diff --git a/.factorypath b/.factorypath
index e08d3a32a3..8b59ae4de5 100644
--- a/.factorypath
+++ b/.factorypath
@@ -1,5 +1,5 @@
 <factorypath>
-    <factorypathentry kind="VARJAR" id="M2_REPO/org/projectlombok/lombok/1.18.20/lombok-1.18.20.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/org/projectlombok/lombok/1.18.22/lombok-1.18.22.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/boot/spring-boot-starter-thymeleaf/2.5.5/spring-boot-starter-thymeleaf-2.5.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/thymeleaf/thymeleaf-spring5/3.0.12.RELEASE/thymeleaf-spring5-3.0.12.RELEASE.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/thymeleaf/thymeleaf/3.0.12.RELEASE/thymeleaf-3.0.12.RELEASE.jar" enabled="true" runInBatchMode="false"/>
@@ -25,7 +25,6 @@
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/boot/spring-boot-starter-json/2.5.5/spring-boot-starter-json-2.5.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-databind/2.12.5/jackson-databind-2.12.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-annotations/2.12.5/jackson-annotations-2.12.5.jar" enabled="true" runInBatchMode="false"/>
-    <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-core/2.12.5/jackson-core-2.12.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.12.5/jackson-datatype-jdk8-2.12.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.12.5/jackson-datatype-jsr310-2.12.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/module/jackson-module-parameter-names/2.12.5/jackson-module-parameter-names-2.12.5.jar" enabled="true" runInBatchMode="false"/>
@@ -40,7 +39,6 @@
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/spring-expression/5.3.10/spring-expression-5.3.10.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/cloud/spring-cloud-starter-vault-config/3.0.4/spring-cloud-starter-vault-config-3.0.4.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" enabled="true" runInBatchMode="false"/>
-    <factorypathentry kind="VARJAR" id="M2_REPO/commons-codec/commons-codec/1.15/commons-codec-1.15.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/cloud/spring-cloud-starter/3.0.4/spring-cloud-starter-3.0.4.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/cloud/spring-cloud-context/3.0.4/spring-cloud-context-3.0.4.jar" enabled="true" runInBatchMode="false"/>
@@ -103,7 +101,6 @@
     <factorypathentry kind="VARJAR" id="M2_REPO/com/martiansoftware/nailgun-server/0.9.1/nailgun-server-0.9.1.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/joda-time/joda-time/2.10.5/joda-time-2.10.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/headius/backport9/1.8/backport9-1.8.jar" enabled="true" runInBatchMode="false"/>
-    <factorypathentry kind="VARJAR" id="M2_REPO/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/jruby/jruby-stdlib/9.2.14.0/jruby-stdlib-9.2.14.0.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/beust/jcommander/1.72/jcommander-1.72.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/jruby/jruby-complete/9.3.0.0/jruby-complete-9.3.0.0.jar" enabled="true" runInBatchMode="false"/>
@@ -111,4 +108,41 @@
     <factorypathentry kind="VARJAR" id="M2_REPO/org/webjars/popper.js/2.9.3/popper.js-2.9.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/webjars/npm/github-buttons/2.14.1/github-buttons-2.14.1.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/springframework/boot/spring-boot-devtools/2.5.5/spring-boot-devtools-2.5.5.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/cloud/google-cloud-bigquery/2.3.3/google-cloud-bigquery-2.3.3.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/cloud/google-cloud-core/2.2.0/google-cloud-core-2.2.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/protobuf/protobuf-java-util/3.18.1/protobuf-java-util-3.18.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/code/gson/gson/2.8.8/gson-2.8.8.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/api/grpc/proto-google-common-protos/2.6.0/proto-google-common-protos-2.6.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/api/grpc/proto-google-iam-v1/1.1.6/proto-google-iam-v1-1.1.6.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/auth/google-auth-library-credentials/1.2.1/google-auth-library-credentials-1.2.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/http-client/google-http-client-gson/1.40.1/google-http-client-gson-1.40.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/protobuf/protobuf-java/3.18.1/protobuf-java-3.18.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/cloud/google-cloud-core-http/2.2.0/google-cloud-core-http-2.2.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/api-client/google-api-client/1.32.2/google-api-client-1.32.2.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/oauth-client/google-oauth-client/1.32.1/google-oauth-client-1.32.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/http-client/google-http-client-apache-v2/1.40.1/google-http-client-apache-v2-1.40.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/http-client/google-http-client-appengine/1.40.1/google-http-client-appengine-1.40.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/api/gax-httpjson/0.91.1/gax-httpjson-0.91.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/io/opencensus/opencensus-api/0.28.0/opencensus-api-0.28.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/io/grpc/grpc-context/1.41.0/grpc-context-1.41.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/io/opencensus/opencensus-contrib-http-util/0.28.0/opencensus-contrib-http-util-0.28.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/http-client/google-http-client-jackson2/1.40.1/google-http-client-jackson2-1.40.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-core/2.12.5/jackson-core-2.12.5.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/http-client/google-http-client/1.40.1/google-http-client-1.40.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/commons-logging/commons-logging/1.2/commons-logging-1.2.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/commons-codec/commons-codec/1.15/commons-codec-1.15.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/auth/google-auth-library-oauth2-http/1.2.1/google-auth-library-oauth2-http-1.2.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/apis/google-api-services-bigquery/v2-rev20211017-1.32.1/google-api-services-bigquery-v2-rev20211017-1.32.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/api/api-common/2.0.5/api-common-2.0.5.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/guava/guava/31.0.1-jre/guava-31.0.1-jre.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/api/gax/2.6.1/gax-2.6.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/org/threeten/threetenbp/1.5.1/threetenbp-1.5.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/google/errorprone/error_prone_annotations/2.9.0/error_prone_annotations-2.9.0.jar" enabled="true" runInBatchMode="false"/>
 </factorypath>
diff --git a/.gitignore b/.gitignore
index e913def77b..c57e626c06 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,6 +52,9 @@ aws/.terraform.tfstate.lock.info
 
