diff --git a/.github/workflows/proxy.altinn3-tilgang-proxy.yml b/.github/workflows/proxy.altinn3-tilgang-proxy.yml
new file mode 100644
index 00000000000..eb617126e20
--- /dev/null
+++ b/.github/workflows/proxy.altinn3-tilgang-proxy.yml
@@ -0,0 +1,23 @@
+name: altinn3-tilgang-proxy
+
+on:
+  push:
+    paths:
+      - "plugins/**"
+      - "libs/reactive-core/**"
+      - "libs/reactive-proxy/**"
+      - "libs/security-core/**"
+      - "libs/servlet-insecure-security/**"
+      - "proxies/altinn3-tilgang-proxy/**"
+      - ".github/workflows/proxy.altinn3-tilgang-proxy.yml"
+
+jobs:
+  workflow:
+    uses: ./.github/workflows/common.workflow.backend.yml
+    with:
+      working-directory: "proxies/altinn3-tilgang-proxy"
+      deploy-tag: "#deploy-proxy-altinn3-tilgang"
+    permissions:
+      contents: read
+      id-token: write
+    secrets: inherit
diff --git a/apps/altinn3-tilgang-service/build.gradle b/apps/altinn3-tilgang-service/build.gradle
index 0967f46878e..1ea7ae40843 100644
--- a/apps/altinn3-tilgang-service/build.gradle
+++ b/apps/altinn3-tilgang-service/build.gradle
@@ -10,11 +10,8 @@ sonarqube {
 }
 
 dependencies {
-    implementation "com.google.cloud:spring-cloud-gcp-starter-secretmanager:$versions.gcpSecretManager"
-
     implementation "no.nav.testnav.libs:reactive-core"
     implementation "no.nav.testnav.libs:reactive-security"
-    implementation "no.nav.testnav.libs:vault"
 
     implementation "org.springframework.boot:spring-boot-starter-data-r2dbc"
     implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server"
@@ -28,7 +25,6 @@ dependencies {
 
     implementation "ma.glasnost.orika:orika-core:$versions.orika"
 
-    implementation "io.micrometer:micrometer-registry-prometheus"
     implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:$versions.springdoc"
     implementation "io.swagger.core.v3:swagger-annotations-jakarta:$versions.swagger"
 
diff --git a/apps/altinn3-tilgang-service/config.prod.yml b/apps/altinn3-tilgang-service/config.prod.yml
index e57c9109b5c..f24efb9735e 100644
--- a/apps/altinn3-tilgang-service/config.prod.yml
+++ b/apps/altinn3-tilgang-service/config.prod.yml
@@ -38,6 +38,8 @@ spec:
           cluster: dev-gcp
         - application: testnav-oversikt-frontend
           cluster: dev-gcp
+        - application: testnav-altinn3-tilgang-proxy
+          cluster: dev-gcp
     outbound:
       external:
         - host: platform.altinn.no
diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java
deleted file mode 100644
index 11600e1a6bf..00000000000
--- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/LocalVaultConfig.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package no.nav.testnav.altinn3tilgangservice.config;
-
-import no.nav.testnav.libs.vault.AbstractLocalVaultConfiguration;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-
-@Configuration
-@Profile("local")
-public class LocalVaultConfig extends AbstractLocalVaultConfiguration {
-}
\ No newline at end of file
diff --git a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml
index 7e9211a71ae..7916eb7f7fa 100644
--- a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml
+++ b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml
@@ -1,11 +1,11 @@
-TOKEN_X_ISSUER: dummy
-
 ALTINN_URL: https://tt02.altinn.no
-
+AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id}
+AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret}
 MASKINPORTEN_CLIENT_ID: dummy
 MASKINPORTEN_CLIENT_JWK: dummy
 MASKINPORTEN_SCOPES: dummy
 MASKINPORTEN_WELL_KNOWN_URL: https://test.maskinporten.no/.well-known/oauth-authorization-server
+TOKEN_X_ISSUER: dummy
 
