diff --git a/docs/screencast/README.md b/docs/screencast/README.md
new file mode 100644
index 0000000000..770e175090
--- /dev/null
+++ b/docs/screencast/README.md
@@ -0,0 +1,42 @@
+# Screencast / Asciinema
+
+[Asciinema](https://github.com/asciinema/asciinema) is used to automatically generate
+terminal session recordings for our documentation. To fully automate this we use scripts
+that utilize [expect](https://manpages.debian.org/testing/expect/expect.1.en.html) to interface with different
+CLI tools, and run them inside a [container](docker/Dockerfile).
+
+## Usage
+
+```sh
+./generate-screencasts.sh
+```
+
+This will:
+
++ build the container
++ run the expect based scripts
++ copy recordings into the recordings directory
+
+To replay the output you can use `asciinema play recordings/verify-cli.cast`.
+
+Include the generated screencast into our docs using the [`AsciinemaWidget`](../src/components/AsciinemaWidget/index.js):
+
+```md
+import AsciinemaWidget from '../../src/components/AsciinemaWidget';
+
+<AsciinemaWidget src="/constellation/assets/verify-cli.cast" fontSize={16} rows={20} cols={112} idleTimeLimit={3} preload={true} theme={'edgeless'} />
+```
+
+Then [re-build and locally host the docs](../README.md).
+
+## Styling
+
+There are three different locations were styling is applied:
+
+1. **The prompt** is styled using [ANSI escape codes](https://en.wikipedia.org/wiki/ANSI_escape_code).
+More explanation and the actual color codes can be found in [Dockerfile](docker/Dockerfile).
+2. **Player dimensions** are passed to the [`AsciinemaWidget`](../src/components/AsciinemaWidget/index.js)
+when it's [embedded in the docs](../docs/workflows/verify-cli.md). Check the `asciinema-player` for a
+[full list of options](https://github.com/asciinema/asciinema-player#options).
+3. **Everything else** is [styled via CSS](../src/css/custom.css). This includes the option to build a custom
+[player theme](https://github.com/asciinema/asciinema-player/wiki/Custom-terminal-themes).
diff --git a/docs/screencast/docker/Dockerfile b/docs/screencast/docker/Dockerfile
new file mode 100644
index 0000000000..c9470f87d7
--- /dev/null
+++ b/docs/screencast/docker/Dockerfile
@@ -0,0 +1,30 @@
+FROM ubuntu:22.04@sha256:2b7412e6465c3c7fc5bb21d3e6f1917c167358449fecac8176c6e496e5c1f05f
+
+# Install requirements
+RUN apt-get update && apt-get install -y software-properties-common &&\
+    apt-add-repository ppa:zanchey/asciinema && apt-get update &&\
+    apt-get install -y curl jq expect asciinema sudo unzip &&\
+    rm -rf /var/lib/apt/lists/*
+
+RUN curl -fsSLO https://dl.k8s.io/release/v1.26.0/bin/linux/amd64/kubectl &&\
+    sudo install kubectl /usr/local/bin/kubectl && rm kubectl
+
+# As mount point for $HOME/.kube/config
+RUN mkdir /root/.kube
+
+# Enable RGB colors in PS1
+ENV TERM=xterm-256color
+# Set width of terminal, default is ~80 and leads to broken lines for long lines,
+# e.g., curl & cosign commands.
+ENV COLUMNS=512
+# For PS1 to work shell needs to specified
+ENV SHELL=/bin/bash
+# ANSI color codes are used to control PS1 prompt. We use "\033[38;2;<r>;<g>;<b>m"
+# to control the foreground color with RBG colors [1]. Non-printable characters
+# need to  be escaped with additional \[ and \], see [2].
+# [1]: https://stackoverflow.com/a/33206814/2306355
+# [2]: https://stackoverflow.com/a/19501528/2306355
+RUN echo 'export PS1="\[\033[38;2;139;4;221m\]$\[\033[0m\] "' >> /root/.bashrc
+
+WORKDIR /demo
+ENTRYPOINT ["/usr/bin/expect", "-f"]
diff --git a/docs/screencast/generate-screencasts.sh b/docs/screencast/generate-screencasts.sh
new file mode 100755
index 0000000000..a48c2eef9b
--- /dev/null
+++ b/docs/screencast/generate-screencasts.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# This script prepares the environment for expect scripts to be recorded in,
+# executes all scripts, and copies the .cast files to our doc's asset folder.
+#
+
+set -euo pipefail
+
+# Setup.
+
+demodir=$(just demodir)
+docker build -t screenrecodings docker
+
+# Screencast.
+docker run -it \
+  -v "${HOME}/.kube/config:/root/.kube/config" \
+  -v "$(pwd)/recordings:/recordings" \
+  -v "${demodir}:/demo" \
+  -v "${demodir}/contrast:/usr/local/bin/contrast" \
+  -v "$(pwd)/scripts:/scripts" \
+  screenrecodings /scripts/flow.expect
+
+# Cleanup.
