp. See the Environment Variable Types description for more details.`|`[/Users/t.schweiger/.opencloud/idp/private-key.pem]`|
diff --git a/static/env-vars/idp_readme.md b/static/env-vars/idp_readme.md
index 8383fc82..d78732ee 100644
--- a/static/env-vars/idp_readme.md
+++ b/static/env-vars/idp_readme.md
@@ -1,6 +1,6 @@
 ---
 title: IDP
-date: 2025-11-13T17:22:55.095406+01:00
+date: 2025-11-27T22:19:23.795727+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/idp
diff --git a/static/env-vars/invitations.yaml b/static/env-vars/invitations.yaml
index a62e602e..a16f88c8 100644
--- a/static/env-vars/invitations.yaml
+++ b/static/env-vars/invitations.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: invitations.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/invitations_configvars.md b/static/env-vars/invitations_configvars.md
index f6232ec7..6933fe38 100644
--- a/static/env-vars/invitations_configvars.md
+++ b/static/env-vars/invitations_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **invitations** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`INVITATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`INVITATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`INVITATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`INVITATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`INVITATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`INVITATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`INVITATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/invitations_readme.md b/static/env-vars/invitations_readme.md
index 692f6ba2..0881dbd8 100644
--- a/static/env-vars/invitations_readme.md
+++ b/static/env-vars/invitations_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Invitations
-date: 2025-11-13T17:22:55.095488+01:00
+date: 2025-11-27T22:19:23.795898+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/invitations
diff --git a/static/env-vars/nats.yaml b/static/env-vars/nats.yaml
index e3d9cad4..477154c8 100644
--- a/static/env-vars/nats.yaml
+++ b/static/env-vars/nats.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: nats.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/nats_configvars.md b/static/env-vars/nats_configvars.md
index b242f576..5e822709 100644
--- a/static/env-vars/nats_configvars.md
+++ b/static/env-vars/nats_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **nats** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`NATS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`NATS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`NATS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`NATS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`NATS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`NATS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`NATS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/nats_readme.md b/static/env-vars/nats_readme.md
index ae9d050b..bab778ee 100644
--- a/static/env-vars/nats_readme.md
+++ b/static/env-vars/nats_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Nats
-date: 2025-11-13T17:22:55.095558+01:00
+date: 2025-11-27T22:19:23.796157+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/nats
diff --git a/static/env-vars/notifications.yaml b/static/env-vars/notifications.yaml
index e1e98487..061d5eaa 100644
--- a/static/env-vars/notifications.yaml
+++ b/static/env-vars/notifications.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: notifications.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/notifications_configvars.md b/static/env-vars/notifications_configvars.md
index 63ec4501..bf8ab298 100644
--- a/static/env-vars/notifications_configvars.md
+++ b/static/env-vars/notifications_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **notifications** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`NOTIFICATIONS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`NOTIFICATIONS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`NOTIFICATIONS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`NOTIFICATIONS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`NOTIFICATIONS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`NOTIFICATIONS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`NOTIFICATIONS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/notifications_readme.md b/static/env-vars/notifications_readme.md
index c0eb0743..9f2584ae 100644
--- a/static/env-vars/notifications_readme.md
+++ b/static/env-vars/notifications_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Notification
-date: 2025-11-13T17:22:55.095635+01:00
+date: 2025-11-27T22:19:23.796328+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/notifications
diff --git a/static/env-vars/ocdav.yaml b/static/env-vars/ocdav.yaml
index 0e57a2a2..f68ae32a 100644
--- a/static/env-vars/ocdav.yaml
+++ b/static/env-vars/ocdav.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: ocdav.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/ocdav_configvars.md b/static/env-vars/ocdav_configvars.md
index b63591e4..3a94a26f 100644
--- a/static/env-vars/ocdav_configvars.md
+++ b/static/env-vars/ocdav_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **ocdav** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`OCDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`OCDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`OCDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`OCDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`OCDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`OCDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`OCDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/ocdav_readme.md b/static/env-vars/ocdav_readme.md
index 37f85d0d..124350c8 100644
--- a/static/env-vars/ocdav_readme.md
+++ b/static/env-vars/ocdav_readme.md
@@ -1,6 +1,6 @@
 ---
 title: ocDAV
-date: 2025-11-13T17:22:55.09574+01:00
+date: 2025-11-27T22:19:23.796518+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/ocdav
diff --git a/static/env-vars/ocm.yaml b/static/env-vars/ocm.yaml
index 72e2bd20..58a52b99 100644
--- a/static/env-vars/ocm.yaml
+++ b/static/env-vars/ocm.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: ocm.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
@@ -86,6 +81,8 @@ ocmd:
 sciencemesh:
   prefix: sciencemesh
   science_mesh_directory_url: ""
+  directory_service_urls: ""
+  invite_accept_dialog: /open-cloud-mesh/accept-invite
 ocm_invite_manager:
   driver: json
   drivers:
diff --git a/static/env-vars/ocm_configvars.md b/static/env-vars/ocm_configvars.md
index 4393392f..04460214 100644
--- a/static/env-vars/ocm_configvars.md
+++ b/static/env-vars/ocm_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **ocm** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`OCM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`OCM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`OCM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`OCM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`OCM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`OCM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`OCM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -40,6 +36,8 @@ Environment variables for the **ocm** service
 |`OCM_OCMD_EXPOSE_RECIPIENT_DISPLAY_NAME`| 1.0.0 |bool|`Expose the display name of OCM share recipients.`|`false`|
 |`OCM_SCIENCEMESH_PREFIX`| 1.0.0 |string|`URL path prefix for the ScienceMesh service. Note that the string must not start with '/'.`|`sciencemesh`|
 |`OCM_MESH_DIRECTORY_URL`| 1.0.0 |string|`URL of the mesh directory service.`|``|
+|`OCM_DIRECTORY_SERVICE_URLS`| 3.5.0 |string|`Space delimited URLs of the directory services.`|``|
+|`OCM_INVITE_ACCEPT_DIALOG`| 3.5.0 |string|`/open-cloud-mesh/accept-invite;The frontend URL where to land when receiving an invitation`|`/open-cloud-mesh/accept-invite`|
 |`OCM_OCM_INVITE_MANAGER_DRIVER`| 1.0.0 |string|`Driver to be used to persist OCM invites. Supported value is only 'json'.`|`json`|
 |`OCM_OCM_INVITE_MANAGER_JSON_FILE`| 1.0.0 |string|`Path to the JSON file where OCM invite data will be stored. This file is maintained by the instance and must not be changed manually. If not defined, the root directory derives from $OC_BASE_DATA_PATH/storage/ocm.`|`/Users/t.schweiger/.opencloud/storage/ocm/ocminvites.json`|
 |`OCM_OCM_INVITE_MANAGER_TOKEN_EXPIRATION`| 1.0.0 |Duration|`Expiry duration for invite tokens.`|`24h0m0s`|
diff --git a/static/env-vars/ocm_readme.md b/static/env-vars/ocm_readme.md
index f65f59fb..9172e656 100644
--- a/static/env-vars/ocm_readme.md
+++ b/static/env-vars/ocm_readme.md
@@ -1,6 +1,6 @@
 ---
 title: OCM
-date: 2025-11-13T17:22:55.095814+01:00
+date: 2025-11-27T22:19:23.796689+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/ocm
diff --git a/static/env-vars/ocs.yaml b/static/env-vars/ocs.yaml
index 93a9e6fd..9bfbe275 100644
--- a/static/env-vars/ocs.yaml
+++ b/static/env-vars/ocs.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: ocs.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/ocs_configvars.md b/static/env-vars/ocs_configvars.md
index fef90b8e..acd077d8 100644
--- a/static/env-vars/ocs_configvars.md
+++ b/static/env-vars/ocs_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **ocs** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`OCS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`OCS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`OCS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`OCS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`OCS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`OCS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`OCS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/ocs_readme.md b/static/env-vars/ocs_readme.md
