Backstage Integration
Create an integration to request, view, and approve access via Backstage
The Apono Backstage integration allows you to configure Apono as a custom plugin in your Backstage app. This plugin brings Apono's Just-in-Time (JIT) access management to the forefront, making it easily accessible to developers within Backstage. With this integration, you can now effortlessly connect your Backstage app to Apono and manage access directly from the Backstage interface.
Other benefits:
• Backstage Theme Support – The Apono plugin now inherits Backstage’s theme and applies it to the embedded iframe for a consistent look and feel.
• Dynamic Theme Updates – The plugin communicates theme changes to the iframe in real time, ensuring seamless visual consistency.
Prerequisites
Generate RSA Private & Public Keys using OpenSSL using the following commands. Be sure to copy both public & private keys encoded as base64 to use later.
# Generate RSA Private Key
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
# Display private_key.pem content encoded as base64
cat private_key.pem | base64
# Generate RSA Public Key
openssl rsa -pubout -in private_key.pem -out public_key.pem
# Display public_key.pem content encoded as base64
cat public_key.pem | base64
Create a Backstage app with an intention to add an existing plugin to it. For more information on Apono plugin for Backstage frontend and backend app.
Install yarn (
yarn install
) and install any dependencies.
Configuration steps
In Apono
On Backstage integration page, provide the following information about your Backstage environment:
Integration Name
The integration name.
Yes
Under Secret Store, paste your base64-encoded public key.

Click Connect.
In Backstage
Add Apono plugin to Backstage Frontend App
To create a new Apono frontend plugin, run the following on your command line from the root of your project.
yarn --cwd packages/app add @apono-io/backstage-plugin-apono
Update router for the
AponoPage
inside packages/app/src/App.tsx.
import { AponoPage } from '@apono-io/backstage-plugin-apono';
// Inside your App component's routes
<Route path="/apono" element={<AponoPage />} />
In your app-config.yaml file, add the Apono client URL to your Content Security Policy to allow the Apono plugin to load its content in an iframe.
backend:
csp:
frame-src: ["'self'", "https://backstage-client.apono.io"]
Add Apono plugin to Backstage Backend App
To attach and run the Apono plugin, you will make some modifications to your backend.
Add Apono plugin to your backend system packages as dependencies. Run the following command.
# from the repository root
yarn --cwd packages/backend add @apono-io/backstage-plugin-apono-backend
Update packages/backend/src/index.ts.
backend.add(import('@apono-io/backstage-plugin-apono-backend'));
In app-config.yaml, configure Backstage to connect to the Apono API.
apono:
publicKey: ${APONO_PUBLIC_KEY} # Base64 encoded RSA public key with minimum 2048 bits length
privateKey: ${APONO_PRIVATE_KEY} # Base64 encoded RSA private key with minimum 2048 bits length
Backstage Sidebar Update
(Example) Add Apono plugin to Backstage sidebar. Update the Backstage sidebar in packages/app/src/components/Root/Root.tsx with the following code.
import { AponoPage } from '@apono-io/backstage-plugin-apono';
export const Root = ({ children }: PropsWithChildren<{}>) => (
<SidebarPage>
<Sidebar>
<SidebarLogo />
{/* ... */}
<SidebarGroup label="Menu" icon={<MenuIcon />}>
{/* ... */}
<SidebarItem icon={ExtensionIcon} to="/apono" text="Apono" />
{/* ... */}
<SidebarDivider />
{/* ... */}
</SidebarGroup>
</Sidebar>
</SidebarPage>
);

Troubleshooting
The following error occurs when you try to enter Apono app on your Backstage app:
Request failed with status code 401 / Failed to load application


This issue might occur when you accidentally delete your Apono Backstage integration.
To resolve this issue, recreate the Backstage integration in your Apono account with the Public Key defined in your Backstage app.
To find your public key, go to app-config.yaml on your Backstage app repo and look for:
{...}
apono:
publicKey: ${APONO_PUBLIC_KEY}
{...}
Last updated
Was this helpful?