 # Templated
 gcp/k8s/secret-volume.yml
+gcp/k8s/secret-challenge-vault-deployment.yml
 
 # Challenge 12 ;-)
-.github/scripts/yourkey.txt
\ No newline at end of file
+.github/scripts/yourkey.txt
+
+
diff --git a/Dockerfile.web b/Dockerfile.web
index 4961806710..ab96c4501c 100644
--- a/Dockerfile.web
+++ b/Dockerfile.web
@@ -1,6 +1,6 @@
-FROM jeroenwillemsen/addo-example:1.0.4-no-vault
+FROM jeroenwillemsen/wrongsecrets:java-rebuild3-no-vault
 
-ARG argBasedVersion="1.0.4"
+ARG argBasedVersion="1.0.4b"
 ENV APP_VERSION=$argBasedVersion
 ENV K8S_ENV=Heroku(Docker)
 CMD java -jar -Dserver.port=$PORT -Dspring.profiles.active=without-vault application.jar
\ No newline at end of file
diff --git a/README.md b/README.md
index 6fafc4c24b..5ecf38615f 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ For the basic docker exercises you currently require:
 You can install it by doing:
 
 ```bash
-docker run -p 8080:8080 jeroenwillemsen/addo-example:1.0.4-no-vault
+docker run -p 8080:8080 jeroenwillemsen/wrongsecrets:1.0.4-no-vault
 ```
 
 Now you can try to find the secrets by means of solving the challenge offered at:
@@ -186,3 +186,13 @@ To make changes made load faster we added `spring-dev-tools` to the Maven projec
 - Under Advanced settings -> Allow auto-make to start even if developed application is currently running.
 
