diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index 9a0c4477..35af9a15 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.7.3
+current_version = 1.10.0
 commit = False
 tag = False
 
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 3be369f8..9befe3ac 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -10,6 +10,8 @@ else
     echo "No UI found at /ui_build, skipping copy."
 fi
 
+export TAKRMAPI_SECRET_KEY=${RMAPI_SECRET_KEY:-$(dd if=/dev/random bs=32 count=1 | base64 2>/dev/null)}
+
 if [ "$#" -eq 0 ]; then
   exec gunicorn "takrmapi.app:get_app()" --bind 0.0.0.0:8003 --forwarded-allow-ips='*' -w 4 -k uvicorn.workers.UvicornWorker
 else
diff --git a/pyproject.toml b/pyproject.toml
index 6a6cbafd..086761ca 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "takrmapi"
-version = "1.7.3"
+version = "1.10.0"
 description = "RASENMAEHER integration API for TAK server"
 authors = ["Eero af Heurlin <rambo@iki.fi>", "Ari Karhunen <FIXME@example.com>"]
 homepage = "https://github.com/pvarki/python-tak-rmapi"
diff --git a/src/takrmapi/__init__.py b/src/takrmapi/__init__.py
index adb9fac0..f1151c9e 100644
--- a/src/takrmapi/__init__.py
+++ b/src/takrmapi/__init__.py
@@ -1,3 +1,3 @@
 """RASENMAEHER integration API for TAK server"""
 
-__version__ = "1.7.3"  # NOTE Use `bump2version --config-file patch` to bump versions correctly
+__version__ = "1.10.0"  # NOTE Use `bump2version --config-file patch` to bump versions correctly
diff --git a/src/takrmapi/api/__init__.py b/src/takrmapi/api/__init__.py
index c2352058..98a891ab 100644
--- a/src/takrmapi/api/__init__.py
+++ b/src/takrmapi/api/__init__.py
@@ -10,11 +10,14 @@
 from .description import router as description_router
 from .instructions import router as instructions_router
 from .tak_datapackage import router as takdatapackage_router
+from .tak_missionpackage import router as takmissionpackage_router
 
 from .description import router_v2 as description_router_v2
 from .description import router_v2_admin as description_admin_router
 from .userinfo import router as userinfo_router
 
+from .tak_missionpackage import ephemeral_router as ephemeral_takmissionpackage_router
+
 all_routers = APIRouter()
 all_routers.include_router(testing_router, prefix="/users", tags=["users"])  # REMOVE ME
 all_routers.include_router(usercrud_router, prefix="/users", tags=["users"])
@@ -24,8 +27,16 @@
 all_routers.include_router(description_router, prefix="/description", tags=["description"])
 all_routers.include_router(instructions_router, prefix="/instructions", tags=["instructions"])
 all_routers.include_router(takdatapackage_router, prefix="/tak-datapackages", tags=["tak-datapackages"])
+all_routers.include_router(takmissionpackage_router, prefix="/tak-missionpackages", tags=["tak-missionpackages"])
+
 
