diff --git a/.github/workflows/docker-landing-page.yml b/.github/workflows/docker-landing-page.yml
index e8cf3ed3..84d944c6 100644
--- a/.github/workflows/docker-landing-page.yml
+++ b/.github/workflows/docker-landing-page.yml
@@ -1,10 +1,10 @@
-name: Docker landing Page CI
+name: Docker Landing Page CI
 
 on:
   push:
     branches: [ main ]
   pull_request:
-    branches: [ main, osweek23 ]
+    branches: [ main ]
 
 jobs:
 
diff --git a/.github/workflows/docker-operator.yml b/.github/workflows/docker-operator.yml
index 134fa667..5e87e91e 100644
--- a/.github/workflows/docker-operator.yml
+++ b/.github/workflows/docker-operator.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [ main ]
   pull_request:
-    branches: [ main, osweek23 ]
+    branches: [ main ]
 
 jobs:
 
diff --git a/.github/workflows/docker-try-now-page.yml b/.github/workflows/docker-try-now-page.yml
index 41816bf6..566f4070 100644
--- a/.github/workflows/docker-try-now-page.yml
+++ b/.github/workflows/docker-try-now-page.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [ main ]
   pull_request:
-    branches: [ main, osweek23 ]
+    branches: [ main ]
 
 jobs:
 
diff --git a/.github/workflows/docker-wondershaper.yml b/.github/workflows/docker-wondershaper.yml
index 8c4ca64f..3d0be9ed 100644
--- a/.github/workflows/docker-wondershaper.yml
+++ b/.github/workflows/docker-wondershaper.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [ main ]
   pull_request:
-    branches: [ main, osweek23 ]
+    branches: [ main ]
 
 jobs:
 
diff --git a/.github/workflows/service-ci.yml b/.github/workflows/service-ci.yml
index 6874f4f7..4867f362 100644
--- a/.github/workflows/service-ci.yml
+++ b/.github/workflows/service-ci.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [ main ]
   pull_request:
-    branches: [ main, osweek23 ]
+    branches: [ main ]
 
 jobs:
 
diff --git a/doc/docs/Building-Internal.md b/doc/docs/Building-Internal.md
index 46dbbda3..857922bc 100644
--- a/doc/docs/Building-Internal.md
+++ b/doc/docs/Building-Internal.md
@@ -62,7 +62,7 @@ docker build --no-cache -t theiacloud/theia-cloud-operator:latest -f dockerfiles
 docker push theiacloud/theia-cloud-operator:latest
 ```
 
-Build and pish the git-init container:
+Build and push the git-init container:
 
 ```bash
 docker build -t theiacloud/theia-cloud-git-init:latest -f dockerfiles/git-init/Dockerfile .
diff --git a/dockerfiles/git-init/Dockerfile b/dockerfiles/git-init/Dockerfile
index b06345c3..fae57066 100644
--- a/dockerfiles/git-init/Dockerfile
+++ b/dockerfiles/git-init/Dockerfile
@@ -1,7 +1,7 @@
 FROM debian:11-slim
 
 RUN apt update && \
-    apt install python git -y && \
+    apt install python3 git -y && \
     apt clean && \
     mkdir /user && \
     chmod 777 /user && \
diff --git a/java/common/org.eclipse.theia.cloud.common/src/main/java/org/eclipse/theia/cloud/common/k8s/resource/SessionSpec.java b/java/common/org.eclipse.theia.cloud.common/src/main/java/org/eclipse/theia/cloud/common/k8s/resource/SessionSpec.java
index 3d1fe464..439ba524 100644
--- a/java/common/org.eclipse.theia.cloud.common/src/main/java/org/eclipse/theia/cloud/common/k8s/resource/SessionSpec.java
+++ b/java/common/org.eclipse.theia.cloud.common/src/main/java/org/eclipse/theia/cloud/common/k8s/resource/SessionSpec.java
@@ -179,7 +179,7 @@ public List<String> getEnvVarsFromSecrets() {
 	return envVarsFromSecrets;
     }
 