 You can also manually invoke: Build -> Recompile the file you just changed, this will also force a reload of the application.
+
+### How to add a Challenge
+
+Follow the steps below on adding a challenge:
+
+1. First make sure that you have an [Issue](https://github.com/commjoen/wrongsecrets/issues) reported for which a challenge is really wanteds.
+2. Add the new challenge in the `org.owasp.wrongsecrets.challenges` folder. Make sure you add an explanation in `src/main/resources/explanations` and refer to it from your new Challenge class.
+3. Add a unit and integration test to show that your challenge is working.
+
+If you want to move existing cloud challenges to antoerh cloud: extend Challenge classes in the `org.owasp.wrongsecrets.challenges.cloud` package and make sure you add the required Terraform in a folder with the separate cloud identified. Collaborate with the others at the project to get your container running so you can test at the cloud account.
\ No newline at end of file
diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml
index c562f0a0d5..0f940bbfc2 100644
--- a/aws/k8s/secret-challenge-vault-deployment.yml
+++ b/aws/k8s/secret-challenge-vault-deployment.yml
@@ -33,7 +33,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-aws-secretsmanager"
       containers:
-        - image: jeroenwillemsen/addo-example:1.0.4-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.0.4-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
diff --git a/gcp/k8s-vault-gcp-start.sh b/gcp/k8s-vault-gcp-start.sh
index 4e3914e6c5..4c3c351258 100755
--- a/gcp/k8s-vault-gcp-start.sh
+++ b/gcp/k8s-vault-gcp-start.sh
@@ -4,8 +4,7 @@
 # set -o nounset
 
 function checkCommandsAvailable() {
-  for var in "$@"
-  do
+  for var in "$@"; do
     if ! [ -x "$(command -v "$var")" ]; then
       echo "🔥 ${var} is not installed." >&2
       exit 1
@@ -15,9 +14,9 @@ function checkCommandsAvailable() {
   done
 }
 
-checkCommandsAvailable helm minikube jq vault sed grep docker grep cat gcloud
+checkCommandsAvailable helm minikube jq vault sed grep docker grep cat gcloud envsubst
 
-echo "This is a script to bootstrap the configuration. You need to have installed: helm, kubectl, jq, vault, grep, cat, sed, and google cloud cli, and is only tested on mac, Debian and Ubuntu"
+echo "This is a script to bootstrap the configuration. You need to have installed: helm, kubectl, jq, vault, grep, cat, sed, envsubst, and google cloud cli, and is only tested on mac, Debian and Ubuntu"
 echo "This script is based on the steps defined in https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube. Vault is awesome!"
 
 export GCP_PROJECT=$(gcloud config list --format 'value(core.project)' 2>/dev/null)
@@ -148,6 +147,8 @@ kubectl annotate serviceaccount \
   --namespace default default \
   "iam.gke.io/gcp-service-account=wrongsecrets-workload-sa@${GCP_PROJECT}.iam.gserviceaccount.com"
 
+envsubst <./k8s/secret-challenge-vault-deployment.yml.tpl >./k8s/secret-challenge-vault-deployment.yml
+
 kubectl apply -f./k8s/secret-challenge-vault-deployment.yml
 while [[ $(kubectl get pods -l app=secret-challenge -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; do echo "waiting for secret-challenge" && sleep 2; done
 #kubectl expose deployment secret-challenge --type=LoadBalancer --port=8080
diff --git a/gcp/k8s/secret-challenge-vault-deployment.yml b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
similarity index 93%
rename from gcp/k8s/secret-challenge-vault-deployment.yml
rename to gcp/k8s/secret-challenge-vault-deployment.yml.tpl
index f152db230d..90ce867d23 100644
--- a/gcp/k8s/secret-challenge-vault-deployment.yml
+++ b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl
@@ -33,7 +33,7 @@ spec:
             volumeAttributes:
               secretProviderClass: "wrongsecrets-gcp-secretsmanager"
       containers:
-        - image: jeroenwillemsen/addo-example:1.0.4-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.0.4-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
@@ -43,6 +43,8 @@ spec:
           terminationMessagePath: /dev/termination-log
           terminationMessagePolicy: File
           env:
+            - name: GCP_PROJECT_ID
+              value: ${GCP_PROJECT}
             - name: K8S_ENV
               value: gcp
             - name: SPECIAL_K8S_SECRET
diff --git a/gcp/secrets.tf b/gcp/secrets.tf
index 157e217927..4954eb59fd 100644
--- a/gcp/secrets.tf
+++ b/gcp/secrets.tf
@@ -22,7 +22,7 @@ resource "random_password" "password" {
   override_special = "_%@"
 }
 
