diff --git a/zato/README.org b/zato/README.org
new file mode 100644
index 0000000..ff02abd
--- /dev/null
+++ b/zato/README.org
@@ -0,0 +1,30 @@
+# -*- ispell-local-dictionary: "english" -*-
+
+* Info 
+
+From: https://docs.n8n.io/hosting/installation/docker/#starting-n8n
+
+
+* Usage
+
+Config info: https://support.rallly.co/self-hosting/configuration-options
+
+Requires a =smtp-server= provider to be functional, you can use
+=smtp-stub= charm to provide information to externally managed =SMTP=.
+
+#+begin_src yaml
+n8n:
+ options:
+   sender-email: #the sender email (beware the conf of your SMTP server)
+
+smtp-stub:
+  options:
+    host: smtp.myhost.com
+    port: 465
+    connection-security: "ssl/tls"
+    auth-method: password #IMPORTANT: if not present login password doesn’t work
+    login: myuser
+    password: myp4ssw0rd
+#+end_src
+
+
diff --git a/zato/hooks/init b/zato/hooks/init
new file mode 100755
index 0000000..b328636
--- /dev/null
+++ b/zato/hooks/init
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+## Init is run on host
+## For now it is run every time the script is launched, but
+## it should be launched only once after build.
+
+## Accessible variables are:
+## - SERVICE_NAME        Name of current service
+## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
+## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
+## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
+
+
+set -e
+
+. lib/common
+
+ZATO_DIR="/opt/hot-deploy"
+DATASTORE_ZATO_DIR="$SERVICE_NAME$ZATO_DIR"
+
+
+SSH_PASSWORD_FILE="$SERVICE_DATASTORE"/.compose/password/ssh-password
+DASHBOARD_PASSWORD_FILE="$SERVICE_DATASTORE"/.compose/password/dashboard-password
+IDE_PASSWORD_FILE="$SERVICE_DATASTORE"/.compose/password/utils-secret
+
+ssh_password=$(generate_or_get_secret "$SSH_PASSWORD_FILE")
+dashboard_password=$(generate_or_get_secret "$DASHBOARD_PASSWORD_FILE")
+ide_password=$(generate_or_get_secret "$IDE_PASSWORD_FILE")
+
+
+init-config-add "
+$SERVICE_NAME:
+  environment:
+    Zato_Log_Env_Details: \"True\"
+    Zato_SSH_Password: \"$ssh_password\"
+    Zato_Dashboard_Password: \"$dashboard_password\"
+    Zato_IDE_Password: \"$ide_password\"
+"
+
+# uid=$(docker_get_uid "$SERVICE_NAME" "zato")
+# mkdir -p "$DATASTORE_ZATO_DIR"
+# chown "$uid" "$DATASTORE_ZATO_DIR"
+
diff --git a/zato/lib/common b/zato/lib/common
new file mode 100644
index 0000000..09f18d8
--- /dev/null
+++ b/zato/lib/common
@@ -0,0 +1,19 @@
+#!/bin/bash 
+
+generate_or_get_secret() {
+    local secret_file="$1"
+    local secret_value
+
+    if ! [ -f "$secret_file" ]; then
+        info "Generating secret password for ${secret_file##*/}"
+        mkdir -p "${secret_file%/*}"
+        umask 077
+        secret_value=$(openssl rand -hex 32)
+        echo "$secret_value" > "$secret_file"
+    else
+        info "Using existing secret from ${secret_file##*/}"
+        secret_value=$(cat "$secret_file")
+    fi
+
+    echo "$secret_value"
+}
\ No newline at end of file
diff --git a/zato/metadata.yml b/zato/metadata.yml
new file mode 100644
index 0000000..54b8be0
--- /dev/null
+++ b/zato/metadata.yml
@@ -0,0 +1,26 @@
+docker-image: ghcr.io/zatosource/zato-3.2-quickstart:latest
+docker-compose:
+  ports:
+    - "22022:22"
+    - "8183:8183"
+    - "17010:17010"
+
+data-resources:
+  - /opt/hot-deploy/
+
+uses:
+  web-proxy:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: recommended
+    auto: pair
+    solves:
+      proxy: "Public access"
+    default-options:
+      target: !var-expand ${MASTER_BASE_SERVICE_NAME}:8183
+  backup:
+    constraint: recommended
+    auto: pair
+    solves:
+      backup: "Automatic regular backup"
+    default-options: