diff --git a/bitnami/airflow/3/debian-12/Dockerfile b/bitnami/airflow/3/debian-12/Dockerfile
index f212e271967d..62b053b40073 100644
--- a/bitnami/airflow/3/debian-12/Dockerfile
+++ b/bitnami/airflow/3/debian-12/Dockerfile
@@ -8,10 +8,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2025-04-28T06:22:15Z" \
+      org.opencontainers.image.created="2025-04-29T11:58:01Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/airflow/README.md" \
-      org.opencontainers.image.ref.name="3.0.0-debian-12-r1" \
+      org.opencontainers.image.ref.name="3.0.0-debian-12-r2" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/airflow" \
       org.opencontainers.image.title="airflow" \
       org.opencontainers.image.vendor="Broadcom, Inc." \
@@ -31,7 +31,7 @@ RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
       "wait-for-port-1.0.8-15-linux-${OS_ARCH}-debian-12" \
       "python-3.12.10-5-linux-${OS_ARCH}-debian-12" \
       "ini-file-1.4.7-15-linux-${OS_ARCH}-debian-12" \
-      "airflow-3.0.0-0-linux-${OS_ARCH}-debian-12" \
+      "airflow-3.0.0-1-linux-${OS_ARCH}-debian-12" \
     ) ; \
     for COMPONENT in "${COMPONENTS[@]}"; do \
       if [ ! -f "${COMPONENT}.tar.gz" ]; then \
diff --git a/bitnami/airflow/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/airflow/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
index c2cb814bf4c3..336602e2ed9f 100644
--- a/bitnami/airflow/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/airflow/3/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -3,7 +3,7 @@
         "arch": "amd64",
         "distro": "debian-12",
         "type": "NAMI",
-        "version": "3.0.0-0"
+        "version": "3.0.0-1"
     },
     "ini-file": {
         "arch": "amd64",
diff --git a/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh b/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh
index 0361f526768e..a90b61f9019e 100755
--- a/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh
+++ b/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/airflow/setup.sh
@@ -21,5 +21,6 @@ set -o pipefail
 airflow_validate
 # Ensure Airflow daemon user exists when running as root
 am_i_root && ensure_user_exists "$AIRFLOW_DAEMON_USER" --group "$AIRFLOW_DAEMON_GROUP"
+
 # Ensure Airflow is initialized
 airflow_initialize
diff --git a/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh b/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh
index 19a9020c7b61..2275b819c2be 100644
--- a/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh
+++ b/bitnami/airflow/3/debian-12/rootfs/opt/bitnami/scripts/libairflow.sh
@@ -184,6 +184,12 @@ airflow_initialize() {
     info "Trying to connect to the database server"
     airflow_wait_for_db_connection
 
+    local db_init_command="migrate"
+    local db_upgrade_command="migrate"
+    if [[ $(airflow_major_version) -eq 2 ]]; then
+        db_init_command="init"
+        db_upgrade_command="upgrade"
+    fi
     case "$AIRFLOW_COMPONENT_TYPE" in
     webserver|api-server)
         # Remove pid file if exists to prevent error after WSL restarts
@@ -195,28 +201,32 @@ airflow_initialize() {
             airflow_wait_for_db_migrations
         # Check if the Airflow database has been already initialized
         elif ! airflow_execute db check-migrations; then
-            local db_init_command="migrate"
-            local db_upgrade_command="migrate"
-            if [[ $(airflow_major_version) -eq 2 ]]; then
-                db_init_command="init"
-                db_upgrade_command="upgrade"
-            fi
             # Initialize database
             info "Populating database"
             airflow_execute db "${db_init_command}"
 
             airflow_create_admin_user
             airflow_create_pool
+
+            info "Synchronizing internal metadata"
+            airflow_execute sync-perm --include-dags
         else
             # Upgrade database
             info "Upgrading database schema"
             airflow_execute db "${db_upgrade_command}"
+            if ! is_airflow_admin_created; then
+                airflow_create_admin_user
+            fi
+            info "Synchronizing internal metadata"
+            airflow_execute sync-perm --include-dags
             true # Avoid return false when I am not root
         fi
         ;;
     *)
         info "Waiting for db migrations to be completed"
         airflow_wait_for_db_migrations
+        info "Waiting for admin user to be created"
+        airflow_wait_for_admin_user
         if [[ "$AIRFLOW_EXECUTOR" == "CeleryExecutor" || "$AIRFLOW_EXECUTOR" == "CeleryKubernetesExecutor"  ]]; then
             wait-for-port --host "$REDIS_HOST" "$REDIS_PORT_NUMBER"
         fi
@@ -270,8 +280,8 @@ airflow_generate_config() {
         # Create Airflow configuration from default files
         [[ ! -f "$AIRFLOW_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_airflow.cfg)" "$AIRFLOW_CONF_FILE"
         [[ ! -f "$AIRFLOW_WEBSERVER_CONF_FILE" ]] && cp "$(find "$AIRFLOW_BASE_DIR" -name default_webserver_config.py)" "$AIRFLOW_WEBSERVER_CONF_FILE"
-        # Setup Airflow webserver base URL
-        airflow_configure_webserver_base_url
+        # Setup Airflow base URL
+        airflow_configure_base_url
         # Configure Airflow webserver authentication
         airflow_configure_webserver_authentication
         ;;
@@ -287,10 +297,9 @@ airflow_generate_config() {
 