-resource "google_secret_manager_secret_version" "secret-version-basic" {
+resource "google_secret_manager_secret_version" "secret_version_basic" {
   secret = google_secret_manager_secret.wrongsecret_1.id
 
   secret_data = random_password.password.result
diff --git a/k8s/secret-challenge-deployment.yml b/k8s/secret-challenge-deployment.yml
index 9d4c2c3cd8..ca87a1d4b1 100644
--- a/k8s/secret-challenge-deployment.yml
+++ b/k8s/secret-challenge-deployment.yml
@@ -25,7 +25,7 @@ spec:
       name: secret-challenge
     spec:
       containers:
-        - image: jeroenwillemsen/addo-example:1.0.4-no-vault
+        - image: jeroenwillemsen/wrongsecrets:1.0.4-no-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml
index d3a0ed1ebd..0bd60906ef 100644
--- a/k8s/secret-challenge-vault-deployment.yml
+++ b/k8s/secret-challenge-vault-deployment.yml
@@ -26,7 +26,7 @@ spec:
     spec:
       serviceAccountName: vault
       containers:
-        - image: jeroenwillemsen/addo-example:1.0.4-k8s-vault
+        - image: jeroenwillemsen/wrongsecrets:1.0.4-k8s-vault
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 8080
diff --git a/pom.xml b/pom.xml
index 1ad2a54060..26441b7e6a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,6 +31,7 @@
         <jruby.version>9.3.0.0</jruby.version>
         <bootstrap.version>5.1.2</bootstrap.version>
         <github.button.version>2.14.1</github.button.version>
+        <gcp.sdk.version>24.0.0</gcp.sdk.version>
     </properties>
 
     <dependencies>
@@ -105,6 +106,10 @@
             <artifactId>spring-boot-devtools</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>com.google.cloud</groupId>
+            <artifactId>google-cloud-secretmanager</artifactId>
+        </dependency>
     </dependencies>
 
     <dependencyManagement>
@@ -116,6 +121,13 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+            <dependency>
+                <groupId>com.google.cloud</groupId>
+                <artifactId>libraries-bom</artifactId>
+                <version>${gcp.sdk.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
diff --git a/src/main/java/org/owasp/wrongsecrets/ChallengesController.java b/src/main/java/org/owasp/wrongsecrets/ChallengesController.java
index 995cf859e0..af2fb74780 100644
--- a/src/main/java/org/owasp/wrongsecrets/ChallengesController.java
+++ b/src/main/java/org/owasp/wrongsecrets/ChallengesController.java
@@ -19,11 +19,16 @@ public class ChallengesController {
     private final String version;
     private final ScoreCard scoreCard;
     private final List<Challenge> challenges;
+    private final String k8sEnvironment;
 
-    public ChallengesController(@Value("${APP_VERSION}") String version, ScoreCard scoreCard, List<Challenge> challenges) {
+    public ChallengesController(@Value("${APP_VERSION}") String version, ScoreCard scoreCard, List<Challenge> challenges, @Value("${K8S_ENV}") String k8sEnvironment) {
         this.version = version;
         this.scoreCard = scoreCard;
         this.challenges = challenges;
+        /**
+         * note: this is required as "environment" in our model, as the templates require it to show the right cloud explanation
+         */
+        this.k8sEnvironment = k8sEnvironment;
     }
 