 all_routers_v2 = APIRouter()
 all_routers_v2.include_router(description_router_v2, prefix="/description", tags=["description"])
 all_routers_v2.include_router(description_admin_router, prefix="/admin/description", tags=["description"])
 all_routers_v2.include_router(userinfo_router, prefix="/clients", tags=["clients"])
+
+
+all_routers_ephemeral_v1 = APIRouter()
+all_routers_ephemeral_v1.include_router(
+    ephemeral_takmissionpackage_router, prefix="/tak-missionpackages", tags=["ephemeral-tak-missionpackages"]
+)
diff --git a/src/takrmapi/api/tak_missionpackage.py b/src/takrmapi/api/tak_missionpackage.py
new file mode 100644
index 00000000..c6e687bc
--- /dev/null
+++ b/src/takrmapi/api/tak_missionpackage.py
@@ -0,0 +1,203 @@
+"""Endpoint to deliver user missionpackages from templates/tak_missionpackage"""
+
+from pathlib import Path
+import logging
+import base64
+import binascii
+import urllib.parse
+import time
+import os
+import json
+import secrets
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
+from fastapi import APIRouter, Depends, HTTPException, BackgroundTasks
+from fastapi.responses import FileResponse
+from libpvarki.middleware.mtlsheader import MTLSHeader
+from libpvarki.schemas.product import UserCRUDRequest
+
+from takrmapi import config
+from takrmapi.takutils import tak_helpers
+from takrmapi.takutils.tak_pkg_helpers import TAKDataPackage, TAKPackageZip
+
+LOGGER = logging.getLogger(__name__)
+
+router = APIRouter(dependencies=[Depends(MTLSHeader(auto_error=True))])
+
+ephemeral_router = APIRouter()
+
+
+def hash_from_str(hash_from: str) -> str:
+    """Return checksum string from given string"""
+    ct_digest = hashes.Hash(hashes.SHA256())
+    ct_digest.update(hash_from.encode("ascii"))
+    ct_dig = ct_digest.finalize()
+    try:
+        ct_dig_str = binascii.hexlify(ct_dig).decode()
+    except binascii.Error as e:
+        LOGGER.info("Unable to convert digest bin to string. Possible malformed query.")
+        LOGGER.debug(e)
+        return "err"
+
+    return ct_dig_str
+
+
+@router.post("/client-zip/{variant}.zip")
+async def return_tak_zip(user: UserCRUDRequest, variant: str, background_tasks: BackgroundTasks) -> FileResponse:
+    """Return TAK client zip file proxied from rm api"""
+
+    localuser = tak_helpers.UserCRUD(user)
+    if not localuser:
+        raise HTTPException(status_code=404, detail="User data not found")
+
+    target_pkg = await create_mission_package(localuser, variant, background_tasks)
+
+    return FileResponse(
+        path=target_pkg.zip_path,
+        media_type="application/zip",
+        filename=f"{localuser.callsign}_{variant}.zip",
+    )
+
+
+async def create_mission_package(
+    localuser: tak_helpers.UserCRUD, variant: str, background_tasks: BackgroundTasks
+) -> TAKDataPackage:
+    """Create mission package from template"""
+    walk_dir = Path(config.TAK_MISSIONPKG_TEMPLATES_FOLDER) / "default" / variant
+
+    if not walk_dir.is_dir():
+        raise HTTPException(status_code=404, detail=f"Variant '{variant}' not found")
+
+    tak_missionpkg = TAKPackageZip(localuser)
+    target_pkg = TAKDataPackage(template_path=walk_dir, template_type="mission")
+    await tak_missionpkg.create_zip_bundles(datapackages=[target_pkg])
+
+    if not target_pkg.zip_path or not target_pkg.zip_path.is_file():
+        raise HTTPException(status_code=500, detail="Failed to generate ZIP")
+
+    background_tasks.add_task(tak_missionpkg.helpers.remove_tmp_dir, target_pkg.zip_tmp_folder)
+
+    return target_pkg
+
+
+@router.post("/ephemeral/{variant}.zip")
+async def return_ephemeral_dl_link(user: UserCRUDRequest, variant: str) -> dict[str, str]:
+    """Return an ephemeral download link to get the TAK client zip file"""
+    localuser = tak_helpers.UserCRUD(user)
+    if not localuser:
+        raise HTTPException(status_code=404, detail="User data not found")
+    request_time = int(time.time())
+
+    encrypted_url = generate_encrypted_ephemeral_url_fragment(user.callsign, user.uuid, variant, request_time)
+
+    # ATAK seems to take offense if the package file name is the same between
+    # requests, so we add a random token to the filename.
+    nonce = secrets.token_hex(8)
+
+    ephemeral_url = (
+        f"https://{config.read_tak_fqdn()}:{config.PRODUCT_HTTPS_EPHEMERAL_PORT}/"
+        f"ephemeral/api/v1/tak-missionpackages/ephemeral/"
+        f"{urllib.parse.quote_plus(encrypted_url)}/{config.read_deployment_name()}_{nonce}_{variant}.zip"
+    )
+
+    LOGGER.info("Returning ephemeral url: %s", ephemeral_url)
+
+    return {"ephemeral_url": ephemeral_url}
+
+
+@ephemeral_router.get("/ephemeral/{ephemeral_str}/{zipfile_name}.zip")