index ba807715..afe83aa4 100644
--- a/static/env-vars/ocs_readme.md
+++ b/static/env-vars/ocs_readme.md
@@ -1,6 +1,6 @@
 ---
 title: OCS Service
-date: 2025-11-13T17:22:55.095897+01:00
+date: 2025-11-27T22:19:23.796863+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/ocs
diff --git a/static/env-vars/policies.yaml b/static/env-vars/policies.yaml
index 2da88c7c..9e7866a9 100644
--- a/static/env-vars/policies.yaml
+++ b/static/env-vars/policies.yaml
@@ -29,8 +29,3 @@ engine:
   mimes: ""
 postprocessing:
   query: ""
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
diff --git a/static/env-vars/policies_configvars.md b/static/env-vars/policies_configvars.md
index 3255645b..f0cdb8a3 100644
--- a/static/env-vars/policies_configvars.md
+++ b/static/env-vars/policies_configvars.md
@@ -21,7 +21,3 @@ Environment variables for the **policies** service
 |`POLICIES_ENGINE_TIMEOUT`| 1.0.0 |Duration|`Sets the timeout the rego expression evaluation can take. Rules default to deny if the timeout was reached. See the Environment Variable Types description for more details.`|`10s`|
 |`POLICIES_ENGINE_MIMES`| 1.0.0 |string|`Sets the mimes file path which maps mimetypes to associated file extensions. See the text description for details.`|``|
 |`POLICIES_POSTPROCESSING_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Defaults to deny if the variable was not found.`|``|
-|`OC_TRACING_ENABLED`<br/>`POLICIES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`POLICIES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`POLICIES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`POLICIES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
diff --git a/static/env-vars/policies_readme.md b/static/env-vars/policies_readme.md
index 079ab550..fd440a00 100644
--- a/static/env-vars/policies_readme.md
+++ b/static/env-vars/policies_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Policies
-date: 2025-11-13T17:22:55.095985+01:00
+date: 2025-11-27T22:19:23.797048+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/policies
@@ -24,7 +24,7 @@ Policies are written in the [rego query language](https://www.openpolicyagent.or
 * [Modules](#modules)
   * [gRPC API](#grpc-api)
   * [Proxy Middleware](#proxy-middleware)
-  * [Event Service (Postprocessing)](#event-service-postprocessing)
+  * [Event Service (Postprocessing)](#event-service-(postprocessing))
 * [Defining Policies to Evaluate](#defining-policies-to-evaluate)
 * [Setting the Query Configuration](#setting-the-query-configuration)
   * [Proxy](#proxy)
diff --git a/static/env-vars/postprocessing.yaml b/static/env-vars/postprocessing.yaml
index d065c261..93e70c12 100644
--- a/static/env-vars/postprocessing.yaml
+++ b/static/env-vars/postprocessing.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: postprocessing.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/postprocessing_configvars.md b/static/env-vars/postprocessing_configvars.md
index 617fb8a1..aa6a1077 100644
--- a/static/env-vars/postprocessing_configvars.md
+++ b/static/env-vars/postprocessing_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **postprocessing** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`POSTPROCESSING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`POSTPROCESSING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`POSTPROCESSING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`POSTPROCESSING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`POSTPROCESSING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`POSTPROCESSING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`POSTPROCESSING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -28,8 +24,8 @@ Environment variables for the **postprocessing** service
 |`OC_EVENTS_ENABLE_TLS`<br/>`POSTPROCESSING_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`|
 |`OC_EVENTS_AUTH_USERNAME`<br/>`POSTPROCESSING_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``|
 |`OC_EVENTS_AUTH_PASSWORD`<br/>`POSTPROCESSING_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``|
-|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`10000`|
-|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`|
+|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`10000`|
+|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`|
 |`POSTPROCESSING_WORKERS`| 1.0.0 |int|`The number of concurrent go routines that fetch events from the event queue.`|`3`|
 |`POSTPROCESSING_STEPS`| 1.0.0 |[]string|`A list of postprocessing steps processed in order of their appearance. Currently supported values by the system are: 'virusscan', 'policies' and 'delay'. Custom steps are allowed. See the documentation for instructions. See the Environment Variable Types description for more details.`|`[]`|
 |`POSTPROCESSING_DELAY`| 1.0.0 |Duration|`After uploading a file but before making it available for download, a delay step can be added. Intended for developing purposes only. If a duration is set but the keyword 'delay' is not explicitely added to 'POSTPROCESSING_STEPS', the delay step will be processed as last step. In such a case, a log entry will be written on service startup to remind the admin about that situation. See the Environment Variable Types description for more details.`|`0s`|
diff --git a/static/env-vars/postprocessing_readme.md b/static/env-vars/postprocessing_readme.md
index 91fca265..b10c6cc8 100644
--- a/static/env-vars/postprocessing_readme.md
+++ b/static/env-vars/postprocessing_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Postprocessing
-date: 2025-11-13T17:22:55.096102+01:00
+date: 2025-11-27T22:19:23.797651+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/postprocessing
diff --git a/static/env-vars/proxy.yaml b/static/env-vars/proxy.yaml
index 674af780..569b8c78 100644
--- a/static/env-vars/proxy.yaml
+++ b/static/env-vars/proxy.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: proxy.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
@@ -77,6 +72,14 @@ policies:
     service: eu.opencloud.web.frontend
     unprotected: true
     skip_x_access_token: false
+  - endpoint: /sciencemesh/federations
+    service: eu.opencloud.web.ocm
+    unprotected: true
+    skip_x_access_token: false
+  - endpoint: /sciencemesh/discover
+    service: eu.opencloud.web.ocm
+    unprotected: true
+    skip_x_access_token: false
   - endpoint: /sciencemesh/
     service: eu.opencloud.web.ocm
     skip_x_access_token: false
@@ -230,6 +233,7 @@ auth_middleware:
 policies_middleware:
   query: ""
 csp_config_file_location: ""
+csp_config_file_override_location: ""
 events:
   endpoint: 127.0.0.1:9233
   cluster: opencloud-cluster
diff --git a/static/env-vars/proxy_configvars.md b/static/env-vars/proxy_configvars.md
index a9618c4a..99224a29 100644
--- a/static/env-vars/proxy_configvars.md
+++ b/static/env-vars/proxy_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **proxy** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`PROXY_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`PROXY_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`PROXY_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`PROXY_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`PROXY_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`PROXY_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`PROXY_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -65,6 +61,7 @@ Environment variables for the **proxy** service
 |`PROXY_ENABLE_APP_AUTH`| 1.0.0 |bool|`Allow app authentication. This can be used to authenticate 3rd party applications. Note that auth-app service must be running for this feature to work.`|`true`|
 |`PROXY_POLICIES_QUERY`| 1.0.0 |string|`Defines the 'Complete Rules' variable defined in the rego rule set this step uses for its evaluation. Rules default to deny if the variable was not found.`|``|
 |`PROXY_CSP_CONFIG_FILE_LOCATION`| 1.0.0 |string|`The location of the CSP configuration file.`|``|
+|`PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION`| 4.0.0 |string|`The location of the CSP configuration file override.`|``|
 |`OC_EVENTS_ENDPOINT`<br/>`PROXY_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events.`|`127.0.0.1:9233`|
 |`OC_EVENTS_CLUSTER`<br/>`PROXY_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`opencloud-cluster`|
 |`OC_INSECURE`<br/>`PROXY_EVENTS_TLS_INSECURE`| 1.0.0 |bool|`Whether to verify the server TLS certificates.`|`false`|
diff --git a/static/env-vars/proxy_readme.md b/static/env-vars/proxy_readme.md
index eef71416..f77c4222 100644
--- a/static/env-vars/proxy_readme.md
+++ b/static/env-vars/proxy_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Proxy
-date: 2025-11-13T17:22:55.096208+01:00
+date: 2025-11-27T22:19:23.797915+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/proxy
@@ -36,8 +36,8 @@ The proxy service is the only service communicating to the outside and needs the
 * [Presigned Urls](#presigned-urls)
 * [Special Settings](#special-settings)
 * [Metrics](#metrics)
-  * [1) Single Process Mode](#1-single-process-mode)
-  * [2) Standalone Mode](#2-standalone-mode)
+  * [1) Single Process Mode](#1)-single-process-mode)
+  * [2) Standalone Mode](#2)-standalone-mode)
   * [Available Metrics](#available-metrics)
   * [Prometheus Configuration](#prometheus-configuration)
 