     /**
@@ -58,18 +63,30 @@ public String challenge(Model model, @PathVariable String id) {
         model.addAttribute("answerIncorrect", null);
         model.addAttribute("solution", null);
         model.addAttribute("challengeNumber", challengeNumber(challenge));
-
+        addPreviousAndNextChallenge(model, challenge);
+        model.addAttribute("explanationfile", challenge.getExplanationFileIdentifier());
+        model.addAttribute("environment", k8sEnvironment);
         includeScoringStatus(model, challenge);
         addWarning(challenge, model);
 
         return "challenge";
     }
 
+    private void addPreviousAndNextChallenge(Model model, Challenge challenge) {
+        if (challengeNumber(challenge) > 1) {
+            model.addAttribute("previouschallenge", challengeNumber(challenge) - 1);
+        }
+        if (challengeNumber(challenge) < challenges.size()) {
+            model.addAttribute("nextchallenge", challengeNumber(challenge) + 1);
+        }
+    }
+
     @PostMapping("/challenge/{id}")
     public String postController(@ModelAttribute ChallengeForm challengeForm, Model model, @PathVariable String id) {
         var challenge = findChallenge(id);
         model.addAttribute("challengeNumber", challengeNumber(challenge));
-
+        model.addAttribute("explanationfile", challenge.getExplanationFileIdentifier());
+        model.addAttribute("environment", k8sEnvironment);
         if (challenge.solved(challengeForm.solution())) {
             model.addAttribute("answerCorrect", "Your answer is correct!");
         } else {
@@ -77,6 +94,7 @@ public String postController(@ModelAttribute ChallengeForm challengeForm, Model
         }
         includeScoringStatus(model, challenge);
         addWarning(challenge, model);
+        addPreviousAndNextChallenge(model, challenge);
         return "challenge";
     }
 
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/Challenge.java b/src/main/java/org/owasp/wrongsecrets/challenges/Challenge.java
index 603375b867..9693079a6b 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/Challenge.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/Challenge.java
@@ -13,6 +13,10 @@ public abstract class Challenge {
 
     public abstract Spoiler spoiler();
 
+    public String getExplanationFileIdentifier() {
+        return this.getClass().getAnnotation(ChallengeNumber.class).value();
+    }
+
     public boolean solved(String answer) {
         var correctAnswer = answerCorrect(answer);
         if (correctAnswer) {
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/IndexController.java b/src/main/java/org/owasp/wrongsecrets/challenges/IndexController.java
index c35e7a4257..4a40131042 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/IndexController.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/IndexController.java
@@ -23,8 +23,16 @@ public class IndexController {
 
     @GetMapping("/")
     public String index(Model model) {
+        linkDisableInstruction(model);
         model.addAttribute("version", version);
         model.addAttribute("environment", k8sEnvironment);
+        return "index";
+    }
+
+    /**
+     * Added the cloud, vault, and k8s variables in the model in order ot highlight the challenges which are functional and which are not.
+     */
+    private void linkDisableInstruction(Model model) {
         if ("gcp".equals(k8sEnvironment) || "aws".equals(k8sEnvironment)) {
             model.addAttribute("cloud", "enabled");
         }
@@ -34,6 +42,5 @@ public String index(Model model) {
         if (k8sEnvironment.contains("k8s") || "gcp".equals(k8sEnvironment) || "aws".equals(k8sEnvironment)) {
             model.addAttribute("k8s", "enabled");
         }
-        return "index";
     }
 }
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge10.java b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge10.java
index 0916c9494b..d3632bfb80 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge10.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge10.java
@@ -37,6 +37,14 @@ public Spoiler spoiler() {
         return new Spoiler(challengeAnswer);
     }
 