 spring:
   cache:
diff --git a/apps/altinn3-tilgang-service/src/main/resources/application.yml b/apps/altinn3-tilgang-service/src/main/resources/application.yml
index ef6e80ec702..70a799743f3 100644
--- a/apps/altinn3-tilgang-service/src/main/resources/application.yml
+++ b/apps/altinn3-tilgang-service/src/main/resources/application.yml
@@ -4,14 +4,14 @@ spring:
   application:
     version: application.version.todo
     name: testnav-altinn3-tilgang-service
-    desciption: Tjeneste for å hente og sette tilganger for orgnisasjoner
+    description: Tjeneste for å hente og sette tilganger for orgnisasjoner
   security:
     oauth2:
       resourceserver:
         aad:
           issuer-uri: ${AAD_ISSUER_URI}/v2.0
           jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
-          accepted-audience: ${azure.app.client.id}, api://${azure.app.client.id}
+          accepted-audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID}
         tokenx:
           issuer-uri: ${TOKEN_X_ISSUER}
           jwk-set-uri: ${TOKEN_X_JWKS_URI}
@@ -19,9 +19,6 @@ spring:
   jackson:
     serialization:
       write_dates_as_timestamps: false
-  cloud:
-    vault:
-      enabled: false
 
 springdoc:
   swagger-ui:
diff --git a/apps/dolly-frontend/config.idporten.yml b/apps/dolly-frontend/config.idporten.yml
index 2e7cee39d37..aed20782252 100644
--- a/apps/dolly-frontend/config.idporten.yml
+++ b/apps/dolly-frontend/config.idporten.yml
@@ -57,8 +57,7 @@ spec:
         - application: testnorge-profil-api
         - application: testnorge-tilbakemelding-api
         - application: testnav-yrkesskade-proxy
-        - application: testnav-altinn3-tilgang-service-prod
-          cluster: prod-gcp
+        - application: testnav-altinn3-tilgang-proxy
       external:
         - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io
         - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io
@@ -75,7 +74,6 @@ spec:
         - host: testnav-brregstub-proxy.dev-fss-pub.nais.io
         - host: testnav-dokarkiv-proxy.dev-fss-pub.nais.io
         - host: idporten.no
-        - host: testnav-altinn3-tilgang-service.nav.no
 
   liveness:
     path: /internal/isAlive
diff --git a/apps/dolly-frontend/config.yml b/apps/dolly-frontend/config.yml
index f8681ddb000..f0429be6a19 100644
--- a/apps/dolly-frontend/config.yml
+++ b/apps/dolly-frontend/config.yml
@@ -67,8 +67,7 @@ spec:
         - application: testnav-levende-arbeidsforhold-ansettelse
         - application: testnav-levende-arbeidsforhold-scheduler
         - application: testnav-yrkesskade-proxy
-        - application: testnav-altinn3-tilgang-service-prod
-          cluster: prod-gcp
+        - application: testnav-altinn3-tilgang-proxy
       external:
         - host: testnav-pensjon-testdata-facade-proxy.dev-fss-pub.nais.io
         - host: testnav-sigrunstub-proxy.dev-fss-pub.nais.io
@@ -84,7 +83,6 @@ spec:
         - host: testnav-norg2-proxy.dev-fss-pub.nais.io
         - host: testnav-brregstub-proxy.dev-fss-pub.nais.io
         - host: testnav-dokarkiv-proxy.dev-fss-pub.nais.io
-        - host: testnav-altinn3-tilgang-service.nav.no
   liveness:
     path: /internal/isAlive
     initialDelay: 20
diff --git a/apps/dolly-frontend/src/main/resources/application.yml b/apps/dolly-frontend/src/main/resources/application.yml
index c362403b52e..69f5d0d1672 100644
--- a/apps/dolly-frontend/src/main/resources/application.yml
+++ b/apps/dolly-frontend/src/main/resources/application.yml
@@ -26,10 +26,10 @@ spring:
 