+async def return_ephemeral_tak_zip(ephemeral_str: str, background_tasks: BackgroundTasks) -> FileResponse:
+    """Return the TAK client zip file using an ephemeral link"""
+    LOGGER.info("Got ephemeral url fragment: %s", ephemeral_str)
+
+    callsign, user_uuid, variant = parse_encrypted_ephemeral_url_fragment(ephemeral_str)
+
+    localuser: tak_helpers.UserCRUD = tak_helpers.UserCRUD(
+        UserCRUDRequest(uuid=user_uuid, callsign=callsign, x509cert="")
+    )
+    if not localuser:
+        raise HTTPException(status_code=404, detail="User data not found")
+
+    target_pkg = await create_mission_package(localuser, variant, background_tasks)
+
+    return FileResponse(
+        path=target_pkg.zip_path,
+        media_type="application/zip",
+        filename=f"{localuser.callsign}_{config.read_deployment_name()}_{variant}.zip",
+    )
+
+
+def generate_encrypted_ephemeral_url_fragment(
+    user_callsign: str, user_uuid: str, variant: str, request_time: float
+) -> str:
+    """Return encrypted ephemeral url"""
+    plaintext_str: str = json.dumps({"callsign": user_callsign, "uuid": user_uuid, "variant": variant})
+    iv = os.urandom(12)
+    encryptor = Cipher(algorithms.AES(TAKDataPackage.get_ephemeral_byteskey()), modes.GCM(iv)).encryptor()
+    user_payload: bytes = encryptor.update(plaintext_str.encode("ascii")) + encryptor.finalize()
+    user_payload_b64: str = base64.b64encode(user_payload).decode("ascii")
+    iv_b64: str = base64.b64encode(iv).decode("ascii")
+    payload_digest: str = hash_from_str(user_payload_b64 + iv_b64 + str(request_time))
+    encode: str = base64.b64encode(
+        json.dumps(
+            {
+                "payload_b64": user_payload_b64,
+                "iv_b64": iv_b64,
+                "request_time": request_time,
+                "digest": payload_digest,
+            }
+        ).encode("ascii")
+    ).decode("ascii")
+
+    return encode
+
+
+def parse_encrypted_ephemeral_url_fragment(ephemeral_str: str) -> tuple[str, str, str]:
+    """Parse and decrypt ephemeral url and return callsign, user uuid and variant.
+
+    Verify that the ephemeral link is not expired and that the checksum matches.
+    """
+    try:
+        e_decoded = base64.b64decode(ephemeral_str.encode("ascii")).decode("ascii")
+    except binascii.Error as exc:
+        LOGGER.info("Unable to decode base64 to string. Possible malformed query.")
+        LOGGER.debug(exc)
+        raise HTTPException(status_code=404, detail="User data not found") from exc
+
+    ephemeral_json = json.loads(e_decoded)
+    if ephemeral_json["request_time"] + 300 < int(time.time()):
+        LOGGER.info("Ephemeral link has expired.")
+        raise HTTPException(status_code=404, detail="User data not found")
+
+    # TODO: probably should be a keyed hash to catch attempts to pass an incorrect link early
+    payload_digest: str = hash_from_str(
+        ephemeral_json["payload_b64"] + ephemeral_json["iv_b64"] + str(ephemeral_json["request_time"])
+    )
+    if payload_digest != ephemeral_json["digest"]:
+        LOGGER.info(
+            "Checksum mismatch. Calculated: {}, but got from response: {}".format(
+                payload_digest, ephemeral_json["digest"]
+            )
+        )
+        raise HTTPException(status_code=404, detail="User data not found")
+
+    iv: bytes = base64.b64decode(ephemeral_json["iv_b64"].encode("ascii"))
+    user_payload: bytes = base64.b64decode(ephemeral_json["payload_b64"].encode("ascii"))
+
+    decryptor = Cipher(algorithms.AES(TAKDataPackage.get_ephemeral_byteskey()), modes.GCM(iv)).encryptor()
+    decrypted_payload = decryptor.update(user_payload) + decryptor.finalize()
+
+    try:
+        decrypted_json = json.loads(decrypted_payload.decode("ascii"))
+    except (json.JSONDecodeError, UnicodeDecodeError) as exc:
+        LOGGER.exception("Decryption failure. It could be someone is trying something nasty.")
+        raise HTTPException(status_code=404, detail="User data not found") from exc
+
+    variant = decrypted_json["variant"]
+    callsign = decrypted_json["callsign"]
+    user_uuid = decrypted_json["uuid"]
+
+    LOGGER.debug("Got the following data in ephemeral user payload: {}".format(decrypted_json))
+
+    return callsign, user_uuid, variant
diff --git a/src/takrmapi/app.py b/src/takrmapi/app.py
index 06bce088..db6424dc 100644
--- a/src/takrmapi/app.py
+++ b/src/takrmapi/app.py
@@ -14,7 +14,7 @@
 from takrmapi import config
 from takrmapi.takutils import tak_init
 from .config import LOG_LEVEL
-from .api import all_routers, all_routers_v2
+from .api import all_routers, all_routers_v2, all_routers_ephemeral_v1
 
