diff --git a/.env-docker b/.env-docker
index 34fb1a2..b6431bf 100644
--- a/.env-docker
+++ b/.env-docker
@@ -2,5 +2,5 @@ OPENTDF_PLATFORM_HOST="localhost"
 OPENTDF_PLATFORM_PORT=8080
 OPENTDF_PLATFORM_URL="http://localhost:8080"
 
-KEYCLOAK_URL="https://localhost:8443/auth"
-OIDC_OP_TOKEN_ENDPOINT="https://localhost:8443/auth/realms/opentdf/protocol/openid-connect/token"
\ No newline at end of file
+KEYCLOAK_URL="http://localhost:8888/auth"
+OIDC_OP_TOKEN_ENDPOINT="http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/token"
\ No newline at end of file
diff --git a/.github/start_opentdf_docker.sh b/.github/start_opentdf_docker.sh
new file mode 100755
index 0000000..3e175aa
--- /dev/null
+++ b/.github/start_opentdf_docker.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if ! [ -d platform ]; then
+  git clone https://github.com/opentdf/platform.git
+fi
+cd platform
+git checkout DSPX-1539-keytoolnomore
+
+yq -i '.realms[0].clients[0].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml
+
+yq -i '.realms[0].clients[1].client.directAccessGrantsEnabled = true | .realms[0].clients[1].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml
+
+yq -i '.realms[0].clients[4].client.directAccessGrantsEnabled = true | .realms[0].clients[4].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml
+
+
+if ! [ -d ./keys ]; then
+  go mod download
+
+  go mod verify
+
+  .github/scripts/init-temp-keys.sh
+  cp opentdf-example.yaml opentdf.yaml
+
+  # Edit 'opentdf.yaml' for our use case
+  yq -i 'del(.db)' opentdf.yaml
+  yq -i '.services.entityresolution.url = "http://localhost:8888/auth"' opentdf.yaml
+  yq -i '.server.auth.issuer = "http://localhost:8888/auth/realms/opentdf"' opentdf.yaml
+  yq -i '
+.server.cryptoProvider = {
+  "type": "standard",
+  "standard": {
+    "keys": [
+      {
+        "kid": "r1",
+        "alg": "rsa:2048",
+        "private": "kas-private.pem",
+        "cert": "kas-cert.pem"
+      },
+      {
+        "kid": "e1",
+        "alg": "ec:secp256r1",
+        "private": "kas-ec-private.pem",
+        "cert": "kas-ec-cert.pem"
+      }
+    ]
+  }
+}
+' opentdf.yaml
+  chmod -R 700 ./keys
+fi
+
+docker compose up -d --wait --wait-timeout 360
+
+go run ./service provision keycloak
+
+go run ./service provision fixtures
diff --git a/.github/workflows/platform-integration-test.yaml b/.github/workflows/platform-integration-test.yaml
index ad91791..fed489a 100644
--- a/.github/workflows/platform-integration-test.yaml
+++ b/.github/workflows/platform-integration-test.yaml
@@ -55,7 +55,37 @@ jobs:
         shell: bash
         run: |
           .github/scripts/init-temp-keys.sh
-          cp opentdf-dev.yaml opentdf.yaml
+          # Edit Keycloak sample file for our use case
+          yq -i '.realms[0].clients[0].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml
+          yq -i '.realms[0].clients[1].client.directAccessGrantsEnabled = true | .realms[0].clients[1].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml
+          yq -i '.realms[0].clients[4].client.directAccessGrantsEnabled = true | .realms[0].clients[4].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml
+          
+          cp opentdf-example.yaml opentdf.yaml
+          # Edit 'opentdf.yaml' for our use case
+          yq -i 'del(.db)' opentdf.yaml
+          yq -i '.services.entityresolution.url = "http://localhost:8888/auth"' opentdf.yaml
+          yq -i '.server.auth.issuer = "http://localhost:8888/auth/realms/opentdf"' opentdf.yaml
+          yq -i '
+          .server.cryptoProvider = {
+            "type": "standard",
+            "standard": {
+              "keys": [
+                {
+                  "kid": "r1",
+                  "alg": "rsa:2048",
+                  "private": "kas-private.pem",
+                  "cert": "kas-cert.pem"
+                },
+                {
+                  "kid": "e1",
+                  "alg": "ec:secp256r1",
+                  "private": "kas-ec-private.pem",
+                  "cert": "kas-ec-cert.pem"
+                }
+              ]
+            }
+          }
+          ' opentdf.yaml
           sudo chmod -R 777 ./keys
         working-directory: platform
       # - name: Trust the locally issued cert
diff --git a/.gitignore b/.gitignore
index feb774e..e0a62d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
 # Created by https://www.toptal.com/developers/gitignore/api/python
 # Edit at https://www.toptal.com/developers/gitignore?templates=python
 
+platform/
+
 ### Python ###
 # Byte-compiled / optimized / DLL files
 __pycache__/
diff --git a/tests/integration/test_pe_interaction.py b/tests/integration/test_pe_interaction.py
index 91a41db..7e8dcb2 100644
--- a/tests/integration/test_pe_interaction.py
+++ b/tests/integration/test_pe_interaction.py
@@ -38,7 +38,6 @@ def decrypt(input_path: Path, output_path: Path, sdk: SDK):
             raise SDKException("Decryption failed")
 
 
-@pytest.mark.skip(reason="Skipping until PE environment issues are resolved")
 @pytest.mark.integration
 def test_single_attribute_encryption_decryption():
     # Encrypt with SDK using a single attribute