 consumers:
   testnav-altinn3-tilgang-service:
-    cluster: prod-gcp
+    cluster: dev-gcp
     namespace: dolly
-    name: testnav-altinn3-tilgang-service-prod
-    url: https://testnav-altinn3-tilgang-service.nav.no
+    name: testnav-altinn3-tilgang-proxy
+    url: http://testnav-altinn3-tilgang-proxy.dolly.svc.cluster.local
   testnav-tps-messaging-service:
     cluster: dev-gcp
     namespace: dolly
diff --git a/apps/kodeverk-service/config.yml b/apps/kodeverk-service/config.yml
index 4be570ad76c..f1bedff64d4 100644
--- a/apps/kodeverk-service/config.yml
+++ b/apps/kodeverk-service/config.yml
@@ -22,6 +22,7 @@ spec:
         - application: testnav-pdl-forvalter
         - application: testnav-pdl-forvalter-dev
         - application: testnav-levende-arbeidsforhold-ansettelse
+        - application: testnorge-statisk-data-forvalter
     outbound:
       external:
         - host: kodeverk-api.nav.no
diff --git a/apps/testnorge-statisk-data-forvalter/config.yml b/apps/testnorge-statisk-data-forvalter/config.yml
index 40443d77705..f88cc237a50 100644
--- a/apps/testnorge-statisk-data-forvalter/config.yml
+++ b/apps/testnorge-statisk-data-forvalter/config.yml
@@ -71,6 +71,7 @@ spec:
         - application: krr-stub
         - application: synthdata-aareg
           cluster: dev-fss
-        - application: kodeverk
+        - application: testnav-kodeverk-service
+          cluster: dev-gcp
         - application: testnav-aareg-proxy
           cluster: dev-fss
diff --git a/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/config/Consumers.java b/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/config/Consumers.java
index ce2fe92f9c1..c8b8b253faa 100644
--- a/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/config/Consumers.java
+++ b/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/config/Consumers.java
@@ -26,7 +26,7 @@ public class Consumers {
 
     private ServerProperties testnavAaregProxy;
     private ServerProperties genererNavnService;
-    private ServerProperties kodeverkApi;
+    private ServerProperties testnavKodeverkService;
     private ServerProperties testnavOrganisasjonFasteDataService;
     private ServerProperties testnavOrganisasjonService;
     private ServerProperties testnavPersonFasteDataService;
diff --git a/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/kodeverk/KodeverkConsumer.java b/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/kodeverk/KodeverkConsumer.java
index a26bc753f5b..d6a8a1540df 100644
--- a/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/kodeverk/KodeverkConsumer.java
+++ b/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/kodeverk/KodeverkConsumer.java
@@ -23,7 +23,7 @@ public KodeverkConsumer(
                                 .maxInMemorySize(16 * 1024 * 1024))
                         .build())
                 .baseUrl(consumers
-                        .getKodeverkApi()
+                        .getTestnavKodeverkService()
                         .getUrl())
                 .build();
     }
diff --git a/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/krr/KrrConsumer.java b/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/krr/KrrConsumer.java
index db10b87c9c5..90dda96b35d 100644
--- a/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/krr/KrrConsumer.java
+++ b/apps/testnorge-statisk-data-forvalter/src/main/java/no/nav/registre/sdforvalter/consumer/rs/krr/KrrConsumer.java
@@ -6,7 +6,11 @@
 import no.nav.registre.sdforvalter.domain.KrrListe;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.ParameterizedTypeReference;
-import org.springframework.http.*;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.RequestEntity;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
diff --git a/apps/testnorge-statisk-data-forvalter/src/main/resources/application-local.yml b/apps/testnorge-statisk-data-forvalter/src/main/resources/application-local.yml
index 5ca60787a43..29eabc600d3 100644
--- a/apps/testnorge-statisk-data-forvalter/src/main/resources/application-local.yml
+++ b/apps/testnorge-statisk-data-forvalter/src/main/resources/application-local.yml
@@ -25,3 +25,6 @@ consumers:
     url: https://testnav-bruker-service-dev.intern.dev.nav.no
   synthdata-aareg:
     url: https://nais-synthdata-aareg.dev.intern.nav.no
+  testnav-kodeverk-service:
+    url: https://testnav-kodeverk-service.intern.dev.nav.no
+
diff --git a/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml b/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml
index e5589722506..fb9d79b9227 100644
--- a/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml
+++ b/apps/testnorge-statisk-data-forvalter/src/main/resources/application.yml
@@ -16,7 +16,7 @@ spring:
         aad:
           issuer-uri: ${AAD_ISSUER_URI}/v2.0
           jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
-          accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
+          accepted-audience: ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
 
