- Purpose
Define and deliver a staged Krypton demo progression that validates:
- core encryption capability,
- automation with Platform Mesh,
- Scope
The program consists of three phases:
Manual Demo
- All Krypton and workload resources are created manually.
- MongoDB throw-away instance is used as validation workload.
- Focus is cryptographic proof only.
Automated Demo
- OpenKCM controller automates integration and communication with Platform Mesh.
- MongoDB throw-away instance remains the workload for comparability.
- Focus is cryptography lifecycle automation.
Persistent Demo
Reuse automation from phase 2.
Demonstrate encryption for a real target product/workload (not throw-away only).
Show how product configuration is automatically provisioned for OpenKCM.
The L1 and tenant creation takes place automatically.
- Success Criteria by Phase
Manual Demo Success
Encrypted data is visible at rest.
Data decrypts only through intended OpenKCM key path.
Automated Demo Success
Platform Mesh integration actions that were manual are automated by controller.
Encryption proof remains valid after automation is introduced.
Persistent Demo Success
L1 key is visible on the UI and bind to a system (account) on the customer tenant.
Real product/workload is automatically configured for OpenKCM.
Encryption and decrypt proof are repeatable without manual re-wiring.
- Exclusions (Current Program Boundaries)
Manual Demo does not claim full production-grade orchestration.
Throw-away MongoDB usage in phases 1–2 is for validation, not final product positioning.
Persistent demo product choice must be explicitly defined before phase 3 execution.
-
Manual Demo (Q2)
All resources are created manually.
MongoDB (throw-away instance) is used to prove OpenKCM crypto behavior.
Goal: prove encryption-at-rest and key-path correctness.
Not in scope: platform automation.
-
Automated Demo (Next)
Add OpenKCM controller to automate integration with Platform Mesh.
Still use MongoDB (throw-away instance), but now show:
automated resource flow,
automated secret/config injection,
reduced manual steps.
Goal: prove lifecycle automation + crypto together.
-
Persistent Demo (Target)
Reuse automation from phase 2.
Replace throw-away DB use case with a real product/workload.
Define and deliver a staged Krypton demo progression that validates:
The program consists of three phases:
Manual Demo
Automated Demo
Persistent Demo
Reuse automation from phase 2.
Demonstrate encryption for a real target product/workload (not throw-away only).
Show how product configuration is automatically provisioned for OpenKCM.
The L1 and tenant creation takes place automatically.
Manual Demo Success
Encrypted data is visible at rest.
Data decrypts only through intended OpenKCM key path.
Automated Demo Success
Platform Mesh integration actions that were manual are automated by controller.
Encryption proof remains valid after automation is introduced.
Persistent Demo Success
L1 key is visible on the UI and bind to a system (account) on the customer tenant.
Real product/workload is automatically configured for OpenKCM.
Encryption and decrypt proof are repeatable without manual re-wiring.
Manual Demo does not claim full production-grade orchestration.
Throw-away MongoDB usage in phases 1–2 is for validation, not final product positioning.
Persistent demo product choice must be explicitly defined before phase 3 execution.
Manual Demo (Q2)
All resources are created manually.
MongoDB (throw-away instance) is used to prove OpenKCM crypto behavior.
Goal: prove encryption-at-rest and key-path correctness.
Not in scope: platform automation.
Automated Demo (Next)
Add OpenKCM controller to automate integration with Platform Mesh.
Still use MongoDB (throw-away instance), but now show:
automated resource flow,
automated secret/config injection,
reduced manual steps.
Goal: prove lifecycle automation + crypto together.
Persistent Demo (Target)
Reuse automation from phase 2.
Replace throw-away DB use case with a real product/workload.