+kubectl delete -f "${demodir}/deployment/"
+kubectl delete -f "${demodir}/coordinator.yaml"
diff --git a/docs/screencast/recordings/flow.cast b/docs/screencast/recordings/flow.cast
new file mode 100644
index 0000000000..db0e6fe3ee
--- /dev/null
+++ b/docs/screencast/recordings/flow.cast
@@ -0,0 +1,591 @@
+{"version": 2, "width": 123, "height": 29, "timestamp": 1709802839, "env": {"SHELL": "/bin/bash", "TERM": "xterm-256color"}}
+[0.005569, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[0.006202, "o", "#"]
+[0.138617, "o", " "]
+[0.1888, "o", "D"]
+[0.23911, "o", "e"]
+[0.310029, "o", "p"]
+[0.360582, "o", "l"]
+[0.41045, "o", "o"]
+[0.530853, "o", "y"]
+[0.580998, "o", " "]
+[0.631121, "o", "t"]
+[0.681256, "o", "h"]
+[0.78912, "o", "e"]
+[0.83907, "o", " "]
+[0.92122, "o", "C"]
+[0.97171, "o", "o"]
+[1.022106, "o", "n"]
+[1.191105, "o", "t"]
+[1.266576, "o", "r"]
+[1.35539, "o", "a"]
+[1.40573, "o", "s"]
+[1.530351, "o", "t"]
+[1.580998, "o", " "]
+[1.642317, "o", "C"]
+[1.748303, "o", "o"]
+[1.798648, "o", "o"]
+[1.849166, "o", "r"]
+[1.899405, "o", "d"]
+[1.950018, "o", "i"]
+[2.000146, "o", "n"]
+[2.050439, "o", "a"]
+[2.152009, "o", "t"]
+[2.202065, "o", "o"]
+[2.252479, "o", "r\r\n\u001b[?2004l\r"]
+[2.252537, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[3.253151, "o", "k"]
+[3.303264, "o", "u"]
+[3.353373, "o", "b"]
+[3.403612, "o", "e"]
+[3.54036, "o", "c"]
+[3.598463, "o", "t"]
+[3.663794, "o", "l"]
+[3.713993, "o", " "]
+[3.780045, "o", "a"]
+[3.830117, "o", "p"]
+[3.917654, "o", "p"]
+[3.967589, "o", "l"]
+[4.018491, "o", "y"]
+[4.068446, "o", " "]
+[4.118769, "o", "-"]
+[4.225377, "o", "f"]
+[4.275343, "o", " "]
+[4.325823, "o", "c"]
+[4.406082, "o", "o"]
+[4.507265, "o", "o"]
+[4.557387, "o", "r"]
+[4.613748, "o", "d"]
+[4.732127, "o", "i"]
+[4.815377, "o", "n"]
+[4.989859, "o", "a"]
+[5.039741, "o", "t"]
+[5.157212, "o", "o"]
+[5.20782, "o", "r"]
+[5.258069, "o", "."]
+[5.308749, "o", "y"]
+[5.550153, "o", "a"]
+[5.656244, "o", "m"]
+[5.71487, "o", "l\r\n\u001b[?2004l\r"]
+[6.236723, "o", "deployment.apps/coordinator created\r\n"]
+[6.333734, "o", "service/coordinator created\r\n"]
+[6.338152, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[10.340101, "o", "c"]
+[10.390622, "o", "o"]
+[10.440688, "o", "o"]
+[10.490687, "o", "r"]
+[10.573752, "o", "d"]
+[10.623929, "o", "i"]
+[10.782279, "o", "n"]
+[10.832724, "o", "a"]
+[10.882903, "o", "t"]
+[10.933473, "o", "o"]
+[10.984002, "o", "r"]
+[11.039011, "o", "="]
+[11.08977, "o", "`"]
+[11.139687, "o", "k"]
+[11.299741, "o", "u"]
+[11.349832, "o", "b"]
+[11.537116, "o", "e"]
+[11.624098, "o", "c"]
+[11.674301, "o", "t"]
+[11.724775, "o", "l"]
+[11.774817, "o", " "]
+[11.824803, "o", "g"]
+[11.875101, "o", "e"]
+[11.925388, "o", "t"]
+[11.976053, "o", " "]
+[12.096784, "o", "s"]
+[12.146819, "o", "v"]
+[12.196953, "o", "c"]
+[12.247191, "o", " "]
+[12.297224, "o", "c"]
+[12.398259, "o", "o"]
+[12.44843, "o", "o"]
+[12.4986, "o", "r"]
+[12.548647, "o", "d"]
+[12.601942, "o", "i"]
+[12.676878, "o", "n"]
+[12.729144, "o", "a"]
+[12.77986, "o", "t"]
+[12.847263, "o", "o"]
+[12.89759, "o", "r"]
+[12.947673, "o", " "]
+[12.998215, "o", "-"]
+[13.048539, "o", "o"]
+[13.118011, "o", "="]
+[13.167939, "o", "j"]
+[13.248836, "o", "s"]
+[13.298807, "o", "o"]
+[13.46036, "o", "n"]
+[13.510625, "o", "p"]
+[13.561014, "o", "a"]
+[13.611996, "o", "t"]
+[13.725515, "o", "h"]
+[13.775717, "o", "="]
+[13.825819, "o", "'"]
+[13.87594, "o", "{"]
+[13.92626, "o", "."]
