diff --git a/roles/cmp-rdbms/vars/database.yml b/roles/cmp-rdbms/vars/database.yml
index f2f5d3ad..8f409b59 100644
--- a/roles/cmp-rdbms/vars/database.yml
+++ b/roles/cmp-rdbms/vars/database.yml
@@ -1,8 +1,8 @@
 database_instance:  "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else database_application_id }}"
 database_host:      "{{ applications[ 'svc-db-' ~ database_type ].hostname if applications | is_feature_enabled('central_database',database_application_id) else 'database' }}"
-database_name:      "{{ applications[ database_application_id ].database.name | default( database_application_id ) }}"      # The overwritte configuration is needed by bigbluebutton
-database_username:  "{{ applications[ database_application_id ].database.username | default( database_application_id )}}"   # The overwritte configuration is needed by bigbluebutton
-database_password:  "{{ applications[ database_application_id ].credentials.database_password }}"
+database_name:      "{{ applications | get_app_conf(database_application_id, 'database.name', False) | default( database_application_id ) }}"      # The overwritte configuration is needed by bigbluebutton
+database_username:  "{{ applications | get_app_conf(database_application_id, 'database.username', False) | default( database_application_id )}}"   # The overwritte configuration is needed by bigbluebutton
+database_password:  "{{ applications | get_app_conf(database_application_id, 'credentials.database_password', true) }}"
 database_port:      "{{ applications[ 'svc-db-' ~ database_type ].port }}"
 database_env:       "{{docker_compose.directories.env}}{{database_type}}.env"
 database_url_jdbc:  "jdbc:{{ database_type if database_type == 'mariadb' else 'postgresql' }}://{{ database_host }}:{{ database_port }}/{{ database_name }}"
diff --git a/roles/web-app-akaunting/vars/main.yml b/roles/web-app-akaunting/vars/main.yml
index 4b48ed08..6dd90f2a 100644
--- a/roles/web-app-akaunting/vars/main.yml
+++ b/roles/web-app-akaunting/vars/main.yml
@@ -1,4 +1,4 @@
 application_id:             "akaunting"
 database_type:              "mariadb"
-database_password:          "{{ applications[application_id]].credentials.database_password }}"
+database_password:          "applications | get_app_conf(application_id, 'credentials.database_password', True)"
 docker_repository_address:  "https://github.com/akaunting/docker.git"
diff --git a/roles/web-app-keycloak/templates/import/realm.json.j2 b/roles/web-app-keycloak/templates/import/realm.json.j2
index cc5f89bf..1b9aa861 100644
--- a/roles/web-app-keycloak/templates/import/realm.json.j2
+++ b/roles/web-app-keycloak/templates/import/realm.json.j2
@@ -834,8 +834,8 @@
       "clientAuthenticatorType": "desktop-secret",
       "secret": "{{oidc.client.secret}}",
       {%- set redirect_uris = [] %}
-      {%- for application, domain in domains.items() %}
-        {%- if applications[application] is defined and (applications | is_feature_enabled('oauth2',application) or applications | is_feature_enabled('oidc',application_id)) %}
+      {%- for application_id, domain in domains.items() %}
+        {%- if applications | get_app_conf(application_id, 'features.oauth2', False) or applications | get_app_conf(application_id, 'features.oidc', False) %}
           {%- if domain is string %}
             {%- set _ = redirect_uris.append(web_protocol ~ '://' ~ domain ~ '/*') %}
           {%- else %}
diff --git a/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2 b/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
index c19eeaf0..9f55d692 100644
--- a/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
+++ b/roles/web-app-oauth2-proxy/templates/oauth2-proxy-keycloak.cfg.j2
@@ -1,7 +1,7 @@
 http_address            =   "0.0.0.0:4180"
-cookie_secret           =   "{{ applications[oauth2_proxy_application_id].credentials.oauth2_proxy_cookie_secret }}"
+cookie_secret           =   "{{ applications | get_app_conf(oauth2_proxy_application_id, 'credentials.oauth2_proxy_cookie_secret', True) }}"
 cookie_secure           =   "true"                                                                                                                                                  # True is necessary to force the cookie set via https
-upstreams               =   "http://{{ applications[oauth2_proxy_application_id].oauth2_proxy.application }}:{{ applications[oauth2_proxy_application_id].oauth2_proxy.port }}"
+upstreams               =   "http://{{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.application', True) }}:{{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.application', True) }}"
 cookie_domains          =   ["{{ domains | get_domain(oauth2_proxy_application_id) }}", "{{ domains | get_domain('keycloak') }}"]                                                   # Required so cookie can be read on all subdomains.
 whitelist_domains       =   [".{{ primary_domain }}"]                                                                                                                               # Required to allow redirection back to original requested target.
 
@@ -13,11 +13,11 @@ oidc_issuer_url         =   "{{ oidc.client.issuer_url }}"
 provider                =   "oidc"
 provider_display_name   =   "{{ oidc.button_text }}"
 
-{% if applications[oauth2_proxy_application_id].oauth2_proxy.allowed_groups is defined %}
+{% if applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.allowed_groups', True) is defined %}
 {# role based restrictions #}
 scope                   =   "openid email profile {{ oidc.claims.groups }}"
 oidc_groups_claim       =   "{{ oidc.claims.groups }}"
-allowed_groups          =   {{ applications[oauth2_proxy_application_id].oauth2_proxy.allowed_groups | tojson }}
+allowed_groups          =   {{ applications | get_app_conf(oauth2_proxy_application_id, 'oauth2_proxy.allowed_groups', True) | tojson }}
 email_domains           =   ["*"]
 {% else %}
 email_domains           =   "{{ primary_domain }}"