diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
deleted file mode 100644
index 081a5ba3..00000000
--- a/.github/workflows/ansible-lint.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Ansible Lint # feel free to pick your own name
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-      # Important: This sets up your GITHUB_WORKSPACE environment variable
-      - uses: actions/checkout@v6
-
-      - name: Lint Ansible Playbook
-        uses: ansible/ansible-lint@v26
-        # Let's point it to the path
-        with:
-          args: "-c .ansible-lint ansible/"
diff --git a/Changes.md b/Changes.md
index 08cfaad0..8344a7d9 100644
--- a/Changes.md
+++ b/Changes.md
@@ -83,3 +83,10 @@
 ## Further Changes for v2.0 (February 25, 2026)
 
 * Pin utility-container version to v1.0.2 to workaround issue with loading AAP config
+
+## Changes for v2.1 (April 2026)
+
+* Switch to openshift productized (supported) external secrets operator
+* Use AAP 2.6
+* Unpin utility container
+* Update to 0.4.* of edge-gitops-vms
diff --git a/Makefile b/Makefile
index be8aa3ed..b00d512f 100644
--- a/Makefile
+++ b/Makefile
@@ -1 +1,6 @@
 include Makefile-common
+
+##@ Pattern Install Helper Tasks
+.PHONY: ansible-get-credentials
+ansible-get-credentials: ## Retrieve AAP credentials from running instance
+	@$(ANSIBLE_RUN) rhvp.cluster_utils.aap_get_admin_credentials
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
deleted file mode 100644
index c8bec627..00000000
--- a/ansible/ansible.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-[defaults]
-display_skipped_hosts=False
-localhost_warning=False
-roles_path=./roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
diff --git a/ansible/ansible_get_credentials.yml b/ansible/ansible_get_credentials.yml
deleted file mode 100644
index b9ca2716..00000000
--- a/ansible/ansible_get_credentials.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- name: Retrieve Credentials for AAP on OpenShift
-  become: false
-  connection: local
-  hosts: localhost
-  gather_facts: false
-  vars:
-    kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}"
-  tasks:
-    - name: Retrieve API hostname for AAP
-      kubernetes.core.k8s_info:
-        api_version: route.openshift.io/v1
-        kind: Route
-        namespace: ansible-automation-platform
-        name: aap
-      register: aap_host
-      until: aap_host.resources | length == 1
-      retries: 20
-      delay: 5
-
-    - name: Set ansible_host
-      ansible.builtin.set_fact:
-        ansible_host: "{{ aap_host.resources[0].spec.host }}"
-
-    - name: Retrieve admin password for AAP
-      kubernetes.core.k8s_info:
-        kind: Secret
-        namespace: ansible-automation-platform
-        name: aap-admin-password
-      register: admin_pw
-      until: admin_pw.resources | length == 1
-      retries: 20
-      delay: 5
-
-    - name: Set admin_password fact
-      ansible.builtin.set_fact:
-        admin_password: "{{ admin_pw.resources[0].data.password | b64decode }}"
-
-    - name: Report AAP Endpoint
-      ansible.builtin.debug:
-        msg: "AAP Endpoint: https://{{ ansible_host }}"
-
-    - name: Report AAP User
-      ansible.builtin.debug:
-        msg: "AAP Admin User: admin"
-
-    - name: Report AAP Admin Password
-      ansible.builtin.debug:
-        msg: "AAP Admin Password: {{ admin_password }}"
diff --git a/scripts/ansible_get_credentials.sh b/scripts/ansible_get_credentials.sh
index 8d775af2..1d615856 100755
--- a/scripts/ansible_get_credentials.sh
+++ b/scripts/ansible_get_credentials.sh
@@ -1,4 +1,3 @@
-#!/usr/bin/env ansible-playbook
----
-- name: Retrieve AAP credentials
-  ansible.builtin.import_playbook: ../ansible/ansible_get_credentials.yml
+#!/usr/bin/env bash
+
+ansible-playbook rhvp.cluster_utils.aap_get_admin_credentials
diff --git a/values-hub.yaml b/values-hub.yaml
index 8e970949..e70cd648 100644
--- a/values-hub.yaml
+++ b/values-hub.yaml
@@ -1,22 +1,26 @@
+---
 clusterGroup:
   name: hub
-  isHubCluster: true
   namespaces:
-    - ansible-edge-gitops
-    - vault
-    - golang-external-secrets
-    - ansible-automation-platform
-    - openshift-cnv
-    - openshift-storage
-    - edge-gitops-vms
-    - aap-config
-  projects:
-    - hub
+    vault:
+    external-secrets-operator:
+      operatorGroup: true
+      targetNamespaces: []
+    external-secrets:
+    ansible-automation-platform:
+    openshift-cnv:
+    openshift-storage:
+    edge-gitops-vms:
+    aap-config:
   subscriptions:
     aap-operator:
       name: ansible-automation-platform-operator
       namespace: ansible-automation-platform
-      channel: stable-2.5
+      channel: stable-2.6
+    eso:
+      name: openshift-external-secrets-operator
+      namespace: external-secrets-operator
+      channel: stable-v1
     openshift-data-foundation:
       name: odf-operator
       namespace: openshift-storage
@@ -28,38 +32,30 @@ clusterGroup:
     aap:
       name: ansible-automation-platform
       namespace: ansible-automation-platform
-      project: hub
       chart: ansible-automation-platform-instance
       chartVersion: 0.1.*
     aap-config:
       name: aap-config
       namespace: aap-config
-      project: hub
       chart: aap-config
-      chartVersion: 0.1.*
+      chartVersion: 0.2.*
       extraValueFiles:
         - $patternref/overrides/values-aap-config-aeg.yaml
-      overrides:
-        - name: configJob.image
-          value: quay.io/validatedpatterns/utility-container:v1.0.2
     edge-gitops-vms:
       name: edge-gitops-vms
       namespace: edge-gitops-vms
-      project: hub
       chart: edge-gitops-vms
-      chartVersion: 0.2.*
+      chartVersion: 0.4.*
       extraValueFiles:
         - $patternref/overrides/values-egv-vms.yaml
-    golang-external-secrets:
-      name: golang-external-secrets
-      namespace: golang-external-secrets
-      project: hub
-      chart: golang-external-secrets
-      chartVersion: 0.1.*
+    openshift-external-secrets:
+      name: openshift-external-secrets
+      namespace: external-secrets
+      chart: openshift-external-secrets
+      chartVersion: 0.0.*
     odf:
       name: odf
       namespace: openshift-storage
-      project: hub
       chart: openshift-data-foundations
       chartVersion: 0.2.*
       extraValueFiles:
@@ -67,7 +63,6 @@ clusterGroup:
     ensure-openshift-console-plugins:
       name: ensure-openshift-console-plugins
       namespace: openshift-console
-      project: hub
       chart: ensure-openshift-console-plugins
       chartVersion: 0.1.*
       extraValueFiles:
@@ -75,13 +70,11 @@ clusterGroup:
     openshift-cnv:
       name: openshift-cnv
       namespace: openshift-cnv
-      project: hub
       chart: openshift-virtualization-instance
       chartVersion: 0.1.*
     vault:
       name: vault
       namespace: vault
-      project: hub
       chart: hashicorp-vault
       chartVersion: 0.1.*
   imperative: {}