diff --git a/caf_solution/add-ons/aks_applications/app/module.tf b/caf_solution/add-ons/aks_applications/app/module.tf
index 0870bfdd4..2e6aa1193 100644
--- a/caf_solution/add-ons/aks_applications/app/module.tf
+++ b/caf_solution/add-ons/aks_applications/app/module.tf
@@ -8,21 +8,42 @@ resource "kubernetes_namespace" "namespaces" {
 
 }
 
+# https://docs.microsoft.com/en-us/azure/container-registry/container-registry-helm-repos#authenticate-with-the-registry
+data "external" "password" {
+  for_each = {
+    for key, value in var.helm_charts : key => value
+    if try(value.azure_container_registry, null) != null
+  }
+
+  program = [
+    "bash", "-cx",
+    format(
+      "az acr login --name %s --expose-token --output json --query '{value: accessToken}'",
+      var.azure_container_registries[each.value.azure_container_registry.lz_key][each.value.azure_container_registry.key].name
+    )
+  ]
+}
+
 # https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release
 resource "helm_release" "charts" {
   for_each = var.helm_charts
 
-  name       = each.value.name
-  repository = each.value.repository
-  chart      = each.value.chart
-
-  namespace        = each.value.namespace
-  wait             = try(each.value.wait, true)
-  timeout          = try(each.value.timeout, 900)
-  skip_crds        = try(each.value.skip_crds, false)
-  create_namespace = try(each.value.create_namespace, false)
-  values           = try(each.value.values, null)
-  version          = try(each.value.version, null)
+  name                = each.value.name
+  chart               = each.value.chart
+  namespace           = each.value.namespace
+  wait                = try(each.value.wait, true)
+  timeout             = try(each.value.timeout, 900)
+  skip_crds           = try(each.value.skip_crds, false)
+  create_namespace    = try(each.value.create_namespace, false)
+  values              = try(each.value.values, null)
+  version             = try(each.value.version, null)
+  repository_username = try(each.value.azure_container_registry.username, null)
+  repository_password = try(data.external.password[each.key].result.value, null)
+  repository = try(
+    each.value.repository,
+    format("oci://%s", var.azure_container_registries[each.value.azure_container_registry.lz_key][each.value.azure_container_registry.key].login_server),
+    null
+  )
 
   dynamic "set" {
     for_each = try(each.value.sets, {})
diff --git a/caf_solution/add-ons/aks_applications/app/variables.tf b/caf_solution/add-ons/aks_applications/app/variables.tf
index cb3a56bfc..7998a3c51 100644
--- a/caf_solution/add-ons/aks_applications/app/variables.tf
+++ b/caf_solution/add-ons/aks_applications/app/variables.tf
@@ -9,3 +9,7 @@ variable "helm_charts" {
 variable "kuztomization_settings" {
   default = {}
 }
+
+variable "azure_container_registries" {
+  default = {}
+}
diff --git a/caf_solution/add-ons/aks_applications/applications.tf b/caf_solution/add-ons/aks_applications/applications.tf
index feda157c5..f82f1a573 100644
--- a/caf_solution/add-ons/aks_applications/applications.tf
+++ b/caf_solution/add-ons/aks_applications/applications.tf
@@ -1,5 +1,6 @@
 module "app" {
-  source      = "./app"
-  namespaces  = var.namespaces
-  helm_charts = var.helm_charts
+  source                     = "./app"
+  namespaces                 = var.namespaces
+  helm_charts                = var.helm_charts
+  azure_container_registries = local.remote.azure_container_registries
 }
diff --git a/caf_solution/add-ons/aks_applications/locals.remote_tfstates.tf b/caf_solution/add-ons/aks_applications/locals.remote_tfstates.tf
index 5e2d3d93d..262a139ef 100644
--- a/caf_solution/add-ons/aks_applications/locals.remote_tfstates.tf
+++ b/caf_solution/add-ons/aks_applications/locals.remote_tfstates.tf
@@ -56,6 +56,9 @@ locals {
     vnets = {
       for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].vnets, {}))
     }
+    azure_container_registries = {
+      for key, value in try(var.landingzone.tfstates, {}) : key => merge(try(data.terraform_remote_state.remote[key].outputs.objects[key].azure_container_registries, {}))
+    }
   }
 
-}
\ No newline at end of file
+}
diff --git a/caf_solution/add-ons/aks_applications/main.tf b/caf_solution/add-ons/aks_applications/main.tf
index 6b7201fb4..22c7841d0 100644
--- a/caf_solution/add-ons/aks_applications/main.tf
+++ b/caf_solution/add-ons/aks_applications/main.tf
@@ -10,7 +10,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "~> 2.1.2"
+      version = "~> 2.5.0"
     }
     kustomization = {
       source  = "kbst/kustomization"
@@ -18,4 +18,4 @@ terraform {
     }
   }
   required_version = ">= 0.13"
-}
\ No newline at end of file
+}