a0be76b5f0
Mount the shared ZB.MOM.WW.Secrets.Ui RCL page at /admin/secrets on admin nodes: - Register secrets:manage/secrets:reveal policies additively via Configure<AuthorizationOptions>(o => o.AddSecretsAuthorization()) in AddAdminUI (the admin-only composition layer that already references the RCL — avoids forcing an RCL dependency into the core Security lib; mirrors HistorianGateway) - Register the RCL routable assembly in BOTH the SSR endpoint (AddAdditionalAssemblies) and the interactive Router (App.razor AdditionalAssemblies) or the route 404s - Add a Secrets nav item; the page's own [Authorize(Policy=...)] gates access Claim-type MATCH: AdminRole=Administrator reads the same ClaimTypes.Role as FleetAdmin, so existing Administrators are authorized with no new role mapping. Full clean boot verified; interactive reveal deferred to the live gate (shared UI already proven).