+[13.976241, "o", "s"]
+[14.026693, "o", "t"]
+[14.088667, "o", "a"]
+[14.139388, "o", "t"]
+[14.189835, "o", "u"]
+[14.240525, "o", "s"]
+[14.290793, "o", "."]
+[14.341438, "o", "l"]
+[14.392092, "o", "o"]
+[14.466092, "o", "a"]
+[14.516092, "o", "d"]
+[14.597285, "o", "B"]
+[14.647462, "o", "a"]
+[14.731822, "o", "l"]
+[14.781995, "o", "a"]
+[14.866939, "o", "n"]
+[14.91726, "o", "c"]
+[14.968194, "o", "e"]
+[15.018994, "o", "r"]
+[15.069946, "o", "."]
+[15.161292, "o", "i"]
+[15.211214, "o", "n"]
+[15.261839, "o", "g"]
+[15.31199, "o", "r"]
+[15.416404, "o", "e"]
+[15.565547, "o", "s"]
+[15.616045, "o", "s"]
+[15.666234, "o", "["]
+[15.716589, "o", "0"]
+[15.767115, "o", "]"]
+[15.817705, "o", "."]
+[15.882827, "o", "i"]
+[15.933352, "o", "p"]
+[15.984057, "o", "}"]
+[16.03396, "o", "'"]
+[16.089076, "o", "`\r\n\u001b[?2004l\r"]
+[16.240148, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[17.24127, "o", "#"]
+[17.436628, "o", " "]
+[17.608918, "o", "G"]
+[17.659038, "o", "e"]
+[17.709162, "o", "n"]
+[17.792388, "o", "e"]
+[17.843563, "o", "r"]
+[17.900612, "o", "a"]
+[17.950775, "o", "t"]
+[18.000968, "o", "e"]
+[18.051112, "o", " "]
+[18.101428, "o", "w"]
+[18.15132, "o", "o"]
+[18.201592, "o", "r"]
+[18.251572, "o", "k"]
+[18.301786, "o", "l"]
+[18.352193, "o", "o"]
+[18.402257, "o", "a"]
+[18.452235, "o", "d"]
+[18.502302, "o", " "]
+[18.552412, "o", "p"]
+[18.602703, "o", "o"]
+[18.680863, "o", "l"]
+[18.731102, "o", "i"]
+[18.793488, "o", "c"]
+[18.84368, "o", "i"]
+[18.894387, "o", "e"]
+[18.944884, "o", "s"]
+[18.995672, "o", " "]
+[19.070124, "o", "a"]
+[19.134333, "o", "n"]
+[19.184772, "o", "d"]
+[19.234898, "o", " "]
+[19.293396, "o", "m"]
+[19.343685, "o", "a"]
+[19.393834, "o", "n"]
+[19.444046, "o", "i"]
+[19.494287, "o", "f"]
+[19.559459, "o", "e"]
+[19.675466, "o", "s"]
+[19.827696, "o", "t\r\n\u001b[?2004l\r"]
+[19.827773, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[20.828875, "o", "c"]
+[20.95378, "o", "o"]
+[21.003896, "o", "n"]
+[21.054886, "o", "t"]
+[21.10488, "o", "r"]
+[21.155094, "o", "a"]
+[21.205282, "o", "s"]
+[21.255812, "o", "t"]
+[21.306309, "o", " "]
+[21.356884, "o", "g"]
+[21.406848, "o", "e"]
+[21.457275, "o", "n"]
+[21.541605, "o", "e"]
+[21.624575, "o", "r"]
+[21.729989, "o", "a"]
+[21.876441, "o", "t"]
+[21.939502, "o", "e"]
+[21.990106, "o", " "]
+[22.046658, "o", "d"]
+[22.097139, "o", "e"]
+[22.149889, "o", "p"]
+[22.200202, "o", "l"]
+[22.277846, "o", "o"]
+[22.327786, "o", "y"]
+[22.378591, "o", "m"]
+[22.428032, "o", "e"]
+[22.478183, "o", "n"]
+[22.528378, "o", "t"]
+[22.578515, "o", "/\r\n\u001b[?2004l\r"]
+[35.673641, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[35.673809, "o", "c"]
+[35.724252, "o", "a"]
+[35.774584, "o", "t"]
+[35.824878, "o", " "]
+[35.8753, "o", "m"]
+[35.925362, "o", "a"]
+[35.976243, "o", "n"]
+[36.026556, "o", "i"]
+[36.093994, "o", "f"]
+[36.143851, "o", "e"]
+[36.193829, "o", "s"]
+[36.265005, "o", "t"]
+[36.315423, "o", "."]
