diff --git a/deployment/questionnaire/questionnaire.dat b/deployment/questionnaire/questionnaire.dat
index 9e57c6154973c88eb0b1ef3af0d696322e4e6626..344c47b19f16bc2dd9ed2e379d314b23eb648f14 100644
--- a/deployment/questionnaire/questionnaire.dat
+++ b/deployment/questionnaire/questionnaire.dat
@@ -20,6 +20,7 @@ DBPASS=@@@generate@@@:20@
 DRIVE_SMTP_PASSWORD=@@@generate@@@:16@
 POSTFIXADMIN_SSH_PASSWORD=@@@generate@@@:20@
 CREATE_ACCOUNT_PASSWORD=@@@generate@@@:20@
+ECLOUD_ACCOUNTS_SECRET=@@@generate@@@:20@
 
 PFA_SUPERADMIN_PASSWORD=1@@@generate@@@:16@2
 
diff --git a/scripts/base.sh b/scripts/base.sh
index 3675432dd1e25511bd1b243c24b42da9ca8adfa6..d79cd93ca6623b1e66e0ce9b67fdbd175b8d74d0 100755
--- a/scripts/base.sh
+++ b/scripts/base.sh
@@ -40,3 +40,6 @@ SMTP_PW=$(grep ^SMTP_PW= "$ENVFILE" | awk -F= '{ print $NF }')
 SMTP_HOST=$(grep ^SMTP_HOST= "$ENVFILE" | awk -F= '{ print $NF }')
 
 MYSQL_ROOT_PASSWORD=$(grep ^MYSQL_ROOT_PASSWORD= "$ENVFILE" | awk -F= '{ print $NF }')
+
+ECLOUD_ACCOUNTS_SECRET=$(grep ^ECLOUD_ACCOUNTS_SECRET= "$ENVFILE" | awk -F= '{ print $NF }')
+
diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh
index 1e9571e363adaa0c9213b28deb1f7cd48f2767d4..0e81f2ac5772746383b333313aae5a867e73755a 100755
--- a/scripts/init-repo.sh
+++ b/scripts/init-repo.sh
@@ -174,6 +174,7 @@ mkdir -p /mnt/repo-base/volumes/nextcloud/{html,data,log}
 mkdir  "/mnt/repo-base/volumes/nextcloud/html/config/"
 cat /mnt/repo-base/templates/nextcloud/config.php | sed "s/@@@DOMAIN@@@/$DOMAIN/g" | \
     sed "s/@@@DRIVE_SMTP_PASSWORD@@@/$DRIVE_SMTP_PASSWORD/g" | sed "s/@@@PFDB_DB@@@/$PFDB_DB/g" | \
+    sed "s/@@@ECLOUD_ACCOUNTS_SECRET@@@/$ECLOUD_ACCOUNTS_SECRET/g" | \
     sed "s/@@@PFDB_USR@@@/$PFDB_USR/g" | sed "s/@@@DBPASS@@@/$PFDB_DBPASS/g" > \
     "/mnt/repo-base/volumes/nextcloud/html/config/config.php"
 chown -R www-data: "/mnt/repo-base/volumes/nextcloud/"
diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
index 4117fa48c6f0de7261b8ba3e64593f7b5a981493..6aae5905b3d378aaedbdc72f67e00716c7f1ca82 100755
--- a/scripts/postinstall.sh
+++ b/scripts/postinstall.sh
@@ -46,7 +46,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enabl
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable contacts
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable news
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable email-recovery
-docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud_drop_account
+docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-accounts
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-theme-helper
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable ecloud-launcher
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable firstrunwizard
@@ -57,9 +57,9 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set integrity.check.disabled --value='true' --type=boolean
 
 echo "Installing custom ecloud drop account plugin"
-# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud_drop_account plugin
+# Add WELCOME_SECRET from .env file as a system config value, to be used by our ecloud-accounts plugin
 docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_secret --value="$WELCOME_SECRET"
-# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud_drop_account plugin
+# Add VHOST_ACCOUNTS from .env file as a system config value, to be used by our ecloud-accounts plugin
 docker-compose exec -T --user www-data nextcloud php occ config:system:set e_welcome_domain --value="welcome.$DOMAIN"
 
 # Add missing indices
@@ -102,13 +102,14 @@ echo "Setting the right domain in welcome templates"
 docker-compose exec -T welcome find /var/www/html/invite_template/ -type f -exec sed -i "s/ecloud\.global/$DOMAIN/g" {} \;
 docker-compose exec -T welcome find /var/www/html/invite_template/ -type f -exec sed -i "s/e\.email/$DOMAIN/g" {} \;
 docker-compose exec -T welcome find /var/www/html/ -type f -name '*.html' -exec sed -i "s/e\.email/$DOMAIN/g" {} \;
+docker-compose exec -T welcome find /var/www/html/account_created_templates/ -type f -exec sed -i "s/ecloud\.global/$DOMAIN/g" {} \;
 