 
 LOGGER = logging.getLogger(__name__)
@@ -57,6 +57,7 @@ def get_app_no_init() -> FastAPI:
     app = FastAPI(docs_url="/api/docs", openapi_url="/api/openapi.json", lifespan=app_lifespan, version=__version__)
     app.include_router(router=all_routers, prefix="/api/v1")
     app.include_router(router=all_routers_v2, prefix="/api/v2")
+    app.include_router(router=all_routers_ephemeral_v1, prefix="/ephemeral/api/v1")
     return app
 
 
diff --git a/src/takrmapi/config.py b/src/takrmapi/config.py
index 9e81a37f..83cda4ac 100644
--- a/src/takrmapi/config.py
+++ b/src/takrmapi/config.py
@@ -51,6 +51,8 @@ def read_deployment_name() -> str:
 TAK_CERTS_FOLDER: Path = cfg("TAK_CERTS_FOLDER", cast=Path, default=Path("/opt/tak/data/certs/files"))
 RMAPI_PERSISTENT_FOLDER: Path = cfg("RMAPI_PERSISTENT_FOLDER", cast=Path, default=Path("/data/persistent"))
 
+PRODUCT_HTTPS_EPHEMERAL_PORT: int = cfg("PRODUCT_HTTPS_EPHEMERAL_PORT", cast=int, default=4627)
+
 # TAK vite asset graphical addons
 VITE_ASSET_SET: str = cfg("VITE_ASSET_SET", cast=str, default="not_used_by_default")
 VITE_ASSET_SET_TEMPLATES_FOLDER: Path = cfg(
diff --git a/src/takrmapi/takutils/tak_pkg_helpers.py b/src/takrmapi/takutils/tak_pkg_helpers.py
index 2c83cdd5..b6316b79 100644
--- a/src/takrmapi/takutils/tak_pkg_helpers.py
+++ b/src/takrmapi/takutils/tak_pkg_helpers.py
@@ -1,10 +1,11 @@
 """Helper functions to manage tak data packages"""
 
-from typing import List, Any, Dict
+import base64
+import binascii
+from typing import List, Any, Dict, ClassVar
 import logging
 from dataclasses import dataclass, field
 from pathlib import Path
-from glob import glob
 import tempfile
 import asyncio
 import os
@@ -35,6 +36,23 @@ class TAKPkgVars:
     template_file_render_str: str
 
 
+def _get_secret_key_from_environ() -> bytes:
+    """Fetch the secret key from the environment variable."""
+
+    from_env = os.environ.get("TAKRMAPI_SECRET_KEY", "")
+    try:
+        key_candidate = base64.b64decode(from_env.encode("ascii"))
+    except (TypeError, binascii.Error):
+        LOGGER.warning("TAKRMAPI_SECRET_KEY is not valid base64 encoded string.")
+        return b""
+
+    if len(key_candidate) >= 32:
+        return key_candidate[:32]
+
+    LOGGER.warning("TAKRMAPI_SECRET_KEY is too short. It should be at least 32 bytes long.")
+    return b""
+
+
 @dataclass
 class TAKDataPackage:
     """TAK Datapackage helper"""
@@ -43,6 +61,7 @@ class TAKDataPackage:
     template_type: str
 
     _pkgvars: TAKPkgVars = field(init=False)
+    ephemeral_key: ClassVar[bytes] = b""
 
     # TODO savolaiset muuttujat
     # _zip_path: Path = field(init=False)
@@ -79,6 +98,16 @@ def __post_init__(self) -> None:
             template_file_render_str="",
         )
 
+    @classmethod
+    def get_ephemeral_byteskey(cls) -> bytes:
+        """Return key for ephemeral file requests"""
+        if not cls.ephemeral_key:
+            cls.ephemeral_key = _get_secret_key_from_environ()
+            if not cls.ephemeral_key:
+                raise RuntimeError("Ephemeral key not set!")
+
+        return cls.ephemeral_key
+
     @property
     def is_folder(self) -> bool:
         """Check if package is folder"""
@@ -348,7 +377,7 @@ async def zip_folder_content(self, zipfile: str, tmp_folder: str) -> None:
         await asyncio.get_running_loop().run_in_executor(None, shutil.make_archive, zipfile, "zip", tmp_folder)
 
     async def tak_missionpackage_extras(self, manifest_file: Path, tmp_folder: Path) -> None:
-        """Check if there is some extra that needs to be done defined in manfiest"""
+        """Check if there is some extra that needs to be done defined in the manifest"""
         manifest_rows = manifest_file.read_text().splitlines()
         for row in manifest_rows:
             # .p12 rows
@@ -356,7 +385,7 @@ async def tak_missionpackage_extras(self, manifest_file: Path, tmp_folder: Path)
             if "<!--" in row:
                 continue
 
