diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index e7f7cfc1..c145ee43 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -511,6 +511,15 @@ md-eu1.qa.komreg.net:
            - 'se-tug-lb-1.sunet.se'
          port: '443'
 
+'^demw-[0-9]+\.qa\.sveidas\.se$':
+   sunet_iaas_cloud:
+   eid::dockerhost:
+   konsulter:
+   autoupdate:
+   eidas_de_middleware:
+      version: 106-rs
+      hostname: qa.demw.eidas.swedenconnect.se
+
 '^refidp-[0-9]+\.qa\.sveidas\.se$':
    sunet_iaas_cloud:
    eid::dockerhost:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index ac696214..a3e518a0 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -258,6 +258,14 @@ class eidas_de_middleware($version="106-rs",$hostname='localhost') {
    $middleware_crypt_pin = safe_hiera('middleware_crypt_pin')
    $middleware_sign_pin = safe_hiera('middleware_sign_pin')
    file {['/etc/eidas-middleware','/etc/eidas-middleware/configuration','/etc/eidas-middleware/database']: ensure => directory } ->
+   sunet::snippets::secret_file {"/etc/eidas-middleware/configuration/eidasmw-signature-keystore.jks":
+      hiera_key => 'eidasmw-signature-keystore',
+      base64    => true
+   } ->
+   sunet::snippets::secret_file {"/etc/eidas-middleware/configuration/eidasmw-crypto-keystore.jks":
+      hiera_key => 'eidasmw-crypto-keystore',
+      base64    => true
+   } ->
    sunet::docker_run {'eidas-demw':
       image    => 'docker.sunet.se/eidas-demw',
       imagetag => $_version,