diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9988fbd4b..aa1e60dd0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 2.5.1
+**Bugfix**
+* Only preserve the exclude-from-push flag on client secret reset #342
+* Reuse scope attribute, preventing overwriting them #341 
+* Prevent overwriting of ARP motivations #340
+
 ## 2.5.0
 **Bugfix**
 
diff --git a/src/Surfnet/ServiceProviderDashboard/Application/Dto/MetadataConversionDto.php b/src/Surfnet/ServiceProviderDashboard/Application/Dto/MetadataConversionDto.php
index 35bd8019d..462e47adc 100644
--- a/src/Surfnet/ServiceProviderDashboard/Application/Dto/MetadataConversionDto.php
+++ b/src/Surfnet/ServiceProviderDashboard/Application/Dto/MetadataConversionDto.php
@@ -561,4 +561,12 @@ public function isExcludedFromPush()
     {
         return $this->manageEntity->isExcludedFromPush();
     }
+
+    /**
+     * @return array
+     */
+    public function getScopes()
+    {
+        return $this->manageEntity->getOidcClient()->getScope();
+    }
 }
diff --git a/src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator/ArpGenerator.php b/src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator/ArpGenerator.php
index c00f48af7..efeb79385 100644
--- a/src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator/ArpGenerator.php
+++ b/src/Surfnet/ServiceProviderDashboard/Application/Metadata/JsonGenerator/ArpGenerator.php
@@ -87,6 +87,9 @@ private function addExtraFields(array &$attributes, MetadataConversionDto $entit
                             'value' => $manageAttribute->getValue(),
                         ]
                     ];
+                    if (!empty($manageAttribute->getMotivation())) {
+                        $attributes[$manageAttribute->getName()][0]['motivation'] = $manageAttribute->getMotivation();
+                    }
                 }
             }
         }
diff --git a/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngJsonGenerator.php b/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngJsonGenerator.php
index feed03fe9..05582ae46 100644
--- a/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngJsonGenerator.php
+++ b/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngJsonGenerator.php
@@ -216,8 +216,14 @@ private function generateMetadataFields(MetadataConversionDto $entity)
 
         $metadata['NameIDFormat'] = $entity->getNameIdFormat();
 
-        // Will become configurable some time in the future.
-        $metadata['scopes'] = ['openid'];
+        // If the entity exists in Manage, use the scopes configured there.
+        if ($entity->isManageEntity()) {
+            // This prevents overwriting the scopes attribute. See: https://www.pivotaltracker.com/story/show/170868465
+            $metadata['scopes'] = $entity->getScopes();
+        } else {
+            // Will become configurable some time in the future.
+            $metadata['scopes'] = ['openid'];
+        }
 
         // When publishing to production, the coin:exclude_from_push must be present and set to '1'. This prevents the
         // entity from being pushed to engineblock.
@@ -225,6 +231,12 @@ private function generateMetadataFields(MetadataConversionDto $entity)
             $metadata['coin:exclude_from_push'] = '1';
         }
 
+        // When dealing with a client secret reset, keep the current exclude from push state.
+        $secret = $entity->getClientSecret();
+        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPush()) {
+            $metadata['coin:exclude_from_push'] = '0';
+        }
+
         $metadata += $this->generateOidcClient($entity);
 
         if (!empty($entity->getLogoUrl())) {
diff --git a/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngResourceServerJsonGenerator.php b/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngResourceServerJsonGenerator.php
index d30e05f2a..fd52120d8 100644
--- a/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngResourceServerJsonGenerator.php
+++ b/src/Surfnet/ServiceProviderDashboard/Application/Metadata/OidcngResourceServerJsonGenerator.php
@@ -194,6 +194,12 @@ private function generateMetadataFields(MetadataConversionDto $entity)
             $metadata['coin:exclude_from_push'] = '1';
         }
 
+        // When dealing with a client secret reset, keep the current exclude from push state.
+        $secret = $entity->getClientSecret();
+        if ($secret && $entity->isManageEntity() && !$entity->isExcludedFromPush()) {
+            $metadata['coin:exclude_from_push'] = '0';
+        }
+
         $metadata += $this->generateOidcClient($entity);
 
         return $metadata;
diff --git a/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/Coin.php b/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/Coin.php
index 74910773c..b57590536 100644
--- a/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/Coin.php
+++ b/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/Coin.php
@@ -43,7 +43,7 @@ public static function fromApiResponse(array $metaDataFields)
         $eula = isset($metaDataFields['coin:eula'])
             ? $metaDataFields['coin:eula'] : '';
         $excludeFromPush = isset($metaDataFields['coin:exclude_from_push'])
-            ? (int) $metaDataFields['coin:exclude_from_push'] : 0;
+            ? (int) $metaDataFields['coin:exclude_from_push'] : null;
         $oidcClient = isset($metaDataFields['coin:oidc_client'])
             ? (int) $metaDataFields['coin:oidc_client'] : 0;
 
@@ -52,7 +52,7 @@ public static function fromApiResponse(array $metaDataFields)
         Assert::string($originalMetadataUrl);
         Assert::string($applicationUrl);
         Assert::string($eula);
-        Assert::integer($excludeFromPush);
+        Assert::nullOrIntegerish($excludeFromPush);
         Assert::integer($oidcClient);
 
         return new self(
diff --git a/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/ManageEntity.php b/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/ManageEntity.php
index eccf39edc..20417af4d 100644
--- a/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/ManageEntity.php
+++ b/src/Surfnet/ServiceProviderDashboard/Infrastructure/Manage/Dto/ManageEntity.php
@@ -169,6 +169,9 @@ public function isOidcngResourceServer()
 
     public function isExcludedFromPush()
     {
+        if (is_null($this->getMetaData()->getCoin()->getExcludeFromPush())) {
+            return true;
+        }
         return $this->getMetaData()->getCoin()->getExcludeFromPush() == 1 ? true : false;
     }
 }
diff --git a/tests/unit/Application/Metadata/JsonGenerator/ArpGeneratorTest.php b/tests/unit/Application/Metadata/JsonGenerator/ArpGeneratorTest.php
index f703e3318..8dc7394f8 100644
--- a/tests/unit/Application/Metadata/JsonGenerator/ArpGeneratorTest.php
+++ b/tests/unit/Application/Metadata/JsonGenerator/ArpGeneratorTest.php
@@ -136,6 +136,8 @@ private function buildManageAttribute(string $attributeName)
             ->andReturn('idp');
         $attribute->shouldReceive('getValue')
             ->andReturn('The Manage attr value');
+        $attribute->shouldReceive('getMotivation')
+            ->andReturn('The Manage motivation');
         return $attribute;
     }
 }