+    @Override
+    public String getExplanationFileIdentifier() {
+        if ("gcp".equals(k8sEnvironment)) {
+            return "10-gcp";
+        }
+        return "10";
+    }
+
     @Override
     public boolean answerCorrect(String answer) {
         return challengeAnswer.equals(answer);
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
index 83f10fb087..806898de8c 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
@@ -1,6 +1,7 @@
 package org.owasp.wrongsecrets.challenges.cloud;
 
 
+import com.google.api.gax.rpc.ApiException;
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
@@ -20,6 +21,11 @@
 import software.amazon.awssdk.services.sts.model.AssumeRoleWithWebIdentityResponse;
 import software.amazon.awssdk.services.sts.model.StsException;
 
+import com.google.cloud.secretmanager.v1.AccessSecretVersionResponse;
+import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
+import com.google.cloud.secretmanager.v1.SecretVersionName;
+
+
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
@@ -33,22 +39,28 @@ public class Challenge11 extends Challenge {
     private final String awsRegion;
     private final String tokenFileLocation;
     private final String awsDefaultValue;
+    private final String gcpDefaultValue;
     private final String challengeAnswer;
     private final String k8sEnvironment;
+    private final String projectId;
 
     public Challenge11(ScoreCard scoreCard,
                        @Value("${AWS_ROLE_ARN}") String awsRoleArn,
                        @Value("${AWS_WEB_IDENTITY_TOKEN_FILE}") String tokenFileLocation,
                        @Value("${AWS_REGION}") String awsRegion,
+                       @Value("${default_gcp_value}") String gcpDefaultValue,
                        @Value("${default_aws_value}") String awsDefaultValue,
+                       @Value("${GCP_PROJECT_ID}") String projectId,
                        @Value("${K8S_ENV}") String k8sEnvironment) {
         super(scoreCard, ChallengeEnvironment.CLOUD);
         this.awsRoleArn = awsRoleArn;
         this.tokenFileLocation = tokenFileLocation;
         this.awsRegion = awsRegion;
         this.awsDefaultValue = awsDefaultValue;
-        this.challengeAnswer = getAWSChallenge11Value();
+        this.gcpDefaultValue = gcpDefaultValue;
         this.k8sEnvironment = k8sEnvironment;
+        this.projectId = projectId;
+        this.challengeAnswer = k8sEnvironment.equals("aws") ? getAWSChallenge11Value() : getGCPChallenge11Value();
     }
 
     @Override
@@ -56,6 +68,14 @@ public Spoiler spoiler() {
         return new Spoiler(challengeAnswer);
     }
 
+    @Override
+    public String getExplanationFileIdentifier() {
+        if ("gcp".equals(k8sEnvironment)) {
+            return "11-gcp";
+        }
+        return "11";
+    }
+
     @Override
     public boolean answerCorrect(String answer) {
         return challengeAnswer.equals(answer);
@@ -67,7 +87,7 @@ public boolean environmentSupported() {
     }
 
     private String getAWSChallenge11Value() {
-        log.info("Getting credentials");
+        log.info("Getting credentials from AWS");
         if (!"if_you_see_this_please_use_AWS_Setup".equals(awsRoleArn)) {
 
             try { //based on https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/sts/src/main/java/com/example/sts
@@ -108,4 +128,23 @@ private String getAWSChallenge11Value() {
         }
         return awsDefaultValue;
     }
+
+    private String getGCPChallenge11Value() {
+        log.info("Getting credentials from GCP");
+        if ("gcp".equals(k8sEnvironment)) {
+            // Based on https://cloud.google.com/secret-manager/docs/reference/libraries
+            try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
+                log.info("Fetching secret form Google Secret Manager...");
+                SecretVersionName secretVersionName = SecretVersionName.of(projectId, "wrongsecret-3", "latest");
+                AccessSecretVersionResponse response = client.accessSecretVersion(secretVersionName);
+                String payload = response.getPayload().getData().toStringUtf8();
+                return payload;
+            } catch (ApiException e) {
+                log.error("Exception getting secret", e);
+            } catch (IOException e) {
+                log.error("Could not get the web identity token, due to ", e);
+            }
+        }
+        return gcpDefaultValue;
+    }
 }
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge9.java b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge9.java
index 1bcdb6cb51..102c16984d 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge9.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge9.java
@@ -37,6 +37,14 @@ public Spoiler spoiler() {
         return new Spoiler(challengeAnswer);
     }
 