-            # Add certificate file to zip package
+            # Add the certificate files to the zip package
             if ".p12" in row:
                 await self.tak_missionpackage_add_p12(row, tmp_folder)
 
@@ -364,17 +393,19 @@ async def tak_missionpackage_add_p12(self, row: str, tmp_folder: Path) -> None:
         """Handle manifest .p12 rows"""
         tmp_folder = await self.chk_manifest_file_extra_folder(row=row, tmp_folder=tmp_folder)
         # FIXME: do the blocking IO in executor
+        LOGGER.info("PKCS12 Got template %s, tmp folder %s...", row, tmp_folder)
         if "rasenmaeher_ca-public.p12" in row:
             # FIXME: instead of adding the root key into the software, need a way to get full chain with Root CA
-            templates_folder = Path(__file__).parent / "templates"
-            ca_files = sorted(glob(f"{templates_folder}/*.pem"))
+            templates_folder = Path(__file__).parent.parent / "templates"
+            LOGGER.info("Searching keys from  %s...", templates_folder)
+            ca_files = templates_folder.rglob("*.pem")
             srcdata = Path("/le_certs/rasenmaeher/fullchain.pem").read_bytes()
-            if ca_files:
-                for ca_f in ca_files:
-                    srcdata = srcdata + Path(ca_f).read_bytes()
+            for ca_f in sorted(ca_files):
+                LOGGER.info("Adding PEM %s to CA bundle", ca_f.name)
+                srcdata = srcdata + ca_f.read_bytes()
 
             tgtfile = Path(tmp_folder) / "rasenmaeher_ca-public.p12"
-            LOGGER.info("Creating {}".format(tgtfile))
+            LOGGER.info("Creating %s", tgtfile)
             p12bytes = convert_pem_to_pkcs12(srcdata, None, "public", None, "ca-chains")
             tgtfile.parent.mkdir(parents=True, exist_ok=True)
             LOGGER.debug("{} exists: {}".format(tgtfile.parent, tgtfile.parent.exists()))
diff --git a/src/takrmapi/templates/tak_missionpkg/default/atak/server.pref.tpl b/src/takrmapi/templates/tak_missionpkg/default/atak/server.pref.tpl
index ed00d412..8da8bfe6 100644
--- a/src/takrmapi/templates/tak_missionpkg/default/atak/server.pref.tpl
+++ b/src/takrmapi/templates/tak_missionpkg/default/atak/server.pref.tpl
@@ -2,7 +2,7 @@
 <preferences>
     <preference version="1" name="cot_streams">
         <entry key="count" class="class java.lang.Integer">1</entry>
-        <entry key="description0" class="class java.lang.String">{{ tak_server_fqdn }}</entry>
+        <entry key="description0" class="class java.lang.String">{{ v.tak_server_deployment_name }}</entry>
         <entry key="enabled0" class="class java.lang.Boolean">true</entry>
         <entry key="connectString0" class="class java.lang.String">{{ v.tak_server_public_address }}:8089:ssl</entry>
     </preference>
diff --git a/tests/test_takrmapi.py b/tests/test_takrmapi.py
index ad5790b2..620f0c5a 100644
--- a/tests/test_takrmapi.py
+++ b/tests/test_takrmapi.py
@@ -1,8 +1,54 @@
 """Package level tests"""
 
+import base64
+import time
+from secrets import token_bytes
+
+from unittest import mock
+
+import pytest
+
 from takrmapi import __version__
+from takrmapi.api.tak_missionpackage import (
+    generate_encrypted_ephemeral_url_fragment,
+    parse_encrypted_ephemeral_url_fragment,
+)
+from takrmapi.takutils.tak_pkg_helpers import TAKDataPackage
 