diff --git a/static/env-vars/search.yaml b/static/env-vars/search.yaml
index abdea4bf..c256fff3 100644
--- a/static/env-vars/search.yaml
+++ b/static/env-vars/search.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: search.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
@@ -52,7 +47,7 @@ engine:
       username: ""
       password: ""
       header: {}
-      ca_cert: []
+      ca_cert: ""
       retry_on_status: []
       disable_retry: false
       enable_retry_on_timeout: false
diff --git a/static/env-vars/search_configvars.md b/static/env-vars/search_configvars.md
index dcbe3b21..c5042780 100644
--- a/static/env-vars/search_configvars.md
+++ b/static/env-vars/search_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **search** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`SEARCH_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`SEARCH_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`SEARCH_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`SEARCH_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`SEARCH_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`SEARCH_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`SEARCH_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -14,13 +10,13 @@ Environment variables for the **search** service
 |`SEARCH_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``|
 |`SEARCH_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`|
 |`SEARCH_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`|
-|`SEARCH_GRPC_DISABLED`| next |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|`false`|
+|`SEARCH_GRPC_DISABLED`| 4.0.0 |bool|`Disables the GRPC service. Set this to true if the service should only handle events.`|`false`|
 |`SEARCH_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`127.0.0.1:9220`|
 |`OC_JWT_SECRET`<br/>`SEARCH_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``|
 |`OC_REVA_GATEWAY`| 1.0.0 |string|`The CS3 gateway endpoint.`|`eu.opencloud.api.gateway`|
 |`OC_GRPC_CLIENT_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``|
 |`OC_GRPC_CLIENT_TLS_CACERT`| 1.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services.`|``|
-|`SEARCH_EVENTS_DISABLED`| next |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|`false`|
+|`SEARCH_EVENTS_DISABLED`| 4.0.0 |bool|`Disables listening for events. Set this to true if the service should only handle GRPC requests.`|`false`|
 |`OC_EVENTS_ENDPOINT`<br/>`SEARCH_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`|
 |`OC_EVENTS_CLUSTER`<br/>`SEARCH_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`|
 |`OC_ASYNC_UPLOADS`<br/>`SEARCH_EVENTS_ASYNC_UPLOADS`| 1.0.0 |bool|`Enable asynchronous file uploads.`|`true`|
@@ -31,26 +27,26 @@ Environment variables for the **search** service
 |`OC_EVENTS_ENABLE_TLS`<br/>`SEARCH_EVENTS_ENABLE_TLS`| 1.0.0 |bool|`Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|`false`|
 |`OC_EVENTS_AUTH_USERNAME`<br/>`SEARCH_EVENTS_AUTH_USERNAME`| 1.0.0 |string|`The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``|
 |`OC_EVENTS_AUTH_PASSWORD`<br/>`SEARCH_EVENTS_AUTH_PASSWORD`| 1.0.0 |string|`The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services.`|``|
-|`SEARCH_EVENTS_MAX_ACK_PENDING`| next |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`1000`|
-|`SEARCH_EVENTS_ACK_WAIT`| next |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`|
+|`SEARCH_EVENTS_MAX_ACK_PENDING`| 4.0.0 |int|`The maximum number of unacknowledged messages. This is used to limit the number of messages that can be in flight at the same time.`|`1000`|
+|`SEARCH_EVENTS_ACK_WAIT`| 4.0.0 |Duration|`The time to wait for an ack before the message is redelivered. This is used to ensure that messages are not lost if the consumer crashes.`|`1m0s`|
 |`SEARCH_ENGINE_TYPE`| 1.0.0 |string|`Defines which search engine to use. Defaults to 'bleve'. Supported values are: 'bleve'.`|`bleve`|
 |`SEARCH_ENGINE_BLEVE_DATA_PATH`| 1.0.0 |string|`The directory where the filesystem will store search data. If not defined, the root directory derives from $OC_BASE_DATA_PATH/search.`|`/Users/t.schweiger/.opencloud/search`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| next |[]string|`The addresses of the OpenSearch nodes..`|`[]`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| next |string|`Username for HTTP Basic Authentication.`|``|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| next |string|`Password for HTTP Basic Authentication.`|``|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| next |Header|`HTTP headers to include in requests.`|`map[]`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| next |[]uint8|`CA certificate for TLS connections.`|`[]`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| next |[]int|`HTTP status codes that trigger a retry.`|`[]`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| next |bool|`Disable retries on errors.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| next |bool|`Enable retries on timeout.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| next |int|`Maximum number of retries for requests.`|`0`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| next |bool|`Compress request bodies.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| next |bool|`Discover nodes on service start.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| next |Duration|`Interval for discovering nodes.`|`0s`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| next |bool|`Enable metrics collection.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| next |bool|`Enable debug logging.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| next |bool|`Skip TLS certificate verification.`|`false`|
-|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| next |string|`The name of the OpenSearch index for resources.`|`opencloud-resource`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ADDRESSES`| 4.0.0 |[]string|`The addresses of the OpenSearch nodes..`|`[]`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_USERNAME`| 4.0.0 |string|`Username for HTTP Basic Authentication.`|``|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_PASSWORD`| 4.0.0 |string|`Password for HTTP Basic Authentication.`|``|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_HEADER`| 4.0.0 |Header|`HTTP headers to include in requests.`|`map[]`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_CA_CERT`| 4.0.0 |string|`Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the opensearch server.`|``|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_RETRY_ON_STATUS`| 4.0.0 |[]int|`HTTP status codes that trigger a retry.`|`[]`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISABLE_RETRY`| 4.0.0 |bool|`Disable retries on errors.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_RETRY_ON_TIMEOUT`| 4.0.0 |bool|`Enable retries on timeout.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_MAX_RETRIES`| 4.0.0 |int|`Maximum number of retries for requests.`|`0`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_COMPRESS_REQUEST_BODY`| 4.0.0 |bool|`Compress request bodies.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_ON_START`| 4.0.0 |bool|`Discover nodes on service start.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL`| 4.0.0 |Duration|`Interval for discovering nodes.`|`0s`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS`| 4.0.0 |bool|`Enable metrics collection.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER`| 4.0.0 |bool|`Enable debug logging.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE`| 4.0.0 |bool|`Skip TLS certificate verification.`|`false`|
+|`SEARCH_ENGINE_OPEN_SEARCH_RESOURCE_INDEX_NAME`| 4.0.0 |string|`The name of the OpenSearch index for resources.`|`opencloud-resource`|
 |`SEARCH_EXTRACTOR_TYPE`| 1.0.0 |string|`Defines the content extraction engine. Defaults to 'basic'. Supported values are: 'basic' and 'tika'.`|`basic`|
 |`OC_INSECURE`<br/>`SEARCH_EXTRACTOR_CS3SOURCE_INSECURE`| 1.0.0 |bool|`Ignore untrusted SSL certificates when connecting to the CS3 source.`|`false`|
 |`SEARCH_EXTRACTOR_TIKA_TIKA_URL`| 1.0.0 |string|`URL of the tika server.`|`http://127.0.0.1:9998`|
diff --git a/static/env-vars/search_readme.md b/static/env-vars/search_readme.md
index 65e8d1be..606e4bf3 100644
--- a/static/env-vars/search_readme.md
+++ b/static/env-vars/search_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Search
-date: 2025-11-13T17:22:55.096414+01:00
+date: 2025-11-27T22:19:23.798139+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/search
@@ -29,7 +29,7 @@ Consider using dedicated hardware for this service in case more resources are ne
   * [Bleve](#bleve)
   * [OpenSearch](#opensearch)
