diff --git a/README.md b/README.md
index 66f982532..7d417853c 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@
 
 On macOS, these can be installed with [brew](https://docs.brew.sh/Installation)
 
-`brew install buf grpcurl goose`
+`brew install buf grpcurl goose softhsm`
 
 ### Run
 
diff --git a/example-opentdf.yaml b/example-opentdf.yaml
index ff494e672..9e0a29785 100644
--- a/example-opentdf.yaml
+++ b/example-opentdf.yaml
@@ -9,6 +9,8 @@ logger:
 #   user: postgres
 #   password: changeme
 services:
+  kas:
+    enabled: true
   policy:
     enabled: true
   entitlements:
diff --git a/no-kas-opentdf.yaml b/no-kas-opentdf.yaml
new file mode 100644
index 000000000..3e7542706
--- /dev/null
+++ b/no-kas-opentdf.yaml
@@ -0,0 +1,57 @@
+logger:
+  level: debug
+  type: text
+  output: stdout
+# DB and Server confgurations are defaulted for local development
+# db:
+#   host: localhost
+#   port: 5432
+#   user: postgres
+#   password: changeme
+services:
+  kas:
+    enabled: false
+  policy:
+    enabled: true
+  entitlements:
+    providers:
+      # - type: keycloak
+      #   name: gcp
+      #   keycloak:
+      #     host: "https://keycloak.example.com/auth"
+      #     realm: "test"
+      #     clientId: "test"
+      #     clientSecret:
+      #       fromEnv: "KEYCLOAK_CLIENT_SECRET"
+
+      - type: ldap
+        name: ad-1
+        ldap:
+          baseDN: "dc=dev,dc=example,dc=com"
+          host: ""
+          port: 389
+          bindUsername: ""
+          bindPassword:
+            fromEnv: "LDAP_BIND_PASSWORD"
+          attributeFilters:
+            exclude:
+              - "objectSid"
+              - "objectGUID"
+              - "msExchMailboxGuid"
+              - "msExchMailboxSecurityDescriptor"
+server:
+  auth:
+    enabled: false
+    audience: "http://localhost:9000"
+    issuer: http://localhost:8888/auth/realms/opentdf
+    clients:
+      - "opentdf"
+  grpc:
+    port: 9000
+    reflectionEnabled: true # Default is false
+  hsm:
+    enabled: false
+  http:
+    port: 8080
+opa:
+  embedded: true # Only for local development
diff --git a/services/kas/kas.go b/services/kas/kas.go
index 07ffaf43e..311987ccd 100644
--- a/services/kas/kas.go
+++ b/services/kas/kas.go
@@ -49,7 +49,7 @@ func (s *KasService) initProvider() error {
 
 func NewRegistration() serviceregistry.Registration {
 	return serviceregistry.Registration{
-		Namespace:   "policy",
+		Namespace:   "kas",
 		ServiceDesc: &kaspb.AccessService_ServiceDesc,
 		RegisterFunc: func(srp serviceregistry.RegistrationParams) (any, serviceregistry.HandlerServer) {
 			k := KasService{o: srp.OTDF}