 springdoc:
   swagger-ui:
@@ -59,11 +59,11 @@ consumers:
     url: https://krr-stub-%s.dev.intern.nav.no/api
   synthdata-aareg:
     url: http://nais-synthdata-aareg.dolly.svc.nais.local
-  kodeverk-api:
-    name: kodeverk-api
-    namespace: team-rocket
-    url: https://kodeverk-api.nav.no
-    cluster: prod-gcp
+  testnav-kodeverk-service:
+    name: testnav-kodeverk-service
+    namespace: dolly
+    url: http://testnav-kodeverk-service.dolly.svc.cluster.local
+    cluster: dev-gcp
   testnav-aareg-proxy:
     name: testnav-aareg-proxy
     namespace: dolly
diff --git a/apps/testnorge-statisk-data-forvalter/src/test/java/no/nav/registre/sdforvalter/provider/rs/OrkestreringControllerAaregIntegrationTest.java b/apps/testnorge-statisk-data-forvalter/src/test/java/no/nav/registre/sdforvalter/provider/rs/OrkestreringControllerAaregIntegrationTest.java
index 56670b27755..20631055417 100644
--- a/apps/testnorge-statisk-data-forvalter/src/test/java/no/nav/registre/sdforvalter/provider/rs/OrkestreringControllerAaregIntegrationTest.java
+++ b/apps/testnorge-statisk-data-forvalter/src/test/java/no/nav/registre/sdforvalter/provider/rs/OrkestreringControllerAaregIntegrationTest.java
@@ -47,33 +47,41 @@
 @AutoConfigureMockMvc
 class OrkestreringControllerAaregIntegrationTest {
 
+    private static final String FNR = "01010101010";
+    private static final String ORGNR = "999999999";
+    private static final String MILJOE = "test";
+    private static String syntString;
+    private final KodeverkResponse kodeverkResponse = new KodeverkResponse(Collections.singletonList("yrke"));
+    private final TypeReference<List<RsAaregSyntetiseringsRequest>> syntResponse = new TypeReference<>() {
+    };
     @Autowired
     private MockMvc mvc;
-
     @MockBean
     private TokenExchange tokenExchange;
-
     @Autowired
     private AaregRepository aaregRepository;
-
     @Autowired
     private ObjectMapper objectMapper;
 
-    private static final String FNR = "01010101010";
-    private static final String ORGNR = "999999999";
-    private static final String MILJOE = "test";
-
-    private final KodeverkResponse kodeverkResponse = new KodeverkResponse(Collections.singletonList("yrke"));
-    private static String syntString;
-    private final TypeReference<List<RsAaregSyntetiseringsRequest>> syntResponse = new TypeReference<>() {
-    };
+    @AfterEach
+    public void cleanUp() {
+        reset();
+        aaregRepository.deleteAll();
+    }
 
     @BeforeAll
     public static void setup() {
         syntString = getResourceFileContent("files/enkel_arbeidsforholdmelding.json");
     }
 
-    @Disabled("Fix verify GET on (.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+    private AaregModel createAaregModel() {
+        AaregModel model = new AaregModel();
+        model.setFnr(FNR);
+        model.setOrgId(ORGNR);
+        return model;
+    }
+
+    @Disabled("Fix verify GET on (.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
     @Test
     void shouldInitiateAaregFromDatabase() throws Exception {
         final AaregModel aaregModel = createAaregModel();
@@ -127,7 +135,7 @@ void shouldInitiateAaregFromDatabase() throws Exception {
 
         JsonWiremockHelper
                 .builder(objectMapper)
-                .withUrlPathMatching("(.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+                .withUrlPathMatching("(.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
                 .withResponseBody(kodeverkResponse)
                 .verifyGet();
 
@@ -167,7 +175,7 @@ void shouldNotOppretteAaregWhenAlreadyExists() throws Exception {
 
     }
 
-    @Disabled("Fix verify GET on (.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+    @Disabled("Fix verify GET on (.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
     @Test
     void shouldNotOppretteAaregIfSyntError() throws Exception {
         final AaregModel aaregModel = createAaregModel();
@@ -190,7 +198,7 @@ void shouldNotOppretteAaregIfSyntError() throws Exception {
 
