diff --git a/roles/configure_ztp_gitops_apps/tasks/main.yaml b/roles/configure_ztp_gitops_apps/tasks/main.yaml
index a6873760b..83c56899d 100644
--- a/roles/configure_ztp_gitops_apps/tasks/main.yaml
+++ b/roles/configure_ztp_gitops_apps/tasks/main.yaml
@@ -101,13 +101,15 @@
         replace: "{{ czga_policies_namespace }}"
 
     - name: Add namespace to the policies-app-project.yaml
-      ansible.builtin.lineinfile:
+      ansible.builtin.blockinfile:
         path: "{{ temp_dir.path }}/ztp/argocd/deployment/policies-app-project.yaml"
-        line: "{{ item }}"
+        block: |
+          {% filter indent(width=2, first=true) %}
+          - namespace: '{{ czga_policies_namespace }}'
+            server: '*'
+          {% endfilter %}
         insertafter: destinations.*
-      loop:
-        - "  - namespace: '{{ czga_policies_namespace }}'"
-        - "    server: '*'"
+        marker: ""
 
     - name: Replace path in policies-app.yaml
       ansible.builtin.replace:
@@ -133,7 +135,6 @@
         line: "      allowEmpty: true"
         insertafter: selfHeal.*
 
-
     ## Add adaptation due to https://issues.redhat.com/browse/CNF-7840
     ## based on https://redhat-internal.slack.com/archives/C02EG99MR9C/p1679006883470389?thread_ts=1678887461.410819&cid=C02EG99MR9C
     - name: Add ClusterImageSet to the app-project.yaml
@@ -174,6 +175,35 @@
           - merge
         definition: "{{ lookup('file', temp_dir.path + '/ztp/argocd/deployment/disable-cluster-proxy-addon.json') | from_json }}"
 
+    # Before launching the SiteConfig, provide the OCP pull secret extracted from the hub cluster
+    # For this, we need to create the cluster namespace in advance
+    - name: Create the Spoke cluster namespace
+      community.kubernetes.k8s:
+        definition:
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: "{{ czga_clusters_namespace }}"
+
+    - name: Save pull-secret in a variable
+      ansible.builtin.slurp:
+        src: "{{ temp_dir.path }}/temp-pull-secret.json"
+      register: _czga_encoded_pull_secret
+      no_log: true
+
+    - name: Create the Spoke cluster pull-secret
+      community.kubernetes.k8s:
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: assisted-deployment-pull-secret
+            namespace: "{{ czga_clusters_namespace }}"
+          type: kubernetes.io/dockerconfigjson
+          data:
+            .dockerconfigjson: "{{ _czga_encoded_pull_secret['content'] }}"
+      no_log: true
+
     - name: Run the policies and cluster apps
       ansible.builtin.shell: |
         {{ czga_oc_tool_path }} --kubeconfig="{{ temp_dir.path }}/kubeconfig" apply -k "{{ temp_dir.path }}/ztp/argocd/deployment"
diff --git a/roles/gitops_configure_repo/tasks/main.yaml b/roles/gitops_configure_repo/tasks/main.yaml
index 7ad0db10b..4978d048c 100644
--- a/roles/gitops_configure_repo/tasks/main.yaml
+++ b/roles/gitops_configure_repo/tasks/main.yaml
@@ -8,7 +8,7 @@
       - gcr_ztp_gitops_repo is defined
       - gcr_ztp_gitops_repo | length > 0
 
-- name: Add Git repository SSH key to argoCD
+- name: Add ssh_known_hosts to ArgoCD
   community.kubernetes.k8s:
     api_version: v1
     kind: ConfigMap
@@ -19,9 +19,11 @@
         app.kubernetes.io/name: argocd-cm
         app.kubernetes.io/part-of: argocd
       data:
-        gcr_ssh_known_hosts: |
+        ssh_known_hosts: |
           {{ gcr_ssh_known_hosts }}
-  when: gcr_ssh_known_hosts is defined
+  when:
+    - gcr_ssh_known_hosts is defined
+    - gcr_ssh_known_hosts | length > 0
   no_log: true
 
 - name: Register key