-    public List<InitOperation> getinitOperations() {
+    public List<InitOperation> getInitOperations() {
 	return initOperations;
     }
 
@@ -279,10 +279,9 @@ public boolean equals(Object obj) {
     @Override
     public String toString() {
 	return "SessionSpec [name=" + name + ", appDefinition=" + appDefinition + ", user=" + user + ", url=" + url
-		+ ", error=" + error + ", workspace=" + workspace + ", lastActivity=" + lastActivity
-		+ ", sessionSecret=" + sessionSecret + ", envVars=" + envVars + ", envVarsFromConfigMaps="
-		+ envVarsFromConfigMaps + ", envVarsFromSecrets=" + envVarsFromSecrets + ", initOperations="
-		+ initOperations + "]";
+		+ ", error=" + error + ", workspace=" + workspace + ", lastActivity=" + lastActivity + ", envVars="
+		+ envVars + ", envVarsFromConfigMaps=" + envVarsFromConfigMaps + ", envVarsFromSecrets="
+		+ envVarsFromSecrets + ", initOperations=" + initOperations + "]";
     }
 
     public static boolean isEphemeral(String workspace) {
diff --git a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/InitOperationHandler.java b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/InitOperationHandler.java
index 03693afd..79d94691 100644
--- a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/InitOperationHandler.java
+++ b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/InitOperationHandler.java
@@ -26,10 +26,11 @@
 public interface InitOperationHandler {
 
     static final String THEIA_CLOUD_INIT_LABEL = "theiaCloudInit";
+    static final String THEIA_CLOUD_USER_LABEL = "theiaCloudUser";
 
     String operationId();
 
-    void addInitContainer(String correlationId, TheiaCloudClient client, Deployment deployment,
+    void handleInitOperation(String correlationId, TheiaCloudClient client, Deployment deployment,
 	    AppDefinition appDefinition, Session session, List<String> args);
 
 }
diff --git a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/AddedHandlerUtil.java b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/AddedHandlerUtil.java
index 6fd0ff74..3b46ac52 100644
--- a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/AddedHandlerUtil.java
+++ b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/AddedHandlerUtil.java
@@ -342,9 +342,9 @@ private static Optional<Integer> findContainerIdxInDeployment(Deployment deploym
 	return Optional.empty();
     }
 
-    public static void addInitContainers(String correlationId, TheiaCloudClient client, Deployment deployment,
+    public static void handleInitOperations(String correlationId, TheiaCloudClient client, Deployment deployment,
 	    AppDefinition appDefinition, Session session, Set<InitOperationHandler> initOperationHandlers) {
-	List<InitOperation> initOperations = session.getSpec().getinitOperations();
+	List<InitOperation> initOperations = session.getSpec().getInitOperations();
 	if (initOperations == null) {
 	    return;
 	}
@@ -356,7 +356,7 @@ public static void addInitContainers(String correlationId, TheiaCloudClient clie
 			.format("No Init Handler found for operation with id {0}.", initOperation.getId())));
 		continue;
 	    }
-	    handler.get().addInitContainer(correlationId, client, deployment, appDefinition, session,
+	    handler.get().handleInitOperation(correlationId, client, deployment, appDefinition, session,
 		    initOperation.getArguments());
 	    LOGGER.info(formatLogMessage(correlationId,
 		    MessageFormat.format("Added init container with id {0} to deployment.", initOperation.getId())));
diff --git a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java
index 86c96413..76866b38 100644
--- a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java
+++ b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/GitInitOperationHandler.java
@@ -61,6 +61,7 @@ public class GitInitOperationHandler implements InitOperationHandler {
     protected static final String IMAGE_ENV_KEY = "GIT_INIT_OPERATION_IMAGE";
     protected static final String DEFAULT_IMAGE = "theiacloud/theia-cloud-git-init:latest";
     protected static final String ID = "git";
+    protected static final String INIT_CONTAINER_NAME = "git-init";
 
     private static final Logger LOGGER = LogManager.getLogger(GitInitOperationHandler.class);
 