         JsonWiremockHelper
                 .builder(objectMapper)
-                .withUrlPathMatching("(.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+                .withUrlPathMatching("(.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
                 .withResponseBody(kodeverkResponse)
                 .stubGet();
 
@@ -213,22 +221,9 @@ void shouldNotOppretteAaregIfSyntError() throws Exception {
 
         JsonWiremockHelper
                 .builder(objectMapper)
-                .withUrlPathMatching("(.*)/kodeverk-api/api/v1/kodeverk/Yrker/koder")
+                .withUrlPathMatching("(.*)/testnav-kodeverk-service/api/v1/kodeverk/Yrker/koder")
                 .withResponseBody(kodeverkResponse)
                 .verifyGet();
     }
 
-    private AaregModel createAaregModel() {
-        AaregModel model = new AaregModel();
-        model.setFnr(FNR);
-        model.setOrgId(ORGNR);
-        return model;
-    }
-
-    @AfterEach
-    public void cleanUp() {
-        reset();
-        aaregRepository.deleteAll();
-    }
-
 }
diff --git a/apps/testnorge-statisk-data-forvalter/src/test/resources/application-test.yml b/apps/testnorge-statisk-data-forvalter/src/test/resources/application-test.yml
index a4c5a1d25d2..db527311ba3 100644
--- a/apps/testnorge-statisk-data-forvalter/src/test/resources/application-test.yml
+++ b/apps/testnorge-statisk-data-forvalter/src/test/resources/application-test.yml
@@ -46,10 +46,10 @@ consumers:
     url: http://localhost:${wiremock.server.port:0}/krr-stub/api
   synthdata-aareg:
     url: http://localhost:${wiremock.server.port:0}/synt-aareg
-  kodeverk:
-    url: http://localhost:${wiremock.server.port:0}/kodeverk-api
-    name: kodeverk-api
-    namespace: team-rocket
+  testnav-kodeverk-service:
+    url: http://localhost:${wiremock.server.port:0}/testnav-kodeverk-service
+    name: testnav-kodeverk-service
+    namespace: dolly
     cluster: dummy
   testnav-aareg-proxy:
     url: http://localhost:${wiremock.server.port:0}/aareg
diff --git a/proxies/altinn3-tilgang-proxy/Dockerfile b/proxies/altinn3-tilgang-proxy/Dockerfile
new file mode 100644
index 00000000000..3ac8856fdc1
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/Dockerfile
@@ -0,0 +1,8 @@
+FROM ghcr.io/navikt/baseimages/temurin:21
+LABEL maintainer="Team Dolly"
+
+ENV JAVA_OPTS="-Dspring.profiles.active=prod"
+
+COPY /build/libs/app.jar /app/app.jar
+
+EXPOSE 8080
diff --git a/proxies/altinn3-tilgang-proxy/README.md b/proxies/altinn3-tilgang-proxy/README.md
new file mode 100644
index 00000000000..674eee89b18
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/README.md
@@ -0,0 +1,3 @@
+## Lokal kjøring
+* [Generelt.](../../docs/local_general.md)
+* [Secret Manager.](../../docs/local_secretmanager.md)
\ No newline at end of file
diff --git a/proxies/altinn3-tilgang-proxy/build.gradle b/proxies/altinn3-tilgang-proxy/build.gradle
new file mode 100644
index 00000000000..6ec916b1237
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/build.gradle
@@ -0,0 +1,19 @@
+plugins {
+    id "dolly-proxies"
+}
+
+sonarqube {
+    properties {
+        property "sonar.projectKey", "testnav-altinn3-tilgang-proxy"
+        property "sonar.projectName", "testnav-altinn3-tilgang-proxy"
+    }
+}
+
+dependencies {
+    implementation "no.nav.testnav.libs:security-core"
+    implementation "no.nav.testnav.libs:reactive-core"
+    implementation "no.nav.testnav.libs:reactive-proxy"
+    implementation "no.nav.testnav.libs:servlet-insecure-security"
+
+    implementation "org.springframework.boot:spring-boot-starter-webflux"
+}
diff --git a/proxies/altinn3-tilgang-proxy/config.yml b/proxies/altinn3-tilgang-proxy/config.yml
new file mode 100644
index 00000000000..94091e33059
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/config.yml
@@ -0,0 +1,60 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: testnav-altinn3-tilgang-proxy
+  namespace: dolly
+  labels:
+    team: dolly
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "2400"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "2400"
+spec:
+  image: "{{image}}"