 
 def test_version() -> None:
     """Make sure version matches expected"""
-    assert __version__ == "1.7.3"
+    assert __version__ == "1.10.0"
+
+
+@pytest.fixture(autouse=True)
+def clear_encryption_keys() -> None:
+    """Clear ephemeral keys between tests."""
+    TAKDataPackage.ephemeral_key = b""
+
+
+@mock.patch("os.environ", {"TAKRMAPI_SECRET_KEY": base64.b64encode(token_bytes(32)).decode("utf-8")})
+def test_ephemeral_link_generation() -> None:
+    """Verify that ephemeral link generation works as expected."""
+    now = time.time()
+    callsign = "N0CALL"
+    uuid = "12345678-1234-5678-1234-567812345678"
+
+    encrypted_url = generate_encrypted_ephemeral_url_fragment(callsign, uuid, "testvariant", now)
+    assert "testvariant" not in encrypted_url
+
+    gotten_callsign, gotten_uuid, gotten_variant = parse_encrypted_ephemeral_url_fragment(encrypted_url)
+    assert gotten_callsign == callsign
+    assert gotten_uuid == uuid
+    assert gotten_variant == "testvariant"
+
+
+EXAMPLE_KEY = "zyygdR6MGvmCe+Dm5hDMdQqTJa7VNc451SyQrirUXUI="  # pragma: allowlist secret
+
+
+@mock.patch("os.environ", {"TAKRMAPI_SECRET_KEY": EXAMPLE_KEY})
+def test_ephemeral_key_loading() -> None:
+    """Verify that ephemeral key loading works as expected."""
+    assert TAKDataPackage.get_ephemeral_byteskey() != b""
+    assert len(TAKDataPackage.get_ephemeral_byteskey()) == 32
+    assert base64.b64encode(TAKDataPackage.get_ephemeral_byteskey()).decode("ascii") == EXAMPLE_KEY
diff --git a/ui/package.json b/ui/package.json
index c3d9e67d..1af9aa83 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -2,6 +2,7 @@
   "dependencies": {
     "@module-federation/enhanced": "^0.21.2",
     "@radix-ui/react-accordion": "^1.2.12",
+    "@radix-ui/react-dialog": "^1.1.15",
     "@radix-ui/react-progress": "^1.1.8",
     "@radix-ui/react-scroll-area": "^1.2.10",
     "@radix-ui/react-select": "^2.2.6",
diff --git a/ui/pnpm-lock.yaml b/ui/pnpm-lock.yaml
index ce3e0cff..64ac32a6 100644
--- a/ui/pnpm-lock.yaml
+++ b/ui/pnpm-lock.yaml
@@ -13,6 +13,9 @@ importers:
       "@radix-ui/react-accordion":
         specifier: ^1.2.12
         version: 1.2.12(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      "@radix-ui/react-dialog":
+        specifier: ^1.1.15
+        version: 1.1.15(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
       "@radix-ui/react-progress":
         specifier: ^1.1.8
         version: 1.1.8(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -1127,6 +1130,22 @@ packages:
       "@types/react":
         optional: true
 
+  "@radix-ui/react-dialog@1.1.15":
+    resolution:
+      {
+        integrity: sha512-TCglVRtzlffRNxRMEyR36DGBLJpeusFcgMVD9PZEzAKnUs1lKCgX5u9BmC2Yg+LL9MgZDugFFs1Vl+Jp4t/PGw==,
+      }
+    peerDependencies:
+      "@types/react": "*"
+      "@types/react-dom": "*"
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      "@types/react":
+        optional: true
+      "@types/react-dom":
+        optional: true
+
   "@radix-ui/react-direction@1.1.1":
     resolution:
       {
@@ -5107,6 +5126,28 @@ snapshots:
     optionalDependencies:
       "@types/react": 18.2.79
 
+  "@radix-ui/react-dialog@1.1.15(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)":
+    dependencies:
+      "@radix-ui/primitive": 1.1.3
+      "@radix-ui/react-compose-refs": 1.1.2(@types/react@18.2.79)(react@18.3.1)
+      "@radix-ui/react-context": 1.1.2(@types/react@18.2.79)(react@18.3.1)
+      "@radix-ui/react-dismissable-layer": 1.1.11(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      "@radix-ui/react-focus-guards": 1.1.3(@types/react@18.2.79)(react@18.3.1)
+      "@radix-ui/react-focus-scope": 1.1.7(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      "@radix-ui/react-id": 1.1.1(@types/react@18.2.79)(react@18.3.1)
+      "@radix-ui/react-portal": 1.1.9(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      "@radix-ui/react-presence": 1.1.5(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      "@radix-ui/react-primitive": 2.1.3(@types/react-dom@18.2.25)(@types/react@18.2.79)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+      "@radix-ui/react-slot": 1.2.3(@types/react@18.2.79)(react@18.3.1)
+      "@radix-ui/react-use-controllable-state": 1.2.2(@types/react@18.2.79)(react@18.3.1)
+      aria-hidden: 1.2.6
+      react: 18.3.1
+      react-dom: 18.3.1(react@18.3.1)
+      react-remove-scroll: 2.7.1(@types/react@18.2.79)(react@18.3.1)
+    optionalDependencies:
+      "@types/react": 18.2.79
+      "@types/react-dom": 18.2.25
+
   "@radix-ui/react-direction@1.1.1(@types/react@18.2.79)(react@18.3.1)":
     dependencies:
       react: 18.3.1
diff --git a/ui/src/components/tabs/AndroidTab.tsx b/ui/src/components/tabs/AndroidTab.tsx
index 9f625d71..47303285 100644
--- a/ui/src/components/tabs/AndroidTab.tsx
+++ b/ui/src/components/tabs/AndroidTab.tsx
@@ -3,18 +3,59 @@ import { ZipButton } from "../ZipButton";
 import { useTranslation } from "react-i18next";
 import { Link } from "@tanstack/react-router";
 import { Button } from "../ui/button";
+import { useState } from "react";
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+} from "@/components/ui/dialog";
 
