diff --git a/.goreleaser.yml b/.goreleaser.yml
index 8836ae525..3f911bdad 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -65,9 +65,8 @@ dockers:
     image_templates:
       - "ghcr.io/chainloop-dev/chainloop/control-plane:{{ .Tag }}"
       - "ghcr.io/chainloop-dev/chainloop/control-plane:latest"
+  # Container image meant to perform migrations on the database at deployment time
   - dockerfile: app/controlplane/Dockerfile.migrations
-    ids:
-      - control-plane
     extra_files:
       - app/controlplane/internal/data/ent/migrate/migrations
     image_templates:
diff --git a/deployment/chainloop/Chart.yaml b/deployment/chainloop/Chart.yaml
index 08101e301..70798458e 100644
--- a/deployment/chainloop/Chart.yaml
+++ b/deployment/chainloop/Chart.yaml
@@ -4,9 +4,9 @@ description: Chainloop is an open source software supply chain control plane, a
 
 type: application
 # Bump the patch (not minor, not major) version on each change in the Chart Source code
-version: 1.7.0
+version: 1.8.0
 # Do not update appVersion, this is handled automatically by the release process
-appVersion: v0.12.0
+appVersion: v0.13.0
 
 dependencies:
   - name: common
diff --git a/deployment/chainloop/templates/_helpers.tpl b/deployment/chainloop/templates/_helpers.tpl
index 542621ee9..0f19a00ee 100644
--- a/deployment/chainloop/templates/_helpers.tpl
+++ b/deployment/chainloop/templates/_helpers.tpl
@@ -126,8 +126,8 @@ Chainloop Controlplane Chart fullname
 {{- define "chainloop.controlplane.name" -}}
 {{- printf "%s-%s" (include "common.names.name" .) "controlplane" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
-{{/*
 
+{{/*
 Common labels
 */}}
 {{- define "chainloop.controlplane.labels" -}}
@@ -136,6 +136,15 @@ app.kubernetes.io/part-of: chainloop
 app.kubernetes.io/component: controlplane
 {{- end }}
 
+{{/*
+Migration labels
+*/}}
+{{- define "chainloop.controlplane.migration.labels" -}}
+{{- include "common.labels.standard" . }}
+app.kubernetes.io/part-of: chainloop
+app.kubernetes.io/component: controlplane-migration
+{{- end }}
+
 {{/*
 Selector labels
 */}}
@@ -162,6 +171,13 @@ Return the Postgresql connection string
 {{- printf "postgresql://%s:%s@%s:%s/%s" (include "controlplane.database.user" .) (include "controlplane.database.escapedPassword" .) (include "controlplane.database.host" .) (include "controlplane.database.port" .) (include "controlplane.database.name" .) }}
 {{- end -}}
 
+{{/*
+Return the Postgresql connection string for Atlas migration
+*/}}
+{{- define "controlplane.database.atlas_connection_string" -}}
+{{- printf "postgres://%s:%s@%s:%s/%s?sslmode=disable" (include "controlplane.database.user" .) (include "controlplane.database.escapedPassword" .) (include "controlplane.database.host" .) (include "controlplane.database.port" .) (include "controlplane.database.name" .) }}
+{{- end -}}
+
 {{/*
 Return the Postgresql hostname
 */}}
diff --git a/deployment/chainloop/templates/controlplane/migrate-job.yaml b/deployment/chainloop/templates/controlplane/migrate-job.yaml
new file mode 100644
index 000000000..35a2b932c
--- /dev/null
+++ b/deployment/chainloop/templates/controlplane/migrate-job.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "chainloop.controlplane.fullname" . }}-migrate
+  labels:
+    {{- include "chainloop.controlplane.migration.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+spec:
+  template:
+    metadata:
+      labels:
+        {{- include "chainloop.controlplane.migration.labels" . | nindent 8 }}
+    spec:
+      {{- with .Values.controlplane.image.pullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: OnFailure
+      serviceAccountName: {{ include "controlplane.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }}
+      containers:
+        - name: migrate
+          image: "{{ .Values.controlplane.migration.image.repository }}:{{ .Values.controlplane.migration.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }}
+          args:
+            - migrate
+            - apply
+            - --url
+            - "{{include "controlplane.database.atlas_connection_string" . }}"
+            - --dir
+            - file:///migrations
\ No newline at end of file
diff --git a/deployment/chainloop/values.yaml b/deployment/chainloop/values.yaml
index 460e8db20..d31957e87 100644
--- a/deployment/chainloop/values.yaml
+++ b/deployment/chainloop/values.yaml
@@ -96,6 +96,14 @@ controlplane:
     # Overrides the image tag whose default is the chart appVersion.
     # tag: latest
 
+  # Database migration
+  ## @skip controlplane.migration
+  migration:
+    image:
+      repository: ghcr.io/chainloop-dev/chainloop/control-plane-migrations
+      # Overrides the image tag whose default is the chart appVersion.
+    # tag: latest
+
   ## @skip controlplane.serviceAccount
   serviceAccount:
     # Specifies whether a service account should be created