 * [Query language](#query-language)
-* [Content analysis / Extraction](#content-analysis--extraction)
+* [Content analysis / Extraction](#content-analysis-/-extraction)
   * [Basic](#basic)
   * [Tika](#tika)
 * [Manually Trigger Re-Indexing a Space](#manually-trigger-re-indexing-a-space)
diff --git a/static/env-vars/settings.yaml b/static/env-vars/settings.yaml
index 93d18d73..41ab10a6 100644
--- a/static/env-vars/settings.yaml
+++ b/static/env-vars/settings.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: settings.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/settings_configvars.md b/static/env-vars/settings_configvars.md
index 304d4537..11531d2c 100644
--- a/static/env-vars/settings_configvars.md
+++ b/static/env-vars/settings_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **settings** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`SETTINGS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`SETTINGS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`SETTINGS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`SETTINGS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`SETTINGS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`SETTINGS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`SETTINGS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/settings_readme.md b/static/env-vars/settings_readme.md
index 637abe07..ba8d3650 100644
--- a/static/env-vars/settings_readme.md
+++ b/static/env-vars/settings_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Settings
-date: 2025-11-13T17:22:55.096511+01:00
+date: 2025-11-27T22:19:23.798341+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/settings
diff --git a/static/env-vars/sharing.yaml b/static/env-vars/sharing.yaml
index 9d87e5a7..34d6c966 100644
--- a/static/env-vars/sharing.yaml
+++ b/static/env-vars/sharing.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: sharing.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/sharing_configvars.md b/static/env-vars/sharing_configvars.md
index 37f99146..c7df09e1 100644
--- a/static/env-vars/sharing_configvars.md
+++ b/static/env-vars/sharing_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **sharing** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`SHARING_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`SHARING_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`SHARING_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`SHARING_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`SHARING_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`SHARING_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`SHARING_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/sharing_readme.md b/static/env-vars/sharing_readme.md
new file mode 100755
index 00000000..d8cf2965
--- /dev/null
+++ b/static/env-vars/sharing_readme.md
@@ -0,0 +1,65 @@
+---
+title: Sharing
+date: 2025-11-27T22:19:23.798538+01:00
+weight: 20
+geekdocRepo: https://github.com/opencloud-eu/opencloud
+geekdocEditPath: edit/master/services/sharing
+geekdocFilePath: README.md
+geekdocCollapseSection: true
+---
+
+<!-- Do not edit this file, it is autogenerated. Edit the service README.md instead -->
+
+## Abstract
+
+
+The `sharing` service provides the CS3 Sharing API for OpenCloud. It manages user shares and public link shares, implementing the core sharing functionality.
+
+
+## Table of Contents
+
+* [Overview](#overview)
+* [Integration](#integration)
+* [Share Types](#share-types)
+* [Configuration](#configuration)
+* [Scalability](#scalability)
+
+## Overview
+
+The sharing service handles:
+- User-to-user shares (share a file or folder with another user)
+- Public link shares (share via a public URL)
+- Share permissions and roles
+- Share lifecycle management (create, update, delete)
+
+This service works in conjunction with the storage providers (`storage-shares` and `storage-publiclink`) to persist and manage share information.
+
+## Integration
+
+The sharing service integrates with:
+- `frontend` and `ocs` - Provide HTTP APIs that translate to CS3 sharing calls
+- `storage-shares` - Stores and manages received shares
+- `storage-publiclink` - Manages public link shares
+- `graph` - Provides LibreGraph API for sharing with roles
+
+## Share Types
+
+The service supports different types of shares:
+- **User shares** - Share resources with specific users
+- **Group shares** - Share resources with groups
+- **Public link shares** - Create public URLs for sharing
+- **Federated shares** - Share with users on other OpenCloud instances (via `ocm` service)
+
+## Configuration
+
+Share behavior can be configured via environment variables:
+- Password enforcement for public shares
+- Auto-acceptance of shares
+- Share permissions and restrictions
+
+See the `frontend` service README for more details on share-related configuration options.
+
+## Scalability
+
+The sharing service depends on the configured storage backends for share metadata. Scalability characteristics depend on the chosen storage backend configuration.
+
diff --git a/static/env-vars/sse.yaml b/static/env-vars/sse.yaml
index 03db45dd..8600af9e 100644
--- a/static/env-vars/sse.yaml
+++ b/static/env-vars/sse.yaml
@@ -11,11 +11,6 @@ debug:
   token: ""
   pprof: false
   zpages: false
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 keepalive_interval: 0s
 events:
   endpoint: 127.0.0.1:9233
diff --git a/static/env-vars/sse_configvars.md b/static/env-vars/sse_configvars.md
index ca25dd83..4214aad8 100644
--- a/static/env-vars/sse_configvars.md
+++ b/static/env-vars/sse_configvars.md
@@ -10,10 +10,6 @@ Environment variables for the **sse** service
 |`SSE_DEBUG_TOKEN`| 1.0.0 |string|`Token to secure the metrics endpoint.`|``|
 |`SSE_DEBUG_PPROF`| 1.0.0 |bool|`Enables pprof, which can be used for profiling.`|`false`|
 |`SSE_DEBUG_ZPAGES`| 1.0.0 |bool|`Enables zpages, which can be used for collecting and viewing in-memory traces.`|`false`|
-|`OC_TRACING_ENABLED`<br/>`SSE_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`SSE_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`SSE_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`SSE_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`SSE_KEEPALIVE_INTERVAL`| 1.0.0 |Duration|`To prevent intermediate proxies from closing the SSE connection, send periodic SSE comments to keep it open.`|`0s`|
 |`OC_EVENTS_ENDPOINT`<br/>`SSE_EVENTS_ENDPOINT`| 1.0.0 |string|`The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.`|`127.0.0.1:9233`|
 |`OC_EVENTS_CLUSTER`<br/>`SSE_EVENTS_CLUSTER`| 1.0.0 |string|`The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.`|`opencloud-cluster`|
diff --git a/static/env-vars/sse_readme.md b/static/env-vars/sse_readme.md
index 474dbecc..a005354c 100644
--- a/static/env-vars/sse_readme.md
+++ b/static/env-vars/sse_readme.md
@@ -1,6 +1,6 @@
 ---
 title: SSE
-date: 2025-11-13T17:22:55.096997+01:00
+date: 2025-11-27T22:19:23.798702+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/sse
diff --git a/static/env-vars/storage-publiclink.yaml b/static/env-vars/storage-publiclink.yaml
index 2b590625..127d622d 100644
--- a/static/env-vars/storage-publiclink.yaml
+++ b/static/env-vars/storage-publiclink.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: storage-publiclink.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/storage-publiclink_configvars.md b/static/env-vars/storage-publiclink_configvars.md
index f36a7537..e2ba94f3 100644
--- a/static/env-vars/storage-publiclink_configvars.md
+++ b/static/env-vars/storage-publiclink_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **storage-publiclink** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`STORAGE_PUBLICLINK_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`STORAGE_PUBLICLINK_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`STORAGE_PUBLICLINK_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`STORAGE_PUBLICLINK_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`STORAGE_PUBLICLINK_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`STORAGE_PUBLICLINK_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`STORAGE_PUBLICLINK_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/storage-publiclink_readme.md b/static/env-vars/storage-publiclink_readme.md
index c93f426b..2cecc1bb 100644
--- a/static/env-vars/storage-publiclink_readme.md
+++ b/static/env-vars/storage-publiclink_readme.md
@@ -1,6 +1,6 @@
 ---
-title: Storage Public Link
-date: 2025-11-12T16:20:03.610455+01:00
+title: Storage PublicLink
+date: 2025-11-27T22:19:23.798868+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/storage-publiclink
@@ -13,9 +13,48 @@ geekdocCollapseSection: true
 ## Abstract
 
 
-The `storage-publiclink` service handles public link functionality for shared resources within OpenCloud.
+The `storage-publiclink` service provides storage backend functionality for public link shares in OpenCloud. It implements the CS3 storage provider interface specifically for working with public link shared resources.
+
 
 ## Table of Contents
 
+* [Overview](#overview)
+* [Integration](#integration)
+* [Storage Registry](#storage-registry)
+* [Access Control](#access-control)
+* [Scalability](#scalability)
+
+## Overview
+
+This service is part of the storage services family and is responsible for:
+- Providing access to publicly shared resources
+- Handling anonymous access to shared content
+
+## Integration
+
+The storage-publiclink service integrates with:
+- `sharing` service - Manages and persists public link shares
+- `frontend` and `ocdav` - Provide HTTP/WebDAV access to public links
+- Storage drivers - Accesses the actual file content
+
+## Storage Registry
+
+The service is registered in the gateway's storage registry with:
+- Provider ID: `7993447f-687f-490d-875c-ac95e89a62a4`
+- Mount point: `/public`
+- Space types: `grant` and `mountpoint`
+
+See the `gateway` README for more details on storage registry configuration.
+
+## Access Control
+
+Public link shares can be configured with:
+- Password protection
+- Expiration dates
+- Read-only or read-write permissions
+- Download limits
+
+## Scalability
 
+The storage-publiclink service can be scaled horizontally.
 
diff --git a/static/env-vars/storage-shares.yaml b/static/env-vars/storage-shares.yaml
index 364221eb..0c637011 100644
--- a/static/env-vars/storage-shares.yaml
+++ b/static/env-vars/storage-shares.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: storage-shares.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/storage-shares_configvars.md b/static/env-vars/storage-shares_configvars.md
index f9509d24..ce9b2bf6 100644
--- a/static/env-vars/storage-shares_configvars.md
+++ b/static/env-vars/storage-shares_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **storage-shares** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`STORAGE_SHARES_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`STORAGE_SHARES_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`STORAGE_SHARES_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`STORAGE_SHARES_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`STORAGE_SHARES_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`STORAGE_SHARES_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`STORAGE_SHARES_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/storage-shares_readme.md b/static/env-vars/storage-shares_readme.md
index 0aa97098..ab30a3fe 100644
--- a/static/env-vars/storage-shares_readme.md
+++ b/static/env-vars/storage-shares_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Storage Shares
-date: 2025-11-12T16:20:03.610542+01:00
+date: 2025-11-27T22:19:23.799041+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/storage-shares
@@ -13,9 +13,44 @@ geekdocCollapseSection: true
 ## Abstract
 