 interface Props {
   zip: TAK_Zip;
 }
 
+interface EphemeralUrl {
+  ephemeral_url: string;
+}
+
 export function AndroidTab({ zip }: Props) {
   const { t } = useTranslation("tak");
+  const baseUrl = `${window.location.protocol}//${window.location.host}`;
+  const [isDialogOpen, setIsDialogOpen] = useState(false);
+  const [takUrl, setTakUrl] = useState("");
+
+  const handleOpenATAK = async () => {
+    try {
+      const response = await fetch(
+        `${baseUrl}/api/v1/product/proxy/tak/api/v1/tak-missionpackages/ephemeral/atak.zip`,
+      );
+
+      if (!response.ok) {
+        throw new Error(`HTTP error! status: ${response.status}`);
+      }
+
+      const data = (await response.json()) as EphemeralUrl;
+      const fullTakUrl = `tak://com.atakmap.app/import?url=${data.ephemeral_url}`;
+      setTakUrl(fullTakUrl);
+      setIsDialogOpen(true);
+    } catch (error) {
+      console.error("Error fetching ephemeral URL:", error);
+      // You might want to show an error toast/notification here
+    }
+  };
 
   return (
     <div className="mt-4">
       <p className="text-lg font-semibold">{t("tabs.android.title")}</p>
       <div className="font-normal">
+        <Button onClick={() => void handleOpenATAK()}>
+          {t("tabs.android.open_atak")}
+        </Button>
+
+        <p className="pt-8 pb-2">{t("tabs.android.open_atak_manual_note")}</p>
+
         <p>{t("tabs.android.step1_download")}</p>
         <ZipButton
           data={zip.data}
@@ -26,11 +67,32 @@ export function AndroidTab({ zip }: Props) {
       <div className="mt-4">
         <p className="mb-2">{t("tabs.android.instructions_short")}</p>
         <Button asChild variant="secondary">
+          {/* eslint-disable-next-line */}
           <Link to={"/android/1" as any}>
             {t("tabs.android.open_instructions")}
           </Link>
         </Button>
       </div>
+
+      <Dialog open={isDialogOpen} onOpenChange={setIsDialogOpen}>
+        <DialogContent>
+          <DialogHeader>
+            <DialogTitle>ATAK Mission Package Auto Import</DialogTitle>
+            <DialogDescription>
+              Click the button below to open in ATAK
+            </DialogDescription>
+          </DialogHeader>
+          <Button asChild>
+            <Link to={takUrl} onClick={() => setIsDialogOpen(false)}>
+              Open ATAK and connect to service
+            </Link>
+          </Button>
+          <div className="mt-4">
+            When ATAK opens and asks about importing a package with a long link,
+            choose "Yes"
+          </div>
+        </DialogContent>
+      </Dialog>
     </div>
   );
 }
diff --git a/ui/src/components/ui/dialog.tsx b/ui/src/components/ui/dialog.tsx
new file mode 100644
index 00000000..9ff99906
--- /dev/null
+++ b/ui/src/components/ui/dialog.tsx
@@ -0,0 +1,141 @@
+import * as React from "react";
+import * as DialogPrimitive from "@radix-ui/react-dialog";
+import { XIcon } from "lucide-react";
+
+import { cn } from "@/lib/utils";
+
+function Dialog({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Root>) {
+  return <DialogPrimitive.Root data-slot="dialog" {...props} />;
+}
+
+function DialogTrigger({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Trigger>) {
+  return <DialogPrimitive.Trigger data-slot="dialog-trigger" {...props} />;
+}
+
+function DialogPortal({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Portal>) {
+  return <DialogPrimitive.Portal data-slot="dialog-portal" {...props} />;
+}
+
+function DialogClose({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Close>) {
+  return <DialogPrimitive.Close data-slot="dialog-close" {...props} />;
+}
+
+function DialogOverlay({
+  className,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Overlay>) {
+  return (
+    <DialogPrimitive.Overlay
+      data-slot="dialog-overlay"
+      className={cn(
+        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function DialogContent({
+  className,
+  children,
+  showCloseButton = true,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Content> & {