     if [[ $(airflow_major_version) -eq 2 ]]; then
         # Configure the web server
-        airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_WEBSERVER_PORT_NUMBER"
+        airflow_conf_set "webserver" "web_server_port" "$AIRFLOW_APISERVER_PORT_NUMBER"
     else
         # Configure the api server
-        airflow_conf_set "api" "base_url" "http://${AIRFLOW_APISERVER_HOST}:${AIRFLOW_APISERVER_PORT_NUMBER}"
         airflow_conf_set "api" "port" "$AIRFLOW_APISERVER_PORT_NUMBER"
     fi
     # Configure Airflow Hostname
@@ -363,11 +372,17 @@ airflow_conf_set() {
 # Returns:
 #   None
 #########################
-airflow_configure_webserver_base_url() {
+airflow_configure_base_url() {
     if [[ -z "$AIRFLOW_APISERVER_BASE_URL" ]]; then
         airflow_conf_set "webserver" "base_url" "http://${AIRFLOW_APISERVER_HOST}:${AIRFLOW_APISERVER_PORT_NUMBER}"
+        if [[ $(airflow_major_version) -eq 3 ]]; then
+            airflow_conf_set "api" "base_url" "http://${AIRFLOW_APISERVER_HOST}:${AIRFLOW_APISERVER_PORT_NUMBER}"
+        fi
     else
         airflow_conf_set "webserver" "base_url" "$AIRFLOW_APISERVER_BASE_URL"
+        if [[ $(airflow_major_version) -eq 3 ]]; then
+            airflow_conf_set "api" "base_url" "$AIRFLOW_APISERVER_BASE_URL"
+        fi
     fi
 }
 
@@ -714,6 +729,64 @@ airflow_exporter_stop() {
 #   airflow major version
 #########################
 airflow_major_version() {
-    local -r raw_version="$("${AIRFLOW_BASE_DIR}/venv/bin/airflow" version | grep -v "WARNING" 2>/dev/null)"
+    local -r raw_version="$("${AIRFLOW_BASE_DIR}/venv/bin/airflow" version | grep -v "WARNING\|DEBUG" 2>/dev/null)"
     get_sematic_version "$raw_version" 1
 }
+
+########################
+# Generate a secret key for Airflow
+# Arguments:
+#   None
+# Returns:
+#   Random secret key
+#########################
+airflow_generate_secret_key() {
+    generate_random_string --type alphanumeric --count 128 | base64 | head -c "32"
+}
+
+########################
+# Regenerate Airflow secret keys in airflow.cfg file
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+airflow_update_secret_keys() {
+    local -r webserver_key="$(airflow_generate_secret_key)"
+    airflow_conf_set "webserver" "secret_key" "${webserver_key}"
+
+    if [[ $(airflow_major_version) -eq 3 ]]; then
+        local -r apiserver_key="$(airflow_generate_secret_key)"
+        airflow_conf_set "api_auth" "jwt_secret" "${apiserver_key}"
+    fi
+}
+
+########################
+# Waits until the Airflow admin user is created
+# Globals:
+#   None
+# Returns:
+#   Whether the admin user has been created or not
+#########################
+airflow_wait_for_admin_user() {
+    if ! retry_while "is_airflow_admin_created"; then
+        error "Admin user is not created"
+        return 1
+    fi
+}
+
+########################
+# Check if Airflow admin user has been created
+# Globals:
+#   AIRFLOW_USERNAME
+# Returns:
+#   Whether the admin user exists or not
+#########################
+is_airflow_admin_created() {
+    local return_code=1
+    local airflow_users="$(airflow users list --output plain | grep -v DEBUG)"
+    if echo "${airflow_users}" | grep "${AIRFLOW_USERNAME}"; then
+        return_code=0
+    fi
+    return "${return_code}"
+}