diff --git a/go.mod b/go.mod
index ad95b3d9e..0a08bb56a 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/mandelsoft/vfs v0.4.0
 	github.com/onsi/ginkgo/v2 v2.15.0
 	github.com/onsi/gomega v1.31.1
-	github.com/open-component-model/ocm v0.4.0
+	github.com/open-component-model/ocm v0.6.0
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0-rc6
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
@@ -178,6 +178,7 @@ require (
 	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/go-openapi/validate v0.22.3 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/go-test/deep v1.1.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
@@ -208,7 +209,10 @@ require (
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hashicorp/vault-client-go v0.4.2 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/iancoleman/orderedmap v0.2.0 // indirect
 	github.com/iancoleman/strcase v0.2.0 // indirect
@@ -284,6 +288,7 @@ require (
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/rubenv/sql-migrate v1.5.2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 18114582b..c4fc2f07b 100644
--- a/go.sum
+++ b/go.sum
@@ -128,6 +128,10 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/ClickHouse/clickhouse-go v1.4.3/go.mod h1:EaI/sW7Azgz9UATzd5ZdZHRUhHgv5+JMS9NSr2smCJI=
 github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
+github.com/DataDog/gostackparse v0.7.0 h1:i7dLkXHvYzHV308hnkvVGDL3BR4FWl7IsXNPz/IGQh4=
+github.com/DataDog/gostackparse v0.7.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZMfWR0aitKFMM=
+github.com/InfiniteLoopSpace/go_S-MIME v0.0.0-20181221134359-3f58f9a4b2b6 h1:TkEaE2dfSBN9onWsQ1pC9EVMmVDJqkYWNUwS6+EYxlM=
+github.com/InfiniteLoopSpace/go_S-MIME v0.0.0-20181221134359-3f58f9a4b2b6/go.mod h1:yhh4MGRGdTpTET5RhSJx4XNCEkJljP3k8MxTTB3joQA=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
@@ -1139,6 +1143,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/hashicorp/vault-client-go v0.4.2 h1:XeUXb5jnDuCUhC8HRpkdGPLh1XtzXmiOnF0mXEbARxI=
+github.com/hashicorp/vault-client-go v0.4.2/go.mod h1:4tDw7Uhq5XOxS1fO+oMtotHL7j4sB9cp0T7U6m4FzDY=
 github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
 github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
@@ -1531,8 +1537,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/open-component-model/ocm v0.4.0 h1:S+rPJGoDnSvxhBn3QS2HXURxugTjCM4XWEJLZSaH6Ek=
-github.com/open-component-model/ocm v0.4.0/go.mod h1:7RAqaUMmA4BlwW5ZEUBm8amWIb1TL9FhNigNXQ6wiu0=
+github.com/open-component-model/ocm v0.6.0 h1:R8TQthzSddiU5i/NEJv5EziSSSqO9FAnO7WhqOcUEXA=
+github.com/open-component-model/ocm v0.6.0/go.mod h1:rqMOD7puXAcLb7YMG2Zt2KH0vfBL/yhn9+uO6e0wLJg=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
diff --git a/pkg/module/blob/blob.go b/pkg/module/blob/blob.go
index 253a2e5fe..ecaf6e114 100644
--- a/pkg/module/blob/blob.go
+++ b/pkg/module/blob/blob.go
@@ -64,6 +64,10 @@ func (o *Output) Digest() digest.Digest {
 	return digest.FromString(o.digest)
 }
 
+func (o *Output) Dup() (accessio.BlobAccess, error) {
+	return o, nil
+}
+
 type InputType string
 
 const (
diff --git a/pkg/module/oci_repo.go b/pkg/module/oci_repo.go
index 035eef614..f500c65d5 100644
--- a/pkg/module/oci_repo.go
+++ b/pkg/module/oci_repo.go
@@ -2,6 +2,7 @@ package module
 
 import (
 	"fmt"
+	"reflect"
 
 	"github.com/open-component-model/ocm/pkg/common"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm"
@@ -25,14 +26,14 @@ type OciRepoAccess interface {
 type OciRepo struct{}
 
 func (r *OciRepo) ComponentVersionExists(archive *comparch.ComponentArchive, repo cpi.Repository) (bool, error) {
-	return repo.ExistsComponentVersion(archive.ComponentVersionAccess.GetName(),
-		archive.ComponentVersionAccess.GetVersion())
+	return repo.ExistsComponentVersion(archive.GetName(),
+		archive.GetVersion())
 }
 
 func (r *OciRepo) GetComponentVersion(archive *comparch.ComponentArchive,
 	repo cpi.Repository) (ocm.ComponentVersionAccess, error) {
-	return repo.LookupComponentVersion(archive.ComponentVersionAccess.GetName(),
-		archive.ComponentVersionAccess.GetVersion())
+	return repo.LookupComponentVersion(archive.GetName(),
+		archive.GetVersion())
 }
 
 func (r *OciRepo) PushComponentVersion(archive *comparch.ComponentArchive, repo cpi.Repository, overwrite bool) error {
@@ -42,7 +43,7 @@ func (r *OciRepo) PushComponentVersion(archive *comparch.ComponentArchive, repo
 	}
 
 	if err = transfer.TransferVersion(
-		common.NewLoggingPrinter(archive.GetContext().Logger()), nil, archive.ComponentVersionAccess, repo,
+		common.NewLoggingPrinter(archive.GetContext().Logger()), nil, archive, repo,
 		&customTransferHandler{transferHandler},
 	); err != nil {
 		return fmt.Errorf("could not finish component transfer: %w", err)
@@ -63,7 +64,8 @@ func (r *OciRepo) DescriptorResourcesAreEquivalent(archive *comparch.ComponentAr
 		localResourcesMap[res.Name] = res
 	}
 