+  showCloseButton?: boolean;
+}) {
+  return (
+    <DialogPortal data-slot="dialog-portal">
+      <DialogOverlay />
+      <DialogPrimitive.Content
+        data-slot="dialog-content"
+        className={cn(
+          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-[50%] left-[50%] z-50 grid w-full max-w-[calc(100%-2rem)] translate-x-[-50%] translate-y-[-50%] gap-4 rounded-lg border p-6 shadow-lg duration-200 sm:max-w-lg",
+          className,
+        )}
+        {...props}
+      >
+        {children}
+        {showCloseButton && (
+          <DialogPrimitive.Close
+            data-slot="dialog-close"
+            className="ring-offset-background focus:ring-ring data-[state=open]:bg-accent data-[state=open]:text-muted-foreground absolute top-4 right-4 rounded-xs opacity-70 transition-opacity hover:opacity-100 focus:ring-2 focus:ring-offset-2 focus:outline-hidden disabled:pointer-events-none [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4"
+          >
+            <XIcon />
+            <span className="sr-only">Close</span>
+          </DialogPrimitive.Close>
+        )}
+      </DialogPrimitive.Content>
+    </DialogPortal>
+  );
+}
+
+function DialogHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="dialog-header"
+      className={cn("flex flex-col gap-2 text-center sm:text-left", className)}
+      {...props}
+    />
+  );
+}
+
+function DialogFooter({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="dialog-footer"
+      className={cn(
+        "flex flex-col-reverse gap-2 sm:flex-row sm:justify-end",
+        className,
+      )}
+      {...props}
+    />
+  );
+}
+
+function DialogTitle({
+  className,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Title>) {
+  return (
+    <DialogPrimitive.Title
+      data-slot="dialog-title"
+      className={cn("text-lg leading-none font-semibold", className)}
+      {...props}
+    />
+  );
+}
+
+function DialogDescription({
+  className,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Description>) {
+  return (
+    <DialogPrimitive.Description
+      data-slot="dialog-description"
+      className={cn("text-muted-foreground text-sm", className)}
+      {...props}
+    />
+  );
+}
+
+export {
+  Dialog,
+  DialogClose,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogOverlay,
+  DialogPortal,
+  DialogTitle,
+  DialogTrigger,
+};
diff --git a/ui/src/locales/en.json b/ui/src/locales/en.json
index 2c8c68fc..db49f882 100644
--- a/ui/src/locales/en.json
+++ b/ui/src/locales/en.json
@@ -17,6 +17,8 @@
   "tabs": {
     "android": {
       "instructions_short": "Need help importing the package?",
+      "open_atak": "ATAK: Auto import package",
+      "open_atak_manual_note": "Or import manually",
       "open_instructions": "Open instructions",
       "phase1": {
         "step1_desc_civ": "Download the ATAK-CIV app from the Play Store and install it:",
diff --git a/ui/src/locales/fi.json b/ui/src/locales/fi.json
index 5aa1073b..3a7e38a3 100644
--- a/ui/src/locales/fi.json
+++ b/ui/src/locales/fi.json
@@ -17,6 +17,8 @@
   "tabs": {
     "android": {
       "instructions_short": "Tarvitsetko apua paketin tuonnissa?",
+      "open_atak": "ATAK: Tuo paketti automaattisesti",
+      "open_atak_manual_note": "Tai tuo paketti manuaalisesti",
       "open_instructions": "Avaa ohjeet",
       "phase1": {
         "step1_desc_civ": "Lataa ATAK-CIV -sovellus Play Kaupasta ja asenna se:",
diff --git a/ui/src/locales/sv.json b/ui/src/locales/sv.json
index 8297f1ff..6cd27cfe 100644
--- a/ui/src/locales/sv.json
+++ b/ui/src/locales/sv.json
@@ -17,6 +17,8 @@
   "tabs": {
     "android": {
       "instructions_short": "Beh\u00f6ver du hj\u00e4lp med att importera paketet?",
+      "open_atak": "ATAK: Importera paketet automatiskt",
+      "open_atak_manual_note": "Eller importera paketet manuellt",
       "open_instructions": "\u00d6ppna instruktioner",
       "phase1": {
         "step1_desc_civ": "Ladda ner appen ATAK-CIV fr\u00e5n Play Store och installera den:",