+  port: 8080
+  tokenx:
+    enabled: true
+  azure:
+    application:
+      allowAllUsers: true
+      enabled: true
+      tenant: nav.no
+  accessPolicy:
+    inbound:
+      rules:
+        - application: team-dolly-lokal-app
+        - application: testnav-oversikt-frontend
+        - application: dolly-frontend
+        - application: dolly-frontend-dev
+        - application: dolly-frontend-dev-unstable
+        - application: dolly-idporten
+    outbound:
+      external:
+        - host: testnav-altinn3-tilgang-service.nav.no
+  liveness:
+    path: /internal/isAlive
+    initialDelay: 4
+    periodSeconds: 5
+    failureThreshold: 500
+  observability:
+    logging:
+      destinations:
+        - id: elastic
+    autoInstrumentation:
+      enabled: true
+      runtime: java
+  readiness:
+    path: /internal/isReady
+    initialDelay: 4
+    periodSeconds: 5
+    failureThreshold: 500
+  replicas:
+    min: 1
+    max: 1
+  resources:
+    requests:
+      cpu: 100m
+      memory: 1025Mi
+    limits:
+      memory: 2048Mi
+  ingresses:
+    - "https://testnav-altinn3-tilgang-proxy.intern.dev.nav.no"
diff --git a/proxies/altinn3-tilgang-proxy/gradle/wrapper/gradle-wrapper.jar b/proxies/altinn3-tilgang-proxy/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 00000000000..7454180f2ae
Binary files /dev/null and b/proxies/altinn3-tilgang-proxy/gradle/wrapper/gradle-wrapper.jar differ
diff --git a/proxies/altinn3-tilgang-proxy/gradle/wrapper/gradle-wrapper.properties b/proxies/altinn3-tilgang-proxy/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 00000000000..48c0a02ca41
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/proxies/altinn3-tilgang-proxy/gradlew b/proxies/altinn3-tilgang-proxy/gradlew
new file mode 100755
index 00000000000..3da45c161b0
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/gradlew
@@ -0,0 +1,234 @@
+#!/bin/sh
+
+#
+# Copyright ? 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions ?$var?, ?${var}?, ?${var:-default}?, ?${var+SET}?,
+#           ?${var#prefix}?, ?${var%suffix}?, and ?$( cmd )?;
+#         * compound commands having a testable exit status, especially ?case?;
+#         * various built-in commands including ?command?, ?set?, and ?ulimit?.
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+
+APP_NAME="Gradle"
+APP_BASE_NAME=${0##*/}
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"
diff --git a/proxies/altinn3-tilgang-proxy/gradlew.bat b/proxies/altinn3-tilgang-proxy/gradlew.bat
new file mode 100644
index 00000000000..107acd32c4e
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/gradlew.bat
@@ -0,0 +1,89 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/proxies/altinn3-tilgang-proxy/gradlewUpdate.sh b/proxies/altinn3-tilgang-proxy/gradlewUpdate.sh
new file mode 100755
index 00000000000..e5ee6361152
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/gradlewUpdate.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+gradle wrapper
\ No newline at end of file
diff --git a/proxies/altinn3-tilgang-proxy/settings.gradle b/proxies/altinn3-tilgang-proxy/settings.gradle
new file mode 100644
index 00000000000..55f12b701a6
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/settings.gradle
@@ -0,0 +1,19 @@
+plugins {
+    id "com.gradle.develocity" version "3.17.4"
+}
+
+rootProject.name = "altinn3-tilgang-proxy"
+
+includeBuild "../../plugins/java"
+
+includeBuild "../../libs/security-core"
+includeBuild "../../libs/reactive-core"
+includeBuild "../../libs/reactive-proxy"
+includeBuild "../../libs/servlet-insecure-security"
+
+develocity {
+    buildScan {
+        termsOfUseUrl = "https://gradle.com/terms-of-service"
+        termsOfUseAgree = "yes"
+    }
+}
diff --git a/proxies/altinn3-tilgang-proxy/src/main/java/no/nav/testnav/altinn3tilgangproxy/Altinn3TilgangProxyApplicationStarter.java b/proxies/altinn3-tilgang-proxy/src/main/java/no/nav/testnav/altinn3tilgangproxy/Altinn3TilgangProxyApplicationStarter.java
new file mode 100644
index 00000000000..e31f6c65b21
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/main/java/no/nav/testnav/altinn3tilgangproxy/Altinn3TilgangProxyApplicationStarter.java