 
-The `storage-shares` service manages shared storage resources within OpenCloud.
+The `storage-shares` service provides storage backend functionality for user and group shares in OpenCloud. It implements the CS3 storage provider interface specifically for working with shared resources.
+
 
 ## Table of Contents
 
+* [Overview](#overview)
+* [Integration](#integration)
+* [Virtual Shares Folder](#virtual-shares-folder)
+* [Storage Registry](#storage-registry)
+* [Scalability](#scalability)
+
+## Overview
+
+This service is part of the storage services family and is responsible for:
+- Providing a virtual view of received shares
+- Handling access to resources shared by other users
+
+## Integration
+
+The storage-shares service integrates with:
+- `sharing` service - Manages and persists shares
+- `storage-users` service - Accesses the underlying file content
+- `frontend` and `ocdav` - Provide HTTP/WebDAV access to shares
+
+## Virtual Shares Folder
+
+The service provides a virtual "Shares" folder for each user where all received shares are mounted. This allows users to access all files and folders that have been shared with them in a centralized location.
+
+## Storage Registry
+
+The service is registered in the gateway's storage registry with:
+- Provider ID: `a0ca6a90-a365-4782-871e-d44447bbc668`
+- Mount point: `/users/{{.CurrentUser.Id.OpaqueId}}/Shares`
+- Space types: `virtual`, `grant`, and `mountpoint`
+
+See the `gateway` README for more details on storage registry configuration.
+
+## Scalability
 
+The storage-shares service can be scaled horizontally.
 
diff --git a/static/env-vars/storage-system.yaml b/static/env-vars/storage-system.yaml
index 33caa0f6..051f3034 100644
--- a/static/env-vars/storage-system.yaml
+++ b/static/env-vars/storage-system.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: storage-system.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/storage-system_configvars.md b/static/env-vars/storage-system_configvars.md
index 920c5a9b..5fd0fde6 100644
--- a/static/env-vars/storage-system_configvars.md
+++ b/static/env-vars/storage-system_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **storage-system** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`STORAGE_SYSTEM_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`STORAGE_SYSTEM_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`STORAGE_SYSTEM_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`STORAGE_SYSTEM_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`STORAGE_SYSTEM_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`STORAGE_SYSTEM_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`STORAGE_SYSTEM_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/storage-system_readme.md b/static/env-vars/storage-system_readme.md
index 6414c30c..4edade43 100644
--- a/static/env-vars/storage-system_readme.md
+++ b/static/env-vars/storage-system_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Storage-System
-date: 2025-11-13T17:22:55.097089+01:00
+date: 2025-11-27T22:19:23.799257+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/storage-system
diff --git a/static/env-vars/storage-users.yaml b/static/env-vars/storage-users.yaml
index f64aed8e..5f33c072 100644
--- a/static/env-vars/storage-users.yaml
+++ b/static/env-vars/storage-users.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: storage-users.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/storage-users_configvars.md b/static/env-vars/storage-users_configvars.md
index b448696f..a252e28d 100644
--- a/static/env-vars/storage-users_configvars.md
+++ b/static/env-vars/storage-users_configvars.md
@@ -1,20 +1,16 @@
 
