Keystore Entries Architecture

The keystore entries popup is the tenant-scoped monitoring view over certificate and keystore material. It is an inspection and alerting surface, not the authoring system for SAP-side key management.

Related pages

• Modules
• Flows
• Operations
• Alerting
• Tenant Settings

Functional role

The popup supports questions such as:

• which keystore entries currently exist
• which certificates are valid, expiring soon, or already expired
• which expiry waves are visible across the monitored landscape

Main APIs

• GET /api/cpi/configs/<config_id>/keystore_entries/
• GET /api/cpi/configs/<config_id>/keystore_entries/<entry_id>/

The underlying external CPI source is GET /api/v1/KeystoreEntries.

Persistence

Persisted keystore entries live in backend/src/cpi/models.py as cpiKeystoreEntry, including alias, validity, owner, type, and fingerprint-related fields.