diff --git a/Makefile b/Makefile
index 49fc1319..54aa171e 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,7 @@ build:
 	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
 	make -C packages/system/kamaji image
+	make -C packages/system/bucket image
 	make -C packages/core/testing image
 	make -C packages/core/installer image
 	make manifests
diff --git a/packages/apps/bucket/templates/dashboard-resourcemap.yaml b/packages/apps/bucket/templates/dashboard-resourcemap.yaml
index 560d0d29..574af0cb 100644
--- a/packages/apps/bucket/templates/dashboard-resourcemap.yaml
+++ b/packages/apps/bucket/templates/dashboard-resourcemap.yaml
@@ -9,4 +9,12 @@ rules:
   - secrets
   resourceNames:
   - {{ .Release.Name }}
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  resourceNames:
+  - {{ .Release.Name }}-ui
   verbs: ["get", "list", "watch"]
diff --git a/packages/apps/bucket/templates/helmrelease.yaml b/packages/apps/bucket/templates/helmrelease.yaml
new file mode 100644
index 00000000..ac014e03
--- /dev/null
+++ b/packages/apps/bucket/templates/helmrelease.yaml
@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-system
+spec:
+  chart:
+    spec:
+      chart: cozy-bucket
+      reconcileStrategy: Revision
+      sourceRef:
+        kind: HelmRepository
+        name: cozystack-system
+        namespace: cozy-system
+      version: '*'
+  interval: 1m0s
+  timeout: 5m0s
+  values:
+    bucketName: {{ .Release.Name }}
diff --git a/packages/system/bucket/.helmignore b/packages/system/bucket/.helmignore
new file mode 100644
index 00000000..988ec8c8
--- /dev/null
+++ b/packages/system/bucket/.helmignore
@@ -0,0 +1,2 @@
+hack
+.gitkeep
diff --git a/packages/system/bucket/Chart.yaml b/packages/system/bucket/Chart.yaml
new file mode 100644
index 00000000..d520027f
--- /dev/null
+++ b/packages/system/bucket/Chart.yaml
@@ -0,0 +1,3 @@
+apiVersion: v2
+name: cozy-bucket
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
diff --git a/packages/system/bucket/Makefile b/packages/system/bucket/Makefile
new file mode 100644
index 00000000..98f49ec6
--- /dev/null
+++ b/packages/system/bucket/Makefile
@@ -0,0 +1,25 @@
+S3MANAGER_TAG=v0.5.0
+
+export NAME=s3manager-system
+
+include ../../../scripts/common-envs.mk
+include ../../../scripts/package.mk
+
+update:
+	rm -rf charts
+	helm pull oci://ghcr.io/aenix-io/charts/etcd-operator --untar --untardir charts
+
+image: image-s3manager
+
+image-s3manager:
+	docker buildx build --platform linux/amd64 --build-arg ARCH=amd64 images/s3manager \
+		--provenance false \
+		--tag $(REGISTRY)/s3manager:$(call settag,$(S3MANAGER_TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/s3manager:latest \
+		--cache-to type=inline \
+		--metadata-file images/s3manager.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/s3manager:$(call settag,$(S3MANAGER_TAG))@$$(yq e '."containerimage.digest"' images/s3manager.json -o json -r)" \
+		> images/s3manager.tag
+	rm -f images/s3manager.json
diff --git a/packages/system/bucket/images/s3manager.tag b/packages/system/bucket/images/s3manager.tag
new file mode 100644
index 00000000..d86bf0c8
--- /dev/null
+++ b/packages/system/bucket/images/s3manager.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/s3manager:latest@sha256:7a1a0864f823dc3343d79dffa44ab73f77f0e1b3642a0fe0fa29b280c3184a9b
diff --git a/packages/system/bucket/images/s3manager/Dockerfile b/packages/system/bucket/images/s3manager/Dockerfile
new file mode 100644
index 00000000..de59229a
--- /dev/null
+++ b/packages/system/bucket/images/s3manager/Dockerfile
@@ -0,0 +1,20 @@
+# Source: https://github.com/cloudlena/s3manager/blob/main/Dockerfile
+
+FROM docker.io/library/golang:1 AS builder
+WORKDIR /usr/src/app
+RUN wget -O- https://github.com/cloudlena/s3manager/archive/9a7c8e446b422f8973b8c461990f39fdafee9c27.tar.gz | tar -xzf- --strip 1
+ADD cozystack.patch /
+RUN git apply /cozystack.patch
+RUN CGO_ENABLED=0 go build -ldflags="-s -w" -a -installsuffix cgo -o bin/s3manager
+
+FROM docker.io/library/alpine:latest
+WORKDIR /usr/src/app
+RUN addgroup -S s3manager && adduser -S s3manager -G s3manager
+RUN apk add --no-cache \
+  ca-certificates \
+  dumb-init
+COPY --from=builder --chown=s3manager:s3manager /usr/src/app/bin/s3manager ./
+USER s3manager
+EXPOSE 8080
+ENTRYPOINT [ "/usr/bin/dumb-init", "--" ]
+CMD [ "/usr/src/app/s3manager" ]
diff --git a/packages/system/bucket/images/s3manager/cozystack.patch b/packages/system/bucket/images/s3manager/cozystack.patch
new file mode 100644
index 00000000..f631b144
--- /dev/null
