diff --git a/app/commands.py b/app/commands.py
index f3779d0692..4d27e673dc 100644
--- a/app/commands.py
+++ b/app/commands.py
@@ -845,6 +845,7 @@ def functional_test_fixtures():
         SQLALCHEMY_DATABASE_URI
         REDIS_URL
         SECRET_KEY
+        TOKEN_SECRET_KEY
         INTERNAL_CLIENT_API_KEYS
         ADMIN_BASE_URL
         API_HOST_NAME
diff --git a/app/config.py b/app/config.py
index 2672b514ca..3f5315d17f 100644
--- a/app/config.py
+++ b/app/config.py
@@ -108,6 +108,7 @@ class Config:
 
     # encyption secret/salt
     SECRET_KEY = os.getenv("SECRET_KEY")
+    TOKEN_SECRET_KEY = os.getenv("TOKEN_SECRET_KEY")
     DANGEROUS_SALT = os.getenv("DANGEROUS_SALT")
 
     # DB conection string
@@ -614,6 +615,7 @@ class Development(Config):
     }
 
     SECRET_KEY = "dev-notify-secret-key"
+    TOKEN_SECRET_KEY = "5YNWU0e_pN5ZyaSZvBd5uZb_sZlrVDFeOjiea6dq4zQ="
     DANGEROUS_SALT = "dev-notify-salt"
 
     MMG_INBOUND_SMS_AUTH = ["testkey"]
diff --git a/app/one_click_unsubscribe/rest.py b/app/one_click_unsubscribe/rest.py
index 5c0197ff2b..0b77641ad2 100644
--- a/app/one_click_unsubscribe/rest.py
+++ b/app/one_click_unsubscribe/rest.py
@@ -27,7 +27,11 @@ def one_click_unsubscribe(notification_id, token):
 
     try:
         email_address = check_token(
-            token, current_app.config["SECRET_KEY"], current_app.config["DANGEROUS_SALT"], max_age_seconds
+            token,
+            current_app.config["SECRET_KEY"],
+            current_app.config["DANGEROUS_SALT"],
+            max_age_seconds,
+            current_app.config["TOKEN_SECRET_KEY"],
         )
     except BadData as e:
         errors = {"unsubscribe request": "This is not a valid unsubscribe link."}
diff --git a/app/organisation/invite_rest.py b/app/organisation/invite_rest.py
index 0b2200e9ef..ce3d620320 100644
--- a/app/organisation/invite_rest.py
+++ b/app/organisation/invite_rest.py
@@ -126,7 +126,11 @@ def validate_invitation_token(token):
 
     try:
         invited_user_id = check_token(
-            token, current_app.config["SECRET_KEY"], current_app.config["DANGEROUS_SALT"], max_age_seconds
+            token,
+            current_app.config["SECRET_KEY"],
+            current_app.config["DANGEROUS_SALT"],
+            max_age_seconds,
+            current_app.config["TOKEN_SECRET_KEY"],
         )
     except SignatureExpired as e:
         errors = {
diff --git a/app/service_invite/rest.py b/app/service_invite/rest.py
index 7f331f3f15..920f6b0127 100644
--- a/app/service_invite/rest.py
+++ b/app/service_invite/rest.py
@@ -105,7 +105,11 @@ def validate_service_invitation_token(token):
 
     try:
         invited_user_id = check_token(
-            token, current_app.config["SECRET_KEY"], current_app.config["DANGEROUS_SALT"], max_age_seconds
+            token,
+            current_app.config["SECRET_KEY"],
+            current_app.config["DANGEROUS_SALT"],
+            max_age_seconds,
+            current_app.config["TOKEN_SECRET_KEY"],
         )
     except SignatureExpired as e:
         errors = {
diff --git a/entrypoint.sh b/entrypoint.sh
index 9b4ad147e4..a1a61c2ebe 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -39,12 +39,6 @@ case "$1" in
   api-worker-jobs-save-documents)
     exec $COMMON_CMD database-tasks-documents
     ;;
-  api-worker-jobs-save)
-    exec $COMMON_CMD database-tasks,job-tasks
-    ;;
-  api-worker-jobs-save-documents)
-    exec $COMMON_CMD database-tasks,job-tasks
-    ;;
   api-worker-research)
     exec $COMMON_CMD research-mode-tasks
     ;;
diff --git a/requirements.in b/requirements.in
index 3a7bb73d48..ba91d24147 100644
--- a/requirements.in
+++ b/requirements.in
@@ -7,7 +7,7 @@ kombu @ git+https://github.com/celery/kombu.git@860e40a6c904c4d8551577d9f4e8c00f
 
 Flask-Bcrypt~=1.0
 flask-marshmallow~=1.4
-Flask-Migrate~=3.1
+Flask-Migrate~=4.1
 flask-sqlalchemy~=3.1
 click-datetime~=0.2
 gunicorn[eventlet]~=25.1
diff --git a/requirements.txt b/requirements.txt
index d700083b00..7f0883971d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -86,7 +86,7 @@ flask-bcrypt==1.0.1
     # via -r requirements.in
 flask-marshmallow==1.4.0
     # via -r requirements.in
-flask-migrate==3.1.0
+flask-migrate==4.1.0
     # via -r requirements.in
 flask-redis==0.4.0
     # via notifications-utils
diff --git a/requirements_for_test.txt b/requirements_for_test.txt
index 4683a34cef..c8bdce16b8 100644
--- a/requirements_for_test.txt
+++ b/requirements_for_test.txt
@@ -131,7 +131,7 @@ flask-bcrypt==1.0.1
     # via -r requirements.txt
 flask-marshmallow==1.4.0
     # via -r requirements.txt
-flask-migrate==3.1.0
+flask-migrate==4.1.0
     # via -r requirements.txt
 flask-redis==0.4.0
     # via