-2025-11-13-17-19-28
+2025-11-27-22-15-43
 
 # Deprecation Notice
 
 | Deprecation Info | Deprecation Version | Removal Version | Deprecation Replacement |
 |---|---|---|:---|
-|  | next |  |  |
+|  | 4.0.0 |  |  |
 Environment variables for the **storage-users** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
 |`STORAGE_USERS_SERVICE_NAME`| 1.0.0 |string|`Service name to use. Change this when starting an additional storage provider with a custom configuration to prevent it from colliding with the default 'storage-users' service.`|`storage-users`|
-|`OC_TRACING_ENABLED`<br/>`STORAGE_USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`STORAGE_USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`STORAGE_USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`STORAGE_USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`STORAGE_USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`STORAGE_USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`STORAGE_USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -113,8 +109,8 @@ Environment variables for the **storage-users** service
 |`STORAGE_USERS_POSIX_WATCH_TYPE`| 1.0.0 |string|`Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'cephfs', 'gpfswatchfolder' and 'gpfsfileauditlogging'.`|``|
 |`STORAGE_USERS_POSIX_WATCH_PATH`| 1.0.0 |string|`Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch.`|``|
 |`STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS,STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS`| 1.0.0 |string|`Comma-separated list of kafka brokers to read the watchfolder events from.`|``|
-|`STORAGE_USERS_POSIX_WATCH_ROOT`| next |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|``|
-|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| next |Duration|`Frequency to log inotify stats.`|`5m0s`|
+|`STORAGE_USERS_POSIX_WATCH_ROOT`| 4.0.0 |string|`Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers.`|``|
+|`STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY`| 4.0.0 |Duration|`Frequency to log inotify stats.`|`5m0s`|
 |`STORAGE_USERS_DATA_SERVER_URL`| 1.0.0 |string|`URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed.`|`http://localhost:9158/data`|
 |`STORAGE_USERS_DATA_GATEWAY_URL`| 1.0.0 |string|`URL of the data gateway server`|`http://localhost:9140/data`|
 |`STORAGE_USERS_TRANSFER_EXPIRES`| 1.0.0 |int64|`The time after which the token for upload postprocessing expires`|`86400`|
diff --git a/static/env-vars/storage-users_readme.md b/static/env-vars/storage-users_readme.md
index a6352270..88cd0fa8 100644
--- a/static/env-vars/storage-users_readme.md
+++ b/static/env-vars/storage-users_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Storage-Users
-date: 2025-11-13T17:22:55.097175+01:00
+date: 2025-11-27T22:19:23.799485+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/storage-users
diff --git a/static/env-vars/thumbnails.yaml b/static/env-vars/thumbnails.yaml
index 468168c4..4968262a 100644
--- a/static/env-vars/thumbnails.yaml
+++ b/static/env-vars/thumbnails.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: thumbnails.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/thumbnails_configvars.md b/static/env-vars/thumbnails_configvars.md
index b42e6157..931c2f9e 100644
--- a/static/env-vars/thumbnails_configvars.md
+++ b/static/env-vars/thumbnails_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **thumbnails** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`THUMBNAILS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`THUMBNAILS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`THUMBNAILS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`THUMBNAILS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`THUMBNAILS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`THUMBNAILS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`THUMBNAILS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/thumbnails_readme.md b/static/env-vars/thumbnails_readme.md
index 20d07927..b7c07241 100644
--- a/static/env-vars/thumbnails_readme.md
+++ b/static/env-vars/thumbnails_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Thumbnails
-date: 2025-11-13T17:22:55.0974+01:00
+date: 2025-11-27T22:19:23.799693+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/thumbnails
diff --git a/static/env-vars/userlog.yaml b/static/env-vars/userlog.yaml
index 263d9bd3..50f9f235 100644
--- a/static/env-vars/userlog.yaml
+++ b/static/env-vars/userlog.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: userlog.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/userlog_configvars.md b/static/env-vars/userlog_configvars.md
index 1b65ce94..40753381 100644
--- a/static/env-vars/userlog_configvars.md
+++ b/static/env-vars/userlog_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **userlog** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`USERLOG_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`USERLOG_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`USERLOG_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`USERLOG_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`USERLOG_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`USERLOG_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`USERLOG_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/userlog_readme.md b/static/env-vars/userlog_readme.md
index 899f1b21..723eeb5c 100644
--- a/static/env-vars/userlog_readme.md
+++ b/static/env-vars/userlog_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Userlog
-date: 2025-11-13T17:22:55.097508+01:00
+date: 2025-11-27T22:19:23.799892+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/userlog
diff --git a/static/env-vars/users.yaml b/static/env-vars/users.yaml
index d5627c01..b442cde3 100644
--- a/static/env-vars/users.yaml
+++ b/static/env-vars/users.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: users.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/users_configvars.md b/static/env-vars/users_configvars.md
index 149b063e..1a39e46b 100644
--- a/static/env-vars/users_configvars.md
+++ b/static/env-vars/users_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **users** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`USERS_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`USERS_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`USERS_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`USERS_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`USERS_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`USERS_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`USERS_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -41,7 +37,7 @@ Environment variables for the **users** service
 |`OC_LDAP_USER_SCHEMA_USER_TYPE`<br/>`USERS_LDAP_USER_TYPE_ATTRIBUTE`| 1.0.0 |string|`LDAP Attribute to distinguish between 'Member' and 'Guest' users. Default is 'openCloudUserType'.`|`openCloudUserType`|
 |`OC_LDAP_DISABLED_USERS_GROUP_DN`<br/>`USERS_LDAP_DISABLED_USERS_GROUP_DN`| 1.0.0 |string|`The distinguished name of the group to which added users will be classified as disabled when 'disable_user_mechanism' is set to 'group'.`|`cn=DisabledUsersGroup,ou=groups,o=libregraph-idm`|
 |`OC_LDAP_USER_SCHEMA_ID`<br/>`USERS_LDAP_USER_SCHEMA_ID`| 1.0.0 |string|`LDAP Attribute to use as the unique ID for users. This should be a stable globally unique ID like a UUID.`|`openclouduuid`|
-|`OC_LDAP_USER_SCHEMA_TENANT_ID`<br/>`USERS_LDAP_USER_SCHEMA_TENANT_ID`| next |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``|
+|`OC_LDAP_USER_SCHEMA_TENANT_ID`<br/>`USERS_LDAP_USER_SCHEMA_TENANT_ID`| 4.0.0 |string|`LDAP Attribute to use for the tenant ID of users. This is used to identify the tenant of a user in a multi-tenant environment.`|``|
 |`OC_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`<br/>`USERS_LDAP_USER_SCHEMA_ID_IS_OCTETSTRING`| 1.0.0 |bool|`Set this to true if the defined 'ID' attribute for users is of the 'OCTETSTRING' syntax. This is e.g. required when using the 'objectGUID' attribute of Active Directory for the user ID's.`|`false`|
 |`OC_LDAP_USER_SCHEMA_MAIL`<br/>`USERS_LDAP_USER_SCHEMA_MAIL`| 1.0.0 |string|`LDAP Attribute to use for the email address of users.`|`mail`|
 |`OC_LDAP_USER_SCHEMA_DISPLAYNAME`<br/>`USERS_LDAP_USER_SCHEMA_DISPLAYNAME`| 1.0.0 |string|`LDAP Attribute to use for the displayname of users.`|`displayname`|
diff --git a/static/env-vars/users_readme.md b/static/env-vars/users_readme.md
index 2b8717f4..828be8b5 100644
--- a/static/env-vars/users_readme.md
+++ b/static/env-vars/users_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Users
-date: 2025-11-12T16:20:03.611091+01:00
+date: 2025-11-27T22:19:23.800072+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/users
@@ -13,9 +13,38 @@ geekdocCollapseSection: true
 ## Abstract
 
 
-The `users` service provides user management functionality within OpenCloud.
+The `users` service provides the CS3 Users API for OpenCloud. It is responsible for managing user information and authentication within the OpenCloud instance.
+
+This service implements the CS3 identity user provider interface, allowing other services to query and manage user accounts. It works as a backend provider for the `graph` service when using the CS3 backend mode.
+
 
 ## Table of Contents
 
+* [Backend Integration](#backend-integration)
+* [API](#api)
+* [Usage](#usage)
+* [Scalability](#scalability)
+
+## Backend Integration
+
+The users service can work with different storage backends:
+- LDAP integration through the graph service
+- Direct CS3 API implementation
+
+When using the `graph` service with the CS3 backend (`GRAPH_IDENTITY_BACKEND=cs3`), the graph service queries user information through this service.
+
+## API
+
+The service provides CS3 gRPC APIs for:
+- Listing users
+- Getting user information
+- Finding users by username, email, or ID
+
+## Usage
+
+The users service is only used internally by other OpenCloud services and not being accessed directly by clients. The `frontend`, `ocs`, and `graph` services translate HTTP API requests into CS3 API calls to this service.
+
+## Scalability
 
+Since the users service queries backend systems (like LDAP through the configured identity backend), it can be scaled horizontally without additional configuration when using stateless backends.
 