+    @Override
+    public String getExplanationFileIdentifier() {
+        if ("gcp".equals(k8sEnvironment)) {
+            return "9-gcp";
+        }
+        return "9";
+    }
+
     @Override
     public boolean answerCorrect(String answer) {
         return challengeAnswer.equals(answer);
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8c322a6173..32d9c2d404 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -6,10 +6,12 @@ ARG_BASED_PASSWORD=if_you_see_this_please_use_docker_instead
 DOCKER_ENV_PASSWORD=if_you_see_this_please_use_docker_instead
 vaultpassword=if_you_see_this_please_use_K8S_and_Vault
 default_aws_value=if_you_see_this_please_use_AWS_Setup
+default_gcp_value=if_you_see_this_please_use_GCP_Setup
 AWS_ROLE_ARN=if_you_see_this_please_use_AWS_Setup
 AWS_WEB_IDENTITY_TOKEN_FILE=if_you_see_this_please_use_AWS_Setup
 secretmountpath=/mnt/secrets-store
 AWS_REGION=if_you_see_this_please_use_AWS_Setup
+GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup
 K8S_ENV=Docker
 APP_VERSION=@project.version@
 logging.level.root=INFO
@@ -41,13 +43,3 @@ spring.cloud.vault.token=00000000-0000-0000-0000-000000000000
 spring.config.activate.on-profile=without-vault
 wrongsecretvalue=wrongsecret
 spring.cloud.vault.enabled=false
-
-
-
-
-
-
-
-
-
-
diff --git a/src/main/resources/templates/challenge.html b/src/main/resources/templates/challenge.html
index 8a72376915..70dbda378c 100644
--- a/src/main/resources/templates/challenge.html
+++ b/src/main/resources/templates/challenge.html
@@ -54,13 +54,8 @@
 <div class="container">
     <h1 class="mt-3" th:text="'Challenge '+${challengeNumber}"/>
     <p th:text="'Welcome to challenge ' + ${challengeNumber} + '. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.'"></p>
-    <div th:if="${ environment =='gcp'} and ${ challengeNumber  &gt; 8} "
-         class="explanation">
-        <div th:replace="doc:challenge__${challengeNumber}+'-gcp'__.adoc"></div>
-    </div>
-    <div th:if="${ environment !='gcp'} or ${ challengeNumber  &lt; 9}"
-         class="explanation">
-        <div th:replace="doc:challenge__${challengeNumber}__.adoc"></div>
+    <div class="explanation">
+        <div th:replace="doc:challenge__${explanationfile}__.adoc"></div>
     </div>
     <div th:text="${challengeCompletedAlready}"></div>
     <div class="feedback alert alert-success" role="alert" th:if="${answerCorrect!=null}"
@@ -74,7 +69,18 @@ <h1 class="mt-3" th:text="'Challenge '+${challengeNumber}"/>
     </form>
 
     There are 11 challenges (/challenge/1-11), can you solve them all? <br/>
-    Go back to <a href="/">the main page</a>.
+    <div class="row">
+        <div th:if="${previouschallenge!=null}" class="col-4">
+            <a th:href="'/challenge/'+${previouschallenge}">Previous</a>
+        </div>
+        <div class="col-4">
+            <a href="/">Go the main page</a>
+        </div>
+        <div th:if="${nextchallenge!=null}" class="col-4">
+            <a th:href="'/challenge/'+${nextchallenge}">Next</a>
+        </div>
+    </div>
+
 
