[EPIC](apeiro) OpenKCM CMK UI Integration into Platform Mesh Portal #2
Description
Currently, the OpenKCM CMK UI (Sovereign Portal) runs as a standalone application. To provide a seamless "Platform Experience," we must integrate this UI directly into the Apeiro Platform Mesh Console.
This Epic covers the work required to make the OpenKCM CMK UI accessible as a native-feeling extension of the Platform Mesh. This includes Single Sign-On (SSO) federation (so users don't log in twice) and Workspace Context Awareness (so the UI automatically shows keys for the workspace the user is currently viewing).
User Stories
- As a Platform Admin, I want to click "Key Management/ Key Chain Manager" in the Apeiro Console sidebar and see the OpenKCM Dashboard without opening a new tab or re-entering credentials.
- As a Tenant Developer, when I am in the
acme-corpworkspace in the Console, the OpenKCM UI should automatically filter to show onlyacme-corpkeys.
Architecture & Integration Pattern
We will use the OIDC Federation & IFrame/Micro-frontend pattern (depending on Apeiro UI extensibility).
- Identity: The OpenKCM Portal (CMK UI) will be configured to trust the Platform Mesh IDP (OIDC) as an authentication provider.
- Context: The Platform Mesh Console will pass the
WorkspaceID(Tenant ID) to the OpenKCM UI via query parameters or iframe postMessage. - Networking: The OpenKCM CMK UI will be exposed via the Mesh Gateway, protected by the same Ingress policies as the Console.
Implementation
- Work with Platform Mesh team to make the OpenKCM Portal (CMK UI) part of the Platform Mesh Portal!