diff --git a/static/env-vars/web.yaml b/static/env-vars/web.yaml
index 99e2d2a8..90941151 100644
--- a/static/env-vars/web.yaml
+++ b/static/env-vars/web.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: web.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/web_configvars.md b/static/env-vars/web_configvars.md
index 355665ec..ad02fe03 100644
--- a/static/env-vars/web_configvars.md
+++ b/static/env-vars/web_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **web** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`WEB_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`WEB_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`WEB_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`WEB_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`WEB_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`WEB_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`WEB_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -54,6 +50,6 @@ Environment variables for the **web** service
 |`WEB_OPTION_CONCURRENT_REQUESTS_SSE`| 1.0.0 |int|`Defines the maximum number of concurrent requests in SSE event handlers. Defaults to 4.`|`0`|
 |`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_CREATE`| 1.0.0 |int|`Defines the maximum number of concurrent requests per sharing invite batch. Defaults to 4.`|`0`|
 |`WEB_OPTION_CONCURRENT_REQUESTS_SHARES_LIST`| 1.0.0 |int|`Defines the maximum number of concurrent requests when loading individual share information inside listings. Defaults to 2.`|`0`|
-|`WEB_OPTION_DEFAULT_APP_ID`| next |string|`Defines the entrypoint for the web ui.`|``|
+|`WEB_OPTION_DEFAULT_APP_ID`| 4.0.0 |string|`Defines the entrypoint for the web ui.`|``|
 |`OC_JWT_SECRET`<br/>`WEB_JWT_SECRET`| 1.0.0 |string|`The secret to mint and validate jwt tokens.`|``|
 |`WEB_GATEWAY_GRPC_ADDR`| 1.0.0 |string|`The bind address of the GRPC service.`|`eu.opencloud.api.gateway`|
diff --git a/static/env-vars/web_readme.md b/static/env-vars/web_readme.md
index 2fc32a96..2717cc0a 100644
--- a/static/env-vars/web_readme.md
+++ b/static/env-vars/web_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Web
-date: 2025-11-13T17:22:55.097596+01:00
+date: 2025-11-27T22:19:23.800257+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/web
@@ -38,7 +38,7 @@ The web service also provides a minimal API for branding functionality like chan
 
 If you want to use your custom compiled web client assets instead of the embedded ones,
 then you can do that by setting the `WEB_ASSET_CORE_PATH` variable to point to your compiled files.
-See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/docs/dev/web/getting-started) for more details.
+See [OpenCloud Web / Getting Started](https://docs.opencloud.eu/clients/web/getting-started/) for more details.
 
 ## Web UI Configuration
 
diff --git a/static/env-vars/webdav.yaml b/static/env-vars/webdav.yaml
index a644ed8a..39a7ce3c 100644
--- a/static/env-vars/webdav.yaml
+++ b/static/env-vars/webdav.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: webdav.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
@@ -47,5 +42,3 @@ disablePreviews: false
 opencloud_public_url: https://localhost:9200
 webdav_namespace: /users/{{.Id.OpaqueId}}
 reva_gateway: eu.opencloud.api.gateway
-reva_gateway_tls_mode: ""
-reva_gateway_tls_cacert: ""
diff --git a/static/env-vars/webdav_configvars.md b/static/env-vars/webdav_configvars.md
index 3d88f259..eaa32876 100644
--- a/static/env-vars/webdav_configvars.md
+++ b/static/env-vars/webdav_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **webdav** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`WEBDAV_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`WEBDAV_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`WEBDAV_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`WEBDAV_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`WEBDAV_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`WEBDAV_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`WEBDAV_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
@@ -27,5 +23,3 @@ Environment variables for the **webdav** service
 |`OC_URL`<br/>`OC_PUBLIC_URL`| 1.0.0 |string|`URL, where OpenCloud is reachable for users.`|`https://localhost:9200`|
 |`WEBDAV_WEBDAV_NAMESPACE`| 1.0.0 |string|`CS3 path layout to use when forwarding /webdav requests`|`/users/{{.Id.OpaqueId}}`|
 |`OC_REVA_GATEWAY`| 1.0.0 |string|`CS3 gateway used to look up user metadata`|`eu.opencloud.api.gateway`|
-|`OC_REVA_GATEWAY_TLS_MODE`| 1.0.0 |string|`TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification.`|``|
-|`OC_REVA_GATEWAY_TLS_CACERT`| 1.0.0 |string|`The root CA certificate used to validate the gateway's TLS certificate.`|``|
diff --git a/static/env-vars/webdav_readme.md b/static/env-vars/webdav_readme.md
index ae99a3e1..ebc9e39a 100644
--- a/static/env-vars/webdav_readme.md
+++ b/static/env-vars/webdav_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Webdav
-date: 2025-11-13T17:22:55.097697+01:00
+date: 2025-11-27T22:19:23.800441+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/webdav
diff --git a/static/env-vars/webfinger.yaml b/static/env-vars/webfinger.yaml
index a3166530..fd77ff1b 100644
--- a/static/env-vars/webfinger.yaml
+++ b/static/env-vars/webfinger.yaml
@@ -1,11 +1,6 @@
 # Autogenerated
 # Filename: webfinger.yaml
 
-tracing:
-  enabled: false
-  type: ""
-  endpoint: ""
-  collector: ""
 log:
   level: ""
   pretty: false
diff --git a/static/env-vars/webfinger_configvars.md b/static/env-vars/webfinger_configvars.md
index 81d0b840..08733164 100644
--- a/static/env-vars/webfinger_configvars.md
+++ b/static/env-vars/webfinger_configvars.md
@@ -2,10 +2,6 @@ Environment variables for the **webfinger** service
 
 | Name | Introduction Version | Type | Description | Default Value |
 |---|---|---|---|:---|
-|`OC_TRACING_ENABLED`<br/>`WEBFINGER_TRACING_ENABLED`| 1.0.0 |bool|`Activates tracing.`|`false`|
-|`OC_TRACING_TYPE`<br/>`WEBFINGER_TRACING_TYPE`| 1.0.0 |string|`The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.`|``|
-|`OC_TRACING_ENDPOINT`<br/>`WEBFINGER_TRACING_ENDPOINT`| 1.0.0 |string|`The endpoint of the tracing agent.`|``|
-|`OC_TRACING_COLLECTOR`<br/>`WEBFINGER_TRACING_COLLECTOR`| 1.0.0 |string|`The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.`|``|
 |`OC_LOG_LEVEL`<br/>`WEBFINGER_LOG_LEVEL`| 1.0.0 |string|`The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.`|``|
 |`OC_LOG_PRETTY`<br/>`WEBFINGER_LOG_PRETTY`| 1.0.0 |bool|`Activates pretty log output.`|`false`|
 |`OC_LOG_COLOR`<br/>`WEBFINGER_LOG_COLOR`| 1.0.0 |bool|`Activates colorized log output.`|`false`|
diff --git a/static/env-vars/webfinger_readme.md b/static/env-vars/webfinger_readme.md
index 453ca630..3adab2f3 100644
--- a/static/env-vars/webfinger_readme.md
+++ b/static/env-vars/webfinger_readme.md
@@ -1,6 +1,6 @@
 ---
 title: Webfinger
-date: 2025-11-13T17:22:55.097774+01:00
+date: 2025-11-27T22:19:23.800612+01:00
 weight: 20
 geekdocRepo: https://github.com/opencloud-eu/opencloud
 geekdocEditPath: edit/master/services/webfinger