diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f88dd027e..267b440a4 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -7,6 +7,10 @@ jobs:
     name: Test
     runs-on: ubuntu-20.04
     steps:
+      - name: Init check
+        if: ${{ github.repository != 'AmazeeLabs/silverback-template'}}
+        run: echo 'Please run the INIT script. See the root README.md for instructions.' && false
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
diff --git a/.lagoon.yml b/.lagoon.yml
index b555bfc74..d0c00a649 100644
--- a/.lagoon.yml
+++ b/.lagoon.yml
@@ -23,8 +23,9 @@ tasks:
     - run:
         name: Create Keys for Simple OAuth if necessary
         command: |
-          if [[ ! -f /app/keys/private.key || ! -f /app/keys/public.key ]]; then
-            drush simple-oauth:generate-keys /app/keys
+          if [[ ! -f /app/web/sites/default/files/private/keys/private.key || ! -f /app/web/sites/default/files/private/keys/public.key ]]; then
+            mkdir -p /app/web/sites/default/files/private/keys
+            drush simple-oauth:generate-keys /app/web/sites/default/files/private/keys
           fi
         service: cli
 environments:
diff --git a/README.md b/README.md
index 7d93d92ce..920fc4371 100644
--- a/README.md
+++ b/README.md
@@ -168,53 +168,68 @@ lagoon add variable -p [project name] -e dev -N NETLIFY_SITE_ID -V [netlify site
 ### Publisher authentication with Drupal
 
 Publisher can require to authenticate with Drupal based on OAuth2.
-Only used on Lagoon environments.
-
-#### Drupal configuration
-
-##### Create keys
-
-Per environment, keys are gitignored.
-
-Via Drush
-
-```bash
-drush simple-oauth:generate-keys ./keys
-```
-
-Or via the UI
-
-- Go to `/admin/config/people/simple_oauth`
-- Click on "Generate keys", the directory should be set to `../keys`
-
-##### Create the Publisher Consumer
-
-Per environment, Consumers are content entities.
-
-- Go to `/admin/config/services/consumer`
-- Create a Consumer 
-  - Label: `Publisher`
-  - Client ID: `publisher`
-  - Secret: a random string
-  - Redirect URI: `[publisher-url]/oauth/callback`
-  - Scope: `Publisher`
-- Optional: the default Consumer can be safely deleted
-
-Troubleshoot: make sure that the `DRUPAL_HASH_SALT` environment variable is >= 32 chars.
-
-#### Publisher authentication
-
-Edit [website environment variables](./apps/website/.lagoon.env)
-
-```
-PUBLISHER_SKIP_AUTHENTICATION=false
-PUBLISHER_OAUTH2_CLIENT_SECRET="[secret used in the Drupal Consumer]"
-PUBLISHER_OAUTH2_SESSION_SECRET="[another random string]"
-```
-
-##### Set the 'Access Publisher' permission
-
-Optional: add this permission to relevant roles.
+It is only used on Lagoon environments.
+
+<details>
+  <summary>How it works</summary>
+  
+  #### Drupal configuration
+  
+  ##### Create keys
+  
+  Per environment, keys are gitignored and are auto-generated via a Lagoon post-rollout task.
+  
+  To generate keys manually
+  
+  via Drush: cd in the cms directory then
+  
+  ```bash
+  drush simple-oauth:generate-keys ./keys
+  ```
+  
+  or via the UI
+  
+  - Go to `/admin/config/people/simple_oauth`
+  - Click on "Generate keys", the directory should be set to `../keys`
+  
+  ##### Create the Publisher Consumer
+  
+  Per environment, Consumers are content entities.
+  
+  - Go to `/admin/config/services/consumer`
+    - Create a Consumer
+      - Label: `Publisher`
+      - Client ID: `publisher`
+      - Secret: a random string
+      - Redirect URI: `[publisher-url]/oauth/callback`
+      - Scope: `Publisher`
+    - Optional: the default Consumer can be safely deleted
+  
+  Troubleshooting:
+  - make sure that the `DRUPAL_HASH_SALT` environment variable is >= 32 chars.
+  - if enabled on local development, use `127.0.0.1:8888` for the cms and `127.0.0.1:8000` for Publisher
+  
+  #### Publisher authentication
+  
+  Edit [website environment variables](./apps/website/.lagoon.env)
+  
+  ```
+  PUBLISHER_SKIP_AUTHENTICATION=false
+  PUBLISHER_OAUTH2_CLIENT_SECRET="[secret used in the Drupal Consumer]"
+  PUBLISHER_OAUTH2_SESSION_SECRET="[another random string]"
+  ```
+  
+  ##### Set the 'Access Publisher' permission
+  
+  Optional: add this permission to relevant roles.
+
+</details>
+
+<details>
+  <summary>How to disable it</summary>
+  
+  In website `.lagoon.env` set `PUBLISHER_SKIP_AUTHENTICATION=true`
+</details>
 
 ## Storybook
 
diff --git a/apps/cms/composer.lock b/apps/cms/composer.lock
index dfa241b45..075a263c0 100644
--- a/apps/cms/composer.lock
+++ b/apps/cms/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "9d07ea8f1856520e8afa87e0af9c7fad",
+    "content-hash": "bc473cdb597af1e9aa1f8fb6cc8af83d",
     "packages": [
         {
             "name": "amazeeio/drupal_integrations",
@@ -431,16 +431,16 @@
         },
         {
             "name": "amazeelabs/silverback_gatsby",
-            "version": "2.4.0",
+            "version": "2.4.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/AmazeeLabs/silverback_gatsby.git",
-                "reference": "22f2f98d97a04ddaf1ad74e23dcb298b4f704c8f"
+                "reference": "945760fe3ae821ba793ef2d067256c803f4897c6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/AmazeeLabs/silverback_gatsby/zipball/22f2f98d97a04ddaf1ad74e23dcb298b4f704c8f",
-                "reference": "22f2f98d97a04ddaf1ad74e23dcb298b4f704c8f",
+                "url": "https://api.github.com/repos/AmazeeLabs/silverback_gatsby/zipball/945760fe3ae821ba793ef2d067256c803f4897c6",
+                "reference": "945760fe3ae821ba793ef2d067256c803f4897c6",
                 "shasum": ""
             },
             "type": "drupal-module",
@@ -459,9 +459,9 @@
             "homepage": "https://silverback.netlify.app",
             "support": {
                 "issues": "https://github.com/AmazeeLabs/silverback_gatsby/issues",
-                "source": "https://github.com/AmazeeLabs/silverback_gatsby/tree/2.4.0"
+                "source": "https://github.com/AmazeeLabs/silverback_gatsby/tree/2.4.1"
             },
-            "time": "2023-10-16T18:33:54+00:00"
+            "time": "2023-10-18T12:35:44+00:00"
         },
         {
             "name": "amazeelabs/silverback_graphql_persisted",
diff --git a/apps/cms/config/sync/simple_oauth.settings.yml b/apps/cms/config/sync/simple_oauth.settings.yml
index 81a0d2bd4..b9deb4886 100644
--- a/apps/cms/config/sync/simple_oauth.settings.yml
+++ b/apps/cms/config/sync/simple_oauth.settings.yml
@@ -4,8 +4,8 @@ access_token_expiration: 3600
 authorization_code_expiration: 300
 refresh_token_expiration: 1209600
 token_cron_batch_size: 0
-public_key: ../keys/public.key
-private_key: ../keys/private.key
+public_key: ./sites/default/files/private/keys/public.key
+private_key: ./sites/default/files/private/keys/private.key
 remember_clients: true
 use_implicit: false
 disable_openid_connect: false