-	for _, res := range remoteResources {
+	for i := range remoteResources {
+		res := remoteResources[i]
 		localResource := localResourcesMap[res.Name]
 		if res.Name == RawManifestLayerName {
 			remoteAccess, ok := res.Access.(*runtime.UnstructuredVersionedTypedObject)
@@ -88,10 +90,36 @@ func (r *OciRepo) DescriptorResourcesAreEquivalent(archive *comparch.ComponentAr
 			if remoteAccessLocalReference[7:] != localAccessObject.LocalReference[7:] {
 				return false
 			}
-		} else if !res.IsEquivalent(&localResource) {
+		} else if !isEquivalent(&res, &localResource) {
 			return false
 		}
 	}
 
 	return true
 }
+
+func isEquivalent(r *compdesc.Resource, e compdesc.ElementMetaAccessor) bool {
+	// Paranoid sanity checks
+	if r == nil && e == nil {
+		return true
+	}
+	if r == nil && e != nil || r != nil && e == nil {
+		return false
+	}
+
+	// Taken from OCM@v0.4.0 because the implementation in v0.6.0 looks flawed
+	o, ok := e.(*compdesc.Resource)
+	if !ok {
+		return false
+	}
+	if !reflect.DeepEqual(&r.ElementMeta, &o.ElementMeta) {
+		return false
+	}
+	if !reflect.DeepEqual(&r.Access, &o.Access) {
+		return false
+	}
+	return r.Type == o.Type &&
+		r.Relation == o.Relation &&
+		reflect.DeepEqual(r.SourceRef, o.SourceRef)
+
+}
diff --git a/pkg/module/remote.go b/pkg/module/remote.go
index 01e9642b1..9d5495a68 100644
--- a/pkg/module/remote.go
+++ b/pkg/module/remote.go
@@ -141,7 +141,7 @@ func (r *Remote) ShouldPushArchive(repo cpi.Repository, archive *comparch.Compon
 			}
 			return false, fmt.Errorf("version %s already exists with different content, please use "+
 				"--module-archive-version-overwrite flag to overwrite it",
-				archive.ComponentVersionAccess.GetVersion())
+				archive.GetVersion())
 		}
 	}
 
diff --git a/pkg/module/resources.go b/pkg/module/resources.go
index bca41faf6..635d2f3f5 100644
--- a/pkg/module/resources.go
+++ b/pkg/module/resources.go
@@ -14,6 +14,7 @@ import (
 	"github.com/open-component-model/ocm/pkg/common/accessobj"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc"
 	ocmv1 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm/cpi"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/comparch"
 	"github.com/pkg/errors"
 	"go.uber.org/zap"
@@ -117,7 +118,7 @@ func addBlob(fs vfs.FileSystem, archive *comparch.ComponentArchive, resource *Re
 		return err
 	}
 
-	return archive.SetResource(&resource.ResourceMeta, blobAccess)
+	return archive.SetResource(&resource.ResourceMeta, blobAccess, cpi.ModifyResource(true))
 }
 
 func (rd ResourceDescriptor) String() string {
diff --git a/pkg/module/security_scan.go b/pkg/module/security_scan.go
index 80ee5625f..9c078b6d1 100644
--- a/pkg/module/security_scan.go
+++ b/pkg/module/security_scan.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/inputs/types/ociimage"
+	itociartifact "github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/inputs/types/ociartifact"
 	"github.com/open-component-model/ocm/pkg/contexts/ocm/accessmethods/ociartifact"
 	ocm "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc"
 	ocmv1 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1"
@@ -97,7 +97,7 @@ func appendProtecodeImagesLayers(descriptor *ocm.ComponentDescriptor, config *Se
 					Labels:  []ocmv1.Label{*imageTypeLabel},
 					Version: imageTag,
 				},
-				Type:     ociimage.TYPE,
+				Type:     itociartifact.LEGACY_TYPE,
 				Relation: ocmv1.ExternalRelation,
 			},
 			Access: access,
diff --git a/pkg/module/sign.go b/pkg/module/sign.go
index 403c3638c..053d8fd7f 100644
--- a/pkg/module/sign.go
+++ b/pkg/module/sign.go
@@ -10,6 +10,7 @@ import (
 	"github.com/open-component-model/ocm/pkg/signing"
 	"github.com/open-component-model/ocm/pkg/signing/handlers/rsa"
 	"github.com/open-component-model/ocm/pkg/signing/hasher/sha512"
+	"github.com/open-component-model/ocm/pkg/signing/signutils"
 	"github.com/pkg/errors"
 )
 
@@ -112,7 +113,7 @@ func privateKey(pathToPrivateKey string) (interface{}, error) {
 		return nil, fmt.Errorf("unable to open key file: %w", err)
 	}
 
-	key, err := signing.ParsePrivateKey(privateKeyFile)
+	key, err := signutils.ParsePrivateKey(privateKeyFile)
 	if err != nil {
 		return nil, fmt.Errorf("unable to parse private key: %w", err)
 	}
@@ -125,7 +126,7 @@ func publicKey(pathToPublicKey string) (interface{}, error) {
 		return nil, fmt.Errorf("unable to open key file: %w", err)
 	}
 
-	key, err := signing.ParsePublicKey(publicKeyFile)
+	key, err := signutils.ParsePublicKey(publicKeyFile)
 	if err != nil {
 		return nil, fmt.Errorf("unable to parse public key: %w", err)
 	}