+++ b/packages/system/bucket/images/s3manager/cozystack.patch
@@ -0,0 +1,26 @@
+diff --git a/web/template/bucket.html.tmpl b/web/template/bucket.html.tmpl
+index e2f8d28..87add13 100644
+--- a/web/template/bucket.html.tmpl
++++ b/web/template/bucket.html.tmpl
+@@ -13,7 +13,7 @@
+ 
+ <nav class="nav-extended">
+     <div class="nav-wrapper container">
+-        <a href="/buckets/{{$.BucketName}}" class="brand-logo center"><i class="material-icons">folder_open</i>{{ .BucketName }}</a>
++        <a href="/" class="brand-logo">Cozystack S3 Manager</a>
+         {{ if not .Objects }}
+         <ul class="right">
+             <li>
+diff --git a/web/template/buckets.html.tmpl b/web/template/buckets.html.tmpl
+index c7ea184..fb1dce7 100644
+--- a/web/template/buckets.html.tmpl
++++ b/web/template/buckets.html.tmpl
+@@ -1,7 +1,7 @@
+ {{ define "content" }}
+ <nav>
+     <div class="nav-wrapper container">
+-        <a href="/" class="brand-logo">S3 Manager</a>
++        <a href="/" class="brand-logo">Cozystack S3 Manager</a>
+     </div>
+ </nav>
+ 
diff --git a/packages/system/bucket/templates/deployment.yaml b/packages/system/bucket/templates/deployment.yaml
new file mode 100644
index 00000000..7e115de0
--- /dev/null
+++ b/packages/system/bucket/templates/deployment.yaml
@@ -0,0 +1,35 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.bucketName }}-ui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .Values.bucketName }}-ui
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.bucketName }}-ui
+    spec:
+      containers:
+      - name: s3manager
+        image: "{{ $.Files.Get "images/s3manager.tag" | trim }}"
+        env:
+        - name: ENDPOINT
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bucketName }}-credentials
+              key: endpoint
+        - name: SKIP_SSL_VERIFICATION
+          value: "true"
+        - name: ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bucketName }}-credentials
+              key: accessKey
+        - name: SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bucketName }}-credentials
+              key: secretKey
diff --git a/packages/system/bucket/templates/ingress.yaml b/packages/system/bucket/templates/ingress.yaml
new file mode 100644
index 00000000..759ce397
--- /dev/null
+++ b/packages/system/bucket/templates/ingress.yaml
@@ -0,0 +1,28 @@
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.bucketName }}-ui
+  annotations:
+    nginx.ingress.kubernetes.io/auth-type: "basic"
+    nginx.ingress.kubernetes.io/auth-secret: "{{ .Values.bucketName }}-ui-auth"
+    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "99999"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "99999"
+spec:
+  ingressClassName: {{ $ingress }}
+  rules:
+  - host: {{ .Values.bucketName }}.{{ $host }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ .Values.bucketName }}-ui
+            port:
+              number: 8080
diff --git a/packages/system/bucket/templates/secret.yaml b/packages/system/bucket/templates/secret.yaml
new file mode 100644
index 00000000..9c5442ce
--- /dev/null
+++ b/packages/system/bucket/templates/secret.yaml
@@ -0,0 +1,22 @@
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace .Values.bucketName }}
+{{- $bucketInfo := fromJson (b64dec (index $existingSecret.data "BucketInfo")) }}
+{{- $accessKeyID := index $bucketInfo.spec.secretS3 "accessKeyID" }}
+{{- $accessSecretKey := index $bucketInfo.spec.secretS3 "accessSecretKey" }}
+{{- $endpoint := index $bucketInfo.spec.secretS3 "endpoint" }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.bucketName }}-credentials
+type: Opaque
+stringData:
+  accessKey: {{ $accessKeyID | quote }}
+  secretKey: {{ $accessSecretKey | quote }}
+  endpoint: {{ trimPrefix "https://" $endpoint }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.bucketName }}-ui-auth
+data:
+  auth: {{ htpasswd $accessKeyID $accessSecretKey | b64enc | quote }}
diff --git a/packages/system/bucket/templates/service.yaml b/packages/system/bucket/templates/service.yaml
new file mode 100644
index 00000000..dc9c67b2
--- /dev/null
+++ b/packages/system/bucket/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.bucketName }}-ui
+spec:
+  selector:
+    app: {{ .Values.bucketName }}-ui
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  type: ClusterIP
diff --git a/packages/system/bucket/values.yaml b/packages/system/bucket/values.yaml
new file mode 100644
index 00000000..4b57a59c
--- /dev/null
+++ b/packages/system/bucket/values.yaml
@@ -0,0 +1 @@
+bucketName: ""