@@ -0,0 +1,44 @@
+package no.nav.testnav.altinn3tilgangproxy;
+
+import no.nav.testnav.altinn3tilgangproxy.config.Consumers;
+import no.nav.testnav.libs.reactivecore.config.CoreConfig;
+import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
+import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
+import no.nav.testnav.libs.securitycore.domain.AccessToken;
+import no.nav.testnav.libs.standalone.servletsecurity.config.InsecureJwtServerToServerConfiguration;
+import no.nav.testnav.libs.standalone.servletsecurity.exchange.TokenExchange;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.gateway.route.RouteLocator;
+import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Import;
+
+@Import({
+        CoreConfig.class,
+        SecurityConfig.class,
+        InsecureJwtServerToServerConfiguration.class
+})
+@SpringBootApplication
+public class Altinn3TilgangProxyApplicationStarter {
+
+    public static void main(String[] args) {
+        SpringApplication.run(Altinn3TilgangProxyApplicationStarter.class, args);
+    }
+
+    @Bean
+    public RouteLocator customRouteLocator(RouteLocatorBuilder builder,
+                                           TokenExchange tokenExchange,
+                                           Consumers consumers) {
+
+        return builder
+                .routes()
+                .route(spec -> spec.path("/**")
+                        .filters(filterSpec -> filterSpec
+                                .filter(AddAuthenticationRequestGatewayFilterFactory
+                                        .bearerAuthenticationHeaderFilter(() -> tokenExchange.exchange(consumers.getAltinn3TilgangService())
+                                                .map(AccessToken::getTokenValue))))
+                        .uri(consumers.getAltinn3TilgangService().getUrl()))
+                .build();
+    }
+}
diff --git a/proxies/altinn3-tilgang-proxy/src/main/java/no/nav/testnav/altinn3tilgangproxy/config/Consumers.java b/proxies/altinn3-tilgang-proxy/src/main/java/no/nav/testnav/altinn3tilgangproxy/config/Consumers.java
new file mode 100644
index 00000000000..f35c809fb38
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/main/java/no/nav/testnav/altinn3tilgangproxy/config/Consumers.java
@@ -0,0 +1,28 @@
+package no.nav.testnav.altinn3tilgangproxy.config;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import static lombok.AccessLevel.PACKAGE;
+
+/**
+ * Samler alle placeholders for ulike {@code consumers.*}-konfigurasjon her, dvs. subklasser av {@code ServerProperties}.
+ * <br/><br/>
+ * Husk at Spring Boot bruker <a href="https://docs.spring.io/spring-boot/docs/current/reference/html/features.html#features.external-config.typesafe-configuration-properties.relaxed-binding">relaxed binding</a>
+ * mellom configuration properties og field names.
+ *
+ * @see ServerProperties
+ */
+@Configuration
+@ConfigurationProperties(prefix = "consumers")
+@NoArgsConstructor(access = PACKAGE)
+@Getter
+@Setter(PACKAGE)
+public class Consumers {
+
+    private ServerProperties altinn3TilgangService;
+}
diff --git a/proxies/altinn3-tilgang-proxy/src/main/resources/application-local.yml b/proxies/altinn3-tilgang-proxy/src/main/resources/application-local.yml
new file mode 100644
index 00000000000..72a6b5d092b
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/main/resources/application-local.yml
@@ -0,0 +1,11 @@
+AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id}
+AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret}
+TOKEN_X_ISSUER: dummy
+
+spring:
+  cloud:
+    gcp:
+      secretmanager:
+        enabled: true
+  config:
+    import: "sm://"
diff --git a/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml b/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml
new file mode 100644
index 00000000000..85818a36464
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml
@@ -0,0 +1,38 @@
+AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b
+
+spring:
+  application:
+    name: testnav-altinn3-tilgang-proxy
+    desciption: Proxy for altinn3-tilgang som legger på Entra ID token sikkerhet