@@ -70,7 +71,7 @@ public String operationId() {
     }
 
     @Override
-    public void addInitContainer(String correlationId, TheiaCloudClient client, Deployment deployment,
+    public void handleInitOperation(String correlationId, TheiaCloudClient client, Deployment deployment,
 	    AppDefinition appDefinition, Session session, List<String> args) {
 
 	if (args.size() < 2 || args.size() > 3) {
@@ -93,7 +94,7 @@ public void addInitContainer(String correlationId, TheiaCloudClient client, Depl
 	Container gitInitContainer = new Container();
 	initContainers.add(gitInitContainer);
 
-	gitInitContainer.setName("git-init");
+	gitInitContainer.setName(INIT_CONTAINER_NAME);
 	gitInitContainer.setImage(getImage());
 	String repository = args.get(0);
 	String branch = args.get(1);
@@ -129,7 +130,7 @@ public void addInitContainer(String correlationId, TheiaCloudClient client, Depl
 		return;
 	    }
 
-	    String theiaCloudUser = k8sSecret.getMetadata().getAnnotations().get("theiaCloudUser");
+	    String theiaCloudUser = k8sSecret.getMetadata().getAnnotations().get(THEIA_CLOUD_USER_LABEL);
 	    if (theiaCloudUser == null || !session.getSpec().getUser().equals(theiaCloudUser)) {
 		LOGGER.warn(LogMessageUtil.formatLogMessage(correlationId,
 			MessageFormat.format("Secret with name {0} is not configured to be used by user {1}.",
@@ -143,14 +144,20 @@ public void addInitContainer(String correlationId, TheiaCloudClient client, Depl
 
 	if (isHTTP(repository)) {
 	    if (!injectHTTPRepoCredentials(correlationId, secret, secretName, repository, gitInitContainer)) {
+		// problem during injection, return early
 		return;
 	    }
 	} else {
 	    if (!injectSSHRepoCredentials(correlationId, secret, secretName, repository, gitInitContainer, volumes)) {
+		// problem during injection, return early
 		return;
 	    }
 	}
 
+	// init container is added to the deployment at this point
+	// any additional init code (e.g. injecting SSH Keys into the running IDE itself
+	// may follow below)
+
     }
 
     protected boolean injectHTTPRepoCredentials(String correlationId, Optional<Secret> secret,
diff --git a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/LazySessionHandler.java b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/LazySessionHandler.java
index eee9d1bb..af619dbd 100644
--- a/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/LazySessionHandler.java
+++ b/java/operator/org.eclipse.theia.cloud.operator/src/main/java/org/eclipse/theia/cloud/operator/handler/impl/LazySessionHandler.java
@@ -420,7 +420,7 @@ protected void createAndApplyDeployment(String correlationId, String sessionReso
 			AddedHandlerUtil.addImagePullSecret(deployment, appDefinition.getSpec().getPullSecret());
 		    }
 
-		    AddedHandlerUtil.addInitContainers(correlationId, client, deployment, appDefinition, session,
+		    AddedHandlerUtil.handleInitOperations(correlationId, client, deployment, appDefinition, session,
 			    initOperationHandlers);
 		});
     }
diff --git a/python/git-init/README.md b/python/git-init/README.md
index 8f1dcf10..58dec310 100644
--- a/python/git-init/README.md
+++ b/python/git-init/README.md
@@ -23,10 +23,18 @@ docker build -t theiacloud/theia-cloud-git-init:local -f dockerfiles/git-init/Do
 ```bash
 # don't save in ~/.ssh/... but e.g. in ~/tmp/ssh/id_theiacloud
 ssh-keygen -t ed25519 -C "Test TC Git Init SSH Keypair"
+
+# check if key is added already
+ssh-add -L
+
+# add the key if necessary
+ssh-add ~/tmp/ssh/id_theiacloud
 ```
 
 ### Test Checkout with container
 
+Please also play with wrong password or public SSH Keys that are not (yet) added to the repository to get the known error cases.
+
 ```bash
 # Adjust URLs and Password/PATs below
 # keep spaces in front to avoid command being added to bash history
@@ -43,6 +51,7 @@ ssh-keygen -t ed25519 -C "Test TC Git Init SSH Keypair"
 # HTTPS Public
 docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PUBLIC" "/tmp/my-repo" "$BRANCH"
 
+# For HTTPS auth with PATs as password a lot of providers accept any username
 # HTTPS Private
 docker run --env GIT_PROMPT1=$HTTP_USERNAME --env GIT_PROMPT2=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE" "/tmp/my-repo" "$BRANCH"
 
@@ -52,12 +61,31 @@ docker run --env GIT_PROMPT1=$HTTP_PASSWORD --rm theiacloud/theia-cloud-git-init
 # HTTPS Private with Username and Password
 docker run --rm theiacloud/theia-cloud-git-init:local "$HTTP_PRIVATE_WITH_USERNAME_AND_PASSWORD" "/tmp/my-repo" "$BRANCH"
 
-# SSH
+# SSH (the expected keyname is id_theiacloud ! With a different naming pattern this command will fail. Rename/Create a copy of you keyname if necessary)
 docker run --env GIT_PROMPT1=$SSH_PASSWORD -v ~/tmp/ssh/:/etc/theia-cloud-ssh --rm theiacloud/theia-cloud-git-init:local "$SSH_REPO" "/tmp/my-repo" "$BRANCH"
 ```
 
 ### Create Kubernetes Resources
 
+#### Workspace
+
+If testing on Minikube also mount a directory with expected user permissions: `minikube mount --uid 101 --gid 101 ~/tmp/minikube:/tmp/hostpath-provisioner/theia-cloud`
+
+You might have to adjust your firewall (temporarily).
+
+With below Sessions, the Workspace will be mounted inside the `persisted` subdirectory in the workspace.
+
+```yaml
+apiVersion: theia.cloud/v3beta
+kind: Workspace
+metadata:
+  name: ws-asdfghjkl-theia-cloud-demo-foo-theia-cloud-io
+  namespace: theiacloud
+spec:
+  name: ws-asdfghjkl-theia-cloud-demo-foo-theia-cloud-io
+  user: foo@theia-cloud.io
+```
+
 #### Secret for HTTP(S) auth
 
 ```yaml
@@ -79,7 +107,7 @@ stringData:
 #### Example Session for HTTP(S) auth
 
 ```yaml
-apiVersion: theia.cloud/v5beta
+apiVersion: theia.cloud/v7beta
 kind: Session
 metadata:
   name: ws-asdfghjkl-theia-cloud-demo-foo-theia-cloud-io-session
@@ -124,7 +152,7 @@ stringData:
 #### Example Session for SSH auth
 
 ```yaml
-apiVersion: theia.cloud/v5beta
+apiVersion: theia.cloud/v7beta
 kind: Session
 metadata:
   name: ws-asdfghjkl-theia-cloud-demo-foo-theia-cloud-io-session
diff --git a/python/git-init/entrypoint.sh b/python/git-init/entrypoint.sh
index ddb80d14..ce856a20 100755
--- a/python/git-init/entrypoint.sh
+++ b/python/git-init/entrypoint.sh
@@ -19,4 +19,4 @@ touch $HOME/.ssh/known_hosts
 [ -e /etc/theia-cloud-ssh/id_theiacloud ] && { sleep 1; echo $GIT_PROMPT1; } | script -q /dev/null -c 'ssh-add /etc/theia-cloud-ssh/id_theiacloud'
 
 # hand over to clone script
-python git-init.py "$@"
\ No newline at end of file
+python3 git-init.py "$@"
\ No newline at end of file
diff --git a/python/git-init/git-askpw.py b/python/git-init/git-askpw.py
index 07783a36..3dded3fa 100755
--- a/python/git-init/git-askpw.py
+++ b/python/git-init/git-askpw.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 import os
 
 path = "/tmp/theia-cloud-askpw"
diff --git a/python/git-init/git-init.py b/python/git-init/git-init.py
index b4ab27ab..d9464fe2 100755
--- a/python/git-init/git-init.py
+++ b/python/git-init/git-init.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 
 import argparse
 import subprocess