 # display DKIM DNS setup info/instructions to the user
 echo -e "\n\n\n"
 echo -e "Please add the following records to your domain's DNS configuration:\n"
 find /mnt/repo-base/volumes/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while read line; do
     DOMAIN=$(basename $line)
-    echo "  - DKIM record (TXT) for $DOMAIN:" && cat $line/mail.public.key
+    echo "  - DKIM record (TXT) for $DOMAIN:" &&  sed $'N;s/"\\n\t"//g' $line/mail.public.key
 done
 
 echo "================================================================================================================================="
diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml
index 87206a9bb94c61de986a8747a3bc23b366c4f81c..aae05aacbab9eb84ddde56207fe641c28e7a47e0 100644
--- a/templates/docker-compose/docker-compose.yml
+++ b/templates/docker-compose/docker-compose.yml
@@ -81,7 +81,7 @@ services:
       - /mnt/repo-base/volumes/mysql/db/data:/var/lib/mysql
       - /mnt/repo-base/config/mariadb/:/etc/mysql/conf.d/:ro
   redis:
-    image: redis:6.0-alpine
+    image: redis:6.2-alpine
     container_name: redis
     restart: always
     networks:
@@ -92,7 +92,7 @@ services:
       - /mnt/repo-base/volumes/redis/tmp:/tmp/redis
 
   welcome:
-    image: registry.gitlab.e.foundation/e/infra/docker-welcome:2.1.3
+    image: registry.gitlab.e.foundation/e/infra/docker-welcome:2.5.0
     container_name: welcome
     environment:
       - DOMAINS=${VHOSTS_ACCOUNTS}
@@ -108,6 +108,9 @@ services:
       - SMTP_HOST=${SMTP_HOST}
       - SMTP_FROM=${SMTP_FROM}
       - SMTP_PW=${SMTP_PW}
+      - WELCOME_SMTP_FROM=${SMTP_FROM}
+      - WELCOME_SMTP_PW=${SMTP_PW}
+      - ECLOUD_ACCOUNTS_SECRET=${ECLOUD_ACCOUNTS_SECRET}
       - SMTP_PORT=587
       - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
       - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
@@ -123,7 +126,7 @@ services:
       - "${DOMAIN}:${NC_HOST_IP}"
 
   nextcloud:
-    image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud:selfhost
+    image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:selfhost-21-0-9-12
     container_name: nextcloud
     restart: always
     networks:
@@ -164,7 +167,7 @@ services:
       - /mnt/repo-base/config/automx/automx.conf:/etc/automx.conf
 
   nginx:
-    image: nginx:1.19-alpine
+    image: nginx:1.20-alpine
     container_name: nginx
     restart: unless-stopped
     networks:
diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php
index 70d568970e4c7d41350fa271810062d997753aa5..b3c97b6df692c611028faa8509dc96b86805e18b 100644
--- a/templates/nextcloud/config.php
+++ b/templates/nextcloud/config.php
@@ -43,6 +43,9 @@ $CONFIG = array (
   'mail_smtpport' => '587',
   'mail_smtpsecure' => 'tls',
   'installed' => false,
+  'ecloud-accounts' => [
+    'secret' => '@@@ECLOUD_ACCOUNTS_SECRET@@@'
+  ],
   'user_backend_sql_raw' =>
   array (
     'db_type' => 'mariadb',
diff --git a/upgrade-guides/upgrade-to-21.0.9.12.md b/upgrade-guides/upgrade-to-21.0.9.12.md
new file mode 100644
index 0000000000000000000000000000000000000000..f3b1f28ef8dd6e21001d1ef2bdddb971acf4ff7e
--- /dev/null
+++ b/upgrade-guides/upgrade-to-21.0.9.12.md
@@ -0,0 +1,39 @@
+# To upgrade from ecloud 20.x.x.x to 21.0.9.12
+
+- In your `docker-compose.yml` file update the following:
+  - Set the redis image to `redis:6.2-alpine`
+  - Set the welcome image to `registry.gitlab.e.foundation/e/infra/docker-welcome:2.5.0`
+  - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:selfhost-21-0-9-12`
+  - Set the nginx image to `nginx:1.20-alpine`
+  - Under `welcome`, set the following env variables:
+    - ```
+      environment:
+        ...
+        - WELCOME_SMTP_FROM=${SMTP_FROM}
+        - WELCOME_SMTP_PW=${SMTP_PW}
+        ...
+      ```
+
+- Add `ecloud-accounts` secret to secure the `ecloud-accounts` API:
+  - Generate a secure secret string
+  - Add it to `volumes/nextcloud/html/config/config.php` with an entry like:
+    - ```php
+      ...
+      'ecloud-accounts' => [
+        'secret' => 'secure-secret'
+      ],
+      ...
+  - Add this to your `.env` file as `ECLOUD_ACCOUNTS_SECRET=secure-secret`
+  - Add it to the environment variables of `welcome` in `docker-compose.yml`:
+    - ```
+      environment:
+        ...
+        - ECLOUD_ACCOUNTS_SECRET=${ECLOUD_ACCOUNTS_SECRET}
+        ...
+      ```
+      
+
+- Run `docker-compose pull`
+- Run `docker-compose up -d`
+- Enable the `ecloud-accounts` app:
+  `docker exec -u www-data nextcloud /var/www/html/occ app:enable ecloud-accounts`
\ No newline at end of file