diff --git a/.circleci/config.yml b/.circleci/config.yml
index 8e8c060..6c56c5b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,7 +1,7 @@
 version: 2.1
 
 orbs:
-  architect: giantswarm/architect@2.11.0
+  architect: giantswarm/architect@4.1.0
 
 workflows:
   version: 2
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index efe71b6..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-# DO NOT EDIT. Generated with:
-#
-#    devctl@4.6.1
-#
-version: 2
-updates:
-  - package-ecosystem: docker
-    directory: "/"
-    schedule:
-      interval: weekly
-      time: "04:00"
-    open-pull-requests-limit: 10
-    reviewers:
-      - giantswarm/team-firecracker-engineers
-  - package-ecosystem: github-actions
-    directory: "/"
-    schedule:
-      interval: weekly
-      time: "04:00"
-    open-pull-requests-limit: 10
-    reviewers:
-      - giantswarm/team-firecracker-engineers
-    ignore:
-      - dependency-name: zricethezav/gitleaks-action
-  - package-ecosystem: gomod
-    directory: "/"
-    schedule:
-      interval: weekly
-      time: "04:00"
-    open-pull-requests-limit: 10
-    reviewers:
-      - giantswarm/team-firecracker-engineers
-    ignore:
-      - dependency-name: k8s.io/*
-        versions:
-          - ">=0.19.0"
diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml
index 8f6ad15..60fa031 100644
--- a/.github/workflows/zz_generated.create_release.yaml
+++ b/.github/workflows/zz_generated.create_release.yaml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.6.1
+#    devctl@4.9.2
 #
 name: Create Release
 on:
diff --git a/.github/workflows/zz_generated.create_release_pr.yaml b/.github/workflows/zz_generated.create_release_pr.yaml
index 178ae3f..e3b6bb1 100644
--- a/.github/workflows/zz_generated.create_release_pr.yaml
+++ b/.github/workflows/zz_generated.create_release_pr.yaml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.6.1
+#    devctl@4.9.2
 #
 name: Create Release PR
 on:
diff --git a/.github/workflows/zz_generated.gitleaks.yaml b/.github/workflows/zz_generated.gitleaks.yaml
index d883344..08f8568 100644
--- a/.github/workflows/zz_generated.gitleaks.yaml
+++ b/.github/workflows/zz_generated.gitleaks.yaml
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.6.1
+#    devctl@4.9.2
 #
 name: gitleaks
 
diff --git a/.nancy-ignore b/.nancy-ignore
index 9a518a5..96282c9 100644
--- a/.nancy-ignore
+++ b/.nancy-ignore
@@ -1,6 +1,3 @@
 # Affects all versions of archiver which is required by vault.
 # Taken from: https://github.com/giantswarm/opsctl/pull/1072/files#diff-bbe4a7fb12c43622bce7c6840c770e9995be614626a219942ca138403629cb69R1
 CVE-2019-10743 until=2021-10-17
-
-# [CVE-2020-26160] jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrict...
-CVE-2020-26160 until=2021-07-01
diff --git a/Makefile b/Makefile
index 830821f..2d47b61 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.6.1
+#    devctl@4.9.2
 #
 
 include Makefile.*.mk
diff --git a/Makefile.gen.app.mk b/Makefile.gen.app.mk
index 20eb97e..01fcb95 100644
--- a/Makefile.gen.app.mk
+++ b/Makefile.gen.app.mk
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.6.1
+#    devctl@4.9.2
 #
 
 ##@ App
diff --git a/Makefile.gen.go.mk b/Makefile.gen.go.mk
index 4e85672..de35b30 100644
--- a/Makefile.gen.go.mk
+++ b/Makefile.gen.go.mk
@@ -1,6 +1,6 @@
 # DO NOT EDIT. Generated with:
 #
-#    devctl@4.6.1
+#    devctl@4.9.2
 #
 
 APPLICATION    := $(shell go list -m | cut -d '/' -f 3)
diff --git a/renovate.json b/renovate.json
new file mode 100644
index 0000000..58c5d67
--- /dev/null
+++ b/renovate.json
@@ -0,0 +1,39 @@
+{
+  "extends": [
+    "config:base",
+    ":reviewer(team:giantswarm/team-firecracker-engineers)"
+  ],
+  "packageRules": [
+    {
+      "matchPackagePatterns": [".*giantswarm.*"],
+      "groupName": "giantswarm modules"
+    },
+    {
+      "matchPackagePatterns": ["^k8s.io", "^sigs.k8s.io"],
+      "groupName": "k8s modules"
+    },
+    {
+      "excludePackagePatterns": [".*giantswarm.*" ,"^k8s.io", "^sigs.k8s.io"],
+      "groupName": "etc modules"
+    },
+    {
+      "matchPackagePatterns": ["^k8s.io"],
+      "allowedVersions": "< 0.21.0"
+    },
+    {
+      "matchPackageNames": ["sigs.k8s.io/controller-runtime"],
+      "allowedVersions": "< 0.7.0"
+    }
+  ],
+  "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths"],
+  "dependencyDashboard": true,
+  "ignorePaths": [
+    ".github/workflows/zz_generated.*",
+    ".github/workflows/codeql-analysis.yml"
+  ],
+  "ignoreDeps": [
+    "architect",
+    "zricethezav/gitleaks-action"
+  ],
+  "schedule": [ "after 9am on thursday" ]
+}