+  security:
+    oauth2:
+      resourceserver:
+        aad:
+          issuer-uri: ${AAD_ISSUER_URI}/v2.0
+          jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
+          accepted-audience:  ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
+        tokenx:
+          issuer-uri: ${TOKEN_X_ISSUER} 
+          jwk-set-uri: ${TOKEN_X_JWKS_URI}
+          accepted-audience: ${TOKEN_X_CLIENT_ID}
+  cloud:
+    gateway:
+      httpclient:
+        response-timeout: 1200s
+    gcp:
+      secretmanager:
+        enabled: false
+
+server:
+  servlet:
+    encoding:
+      charset: UTF-8
+  error:
+    include-message: always
+
+consumers:
+  altinn3-tilgang-service:
+    url: https://testnav-altinn3-tilgang-service.nav.no
+    cluster: prod-gcp
+    name: testnav-altinn3-tilgang-service-prod
+    namespace: dolly
\ No newline at end of file
diff --git a/proxies/altinn3-tilgang-proxy/src/main/resources/logback-spring.xml b/proxies/altinn3-tilgang-proxy/src/main/resources/logback-spring.xml
new file mode 100644
index 00000000000..f4aa8827aa1
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/main/resources/logback-spring.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <springProfile name="prod">
+        <appender name="stdout_json" class="ch.qos.logback.core.ConsoleAppender">
+            <encoder class="no.nav.testnav.libs.reactivecore.logging.TestnavLogbackEncoder">
+                <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter">
+                    <rootCauseFirst>true</rootCauseFirst>
+                    
+                    <maxLength>10280</maxLength>
+                    <shortenedClassNameLength>20</shortenedClassNameLength>
+                    <exclude>^sun\.reflect\..*\.invoke</exclude>
+                    <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude>
+                    <exclude>java\.util\.concurrent\..*</exclude>
+                    <exclude>org\.apache\.catalina\..*</exclude>
+                    <exclude>org\.apache\.coyote\..*</exclude>
+                    <exclude>org\.apache\.tomcat\..*</exclude>
+                </throwableConverter>
+            </encoder>
+        </appender>
+        <root level="INFO">
+            <appender-ref ref="stdout_json"/>
+        </root>
+    </springProfile>
+
+    <springProfile name="local">
+        <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+            <encoder>
+                <pattern>
+                    %d{HH:mm:ss.SSS} | %5p | %logger{25} | %m%n
+                </pattern>
+                <charset>utf8</charset>
+            </encoder>
+        </appender>
+        <root level="INFO">
+            <appender-ref ref="CONSOLE"/>
+        </root>
+    </springProfile>
+
+    <logger level="TRACE" name="no.nav.testnav.libs.servletcore.logging.LogRequestInterceptor"/>
+</configuration>
\ No newline at end of file
diff --git a/proxies/altinn3-tilgang-proxy/src/test/java/no/nav/testnav/altinn3tilgangproxy/ApplicationContextTest.java b/proxies/altinn3-tilgang-proxy/src/test/java/no/nav/testnav/altinn3tilgangproxy/ApplicationContextTest.java
new file mode 100644
index 00000000000..e630af4e0f0
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/test/java/no/nav/testnav/altinn3tilgangproxy/ApplicationContextTest.java
@@ -0,0 +1,24 @@
+package no.nav.testnav.altinn3tilgangproxy;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.test.context.ActiveProfiles;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+@SpringBootTest
+@ActiveProfiles("test")
+class ApplicationContextTest {
+
+    @MockBean
+    @SuppressWarnings("unused")
+    private JwtDecoder jwtDecoder;
+
+    @Test
+    void load_app_context() {
+        assertThat(true).isTrue();
+    }
+
+}
diff --git a/proxies/altinn3-tilgang-proxy/src/test/resources/application-test.yml b/proxies/altinn3-tilgang-proxy/src/test/resources/application-test.yml
new file mode 100644
index 00000000000..f05debbd219
--- /dev/null
+++ b/proxies/altinn3-tilgang-proxy/src/test/resources/application-test.yml
@@ -0,0 +1 @@
+TOKEN_X_ISSUER: dummy
\ No newline at end of file