After chatting to Phil, this is actually done as well. The keycloak operator will write the client install info into a secret rather than a configmap, see https://github.com/integr8ly/keycloak-operator/blob/master/pkg/keycloak/realm/phaseHandler.go#L390-L424.

This probably makes sense, given that the client install info could have sensitive data in it. However, the downside is that we will not let developers to use the "OC" cli to retrieve them from the MDC namespace (as we can't give them the permission to read secrets in a managed namespace). To solve this problem, we can create a new endpoint in the MDC to actually return the configurations for a given app. This way it means that:

1. Each operator can choose what's the best way to store the configuration for the client, and MDC server will be able to read them.
2. The developer just need to call an endpoint that will return the full content for `mobile-services.json`, and they don't need to build the content on their own if they don't want to use the UI.

Christopher Foley WDYT?