diff --git a/.secrets.baseline b/.secrets.baseline
index 19dbad25..ccf9bcfc 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-06-10T00:32:33Z",
+  "generated_at": "2023-07-20T09:57:54Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/catalogValidationValues.json.template b/catalogValidationValues.json.template
deleted file mode 100644
index f89a1d5b..00000000
--- a/catalogValidationValues.json.template
+++ /dev/null
@@ -1 +0,0 @@
-{"ibmcloud_api_key": $VALIDATION_APIKEY, "resource_group": $RG_NAME, "resource_tags": $TAGS, "prefix": $PREFIX}
diff --git a/main.tf b/main.tf
index 9eed7ec9..2b839369 100644
--- a/main.tf
+++ b/main.tf
@@ -74,7 +74,7 @@ locals {
 ##############################################################################
 
 resource "ibm_iam_authorization_policy" "block_storage_policy" {
-  count               = var.skip_iam_authorization_policy ? 0 : 1
+  count               = var.kms_encryption_enabled == false || var.skip_iam_authorization_policy ? 0 : 1
   source_service_name = "server-protect"
   # commented the following as policy is not working as expected with this option. Related support case - https://cloud.ibm.com/unifiedsupport/cases?number=CS3419700
   #  source_resource_group_id    = var.resource_group_id
diff --git a/module-metadata.json b/module-metadata.json
index 8ae9328e..7ff74146 100644
--- a/module-metadata.json
+++ b/module-metadata.json
@@ -112,6 +112,9 @@
       "type": "bool",
       "description": "Set this to true to control the encryption keys used to encrypt the data that for the block storage volumes for VPC. If set to false, the data is encrypted by using randomly generated keys. For more info on encrypting block storage volumes, see https://cloud.ibm.com/docs/vpc?topic=vpc-creating-instances-byok",
       "default": false,
+      "source": [
+        "ibm_iam_authorization_policy.block_storage_policy.count"
+      ],
       "pos": {
         "filename": "variables.tf",
         "line": 194
@@ -254,9 +257,6 @@
       "type": "bool",
       "description": "Set to true to skip the creation of an IAM authorization policy that permits all Storage Blocks to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid variable. In addition, no policy is created if var.kms_encryption_enabled is set to false.",
       "default": false,
-      "source": [
-        "ibm_iam_authorization_policy.block_storage_policy.count"
-      ],
       "pos": {
         "filename": "variables.tf",
         "line": 200
@@ -425,7 +425,7 @@
       "type": "ibm_iam_authorization_policy",
       "name": "block_storage_policy",
       "attributes": {
-        "count": "skip_iam_authorization_policy",
+        "count": "kms_encryption_enabled",
         "target_resource_instance_id": "existing_kms_instance_guid"
       },
       "provider": {