     <div class="progress">
         <div class="progress-bar" role="progressbar" th:style="'width:'+${progress}+'%;'"
diff --git a/src/test/java/org/owasp/wrongsecrets/IndexControllerTest.java b/src/test/java/org/owasp/wrongsecrets/IndexControllerTest.java
new file mode 100644
index 0000000000..dadcca1aff
--- /dev/null
+++ b/src/test/java/org/owasp/wrongsecrets/IndexControllerTest.java
@@ -0,0 +1,62 @@
+package org.owasp.wrongsecrets;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.vault.core.VaultTemplate;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ExtendWith({SpringExtension.class})
+@ActiveProfiles("test")
+@AutoConfigureWebTestClient
+public class IndexControllerTest {
+
+    @Autowired
+    private WebApplicationContext webApplicationContext;
+    private MockMvc mockMvc;
+    @MockBean
+    VaultTemplate vaultTemplate;
+    @Value("${password}")
+    private String hardcodedPassword;
+    @Value("${ARG_BASED_PASSWORD}")
+    private String argBasedPassword;
+    @Value("${DOCKER_ENV_PASSWORD}")
+    String hardcodedEnvPassword;
+
+    @Value("${default_aws_value}")
+    String tempAWSfiller;
+
+    @Value("${secretmountpath}")
+    String tempMountPath;
+
+    @BeforeEach
+    public void setup() {
+        this.mockMvc = MockMvcBuilders.webAppContextSetup(this.webApplicationContext).build();
+    }
+
+    @Test
+    void testIndexModel() throws Exception {
+        this.mockMvc.perform(MockMvcRequestBuilders.get("/"))
+                .andDo(print())
+                .andExpect(MockMvcResultMatchers.status().isOk())
+                .andExpect(MockMvcResultMatchers.content().string(CoreMatchers.containsString("<a href=\"challenge/4\">Challenge 4 (requires Docker)</a><br/>")))
+                .andExpect(MockMvcResultMatchers.content().string(CoreMatchers.containsString("<a href=\"challenge/5\" class=\"disabled\">Challenge 5 (requires")));
+    }
+
+
+}
diff --git a/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java b/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java
index 854a253641..35541895ed 100644
--- a/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java
+++ b/src/test/java/org/owasp/wrongsecrets/SecretLeakageControllerTest.java
@@ -4,19 +4,14 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.owasp.wrongsecrets.challenges.cloud.Challenge10;
-import org.owasp.wrongsecrets.challenges.cloud.Challenge9;
 import org.owasp.wrongsecrets.challenges.docker.Constants;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.test.context.support.TestPropertySourceUtils;
-import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
@@ -24,10 +19,6 @@
 import org.springframework.vault.core.VaultTemplate;
 import org.springframework.web.context.WebApplicationContext;
 
-import java.io.File;
-import java.nio.file.Files;
-import java.nio.file.StandardOpenOption;
-
 import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties
index 9e731c204f..5394029366 100644
--- a/src/test/resources/application.properties
+++ b/src/test/resources/application.properties
@@ -8,9 +8,11 @@ DOCKER_ENV_PASSWORD= if_you_see_this_please_use_docker_instead
 vaultpassword = if_you_see_this_please_use_K8S_and_Vault
 vaultpassword.password = if_you_see_this_please_use_K8S_and_Vault
 default_aws_value = if_you_see_this_please_use_AWS_Setup
+default_gcp_value = if_you_see_this_please_use_GCP_Setup
 AWS_REGION=if_you_see_this_please_use_AWS_Setup
 AWS_ROLE_ARN= if_you_see_this_please_use_AWS_Setup
 AWS_WEB_IDENTITY_TOKEN_FILE= if_you_see_this_please_use_AWS_Setup
+GCP_PROJECT_ID= if_you_see_this_please_use_GCP_Setup
 secretmountpath = ${java.io.tmpdir}
 wrongsecretvalue = wrongsecret
 APP_VERSION=0.0.0