+[36.393051, "o", "j"]
+[36.443022, "o", "s"]
+[36.493133, "o", "o"]
+[36.547719, "o", "n"]
+[36.597632, "o", " "]
+[36.647796, "o", "|"]
+[36.697771, "o", " "]
+[36.868582, "o", "j"]
+[36.918877, "o", "q\r\n\u001b[?2004l\r"]
+[36.929632, "o", "\u001b[1;39m{\r\n  \u001b[0m\u001b[34;1m\"Policies\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m{\r\n    \u001b[0m\u001b[34;1m\"2566f5b2172910e57b5162190f0556041b86614c8e8d8981f80bf47b621140c0\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m[\r\n      \u001b[0;32m\"emoji\"\u001b[0m\u001b[1;39m,\r\n      \u001b[0;32m\"*\"\u001b[0m\u001b[1;39m\r\n    \u001b[1;39m]\u001b[0m\u001b[1;39m,\r\n    \u001b[0m\u001b[34;1m\"37427d9bc17b6766909fdd1225298226a344e14ce298c232a6bc2a80baa244b8\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m[\r\n      \u001b[0;32m\"web\"\u001b[0m\u001b[1;39m,\r\n      \u001b[0;32m\"*\"\u001b[0m\u001b[1;39m\r\n    \u001b[1;39m]\u001b[0m\u001b[1;39m,\r\n    \u001b[0m\u001b[34;1m\"561b5164452bee3956e1b3ec0420b2f32c87c53423bb1ec10821bc8be37199e7\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m[\r\n      \u001b[0;32m\"voting\"\u001b[0m\u001b[1;39m,\r\n      \u001b[0;32m\"*\"\u001b[0m\u001b[1;39m\r\n    \u001b[1;39m]\u001b[0m\u001b[1;39m\r\n  \u001b[1;39m}\u001b[0m\u001b[1;39m,\r\n  \u001b[0m\u001b[34;1m\"ReferenceValues\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m{\r\n    \u001b[0m\u001b[34;1m\"SNP\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m{\r\n      \u001b[0m\u001b[34;1m\"MinimumTCB\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m{\r\n        \u001b[0m\u001b[34;1m\"BootloaderVersion\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[0;39m3\u001b[0m\u001b[1;39m,\r\n        \u001b[0m\u001b[34;1m\"TEEVersion\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[0;39m0\u001b[0m\u001b[1;39m,\r\n        \u001b[0m\u001b[34;1m\"SNPVersion\"\u001b[0m\u001b[1;39m: "]
+[36.929754, "o", "\u001b[0m\u001b[0;39m8\u001b[0m\u001b[1;39m,\r\n        \u001b[0m\u001b[34;1m\"MicrocodeVersion\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[0;39m115\u001b[0m\u001b[1;39m\r\n      \u001b[1;39m}\u001b[0m\u001b[1;39m,\r\n      \u001b[0m\u001b[34;1m\"TrustedIDKeyHashes\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m[\r\n        \u001b[0;32m\"b2bcf1b11d9fb3f2e4e7979546844d26c30255fff0775f3af56f8295f361a7d1a34a54516d41abfff7320763a5b701d8\"\u001b[0m\u001b[1;39m,\r\n        \u001b[0;32m\"22087e0b99b911c9cffccfd9550a054531c105d46ed6d31f948eae56bd2defa4887e2fc4207768ec610aa232ac7490c4\"\u001b[0m\u001b[1;39m,\r\n        \u001b[0;32m\"bb4bb49681f267bd1d504ce1c4388abcf7e3e53b6003a1bfcfe9884056047912ebb9a813da95cf711a0410ddc00fe65b\"\u001b[0m\u001b[1;39m,\r\n        \u001b[0;32m\"92898fbc330c89f8a38b8516087970b1d3361e017c84bd5abe901cab7edeb0a4271509edba1670c14feb82293bcde33f\"\u001b[0m\u001b[1;39m,\r\n        \u001b[0;32m\"089ee8adfc810a72eb2683007f34db9f8160c4d1936b70570b779ef3b7bb66046194298cea8d51ebfd4b7c8a2b8ea2d7\"\u001b[0m\u001b[1;39m\r\n      \u001b[1;39m]\u001b[0m\u001b[1;39m\r\n    \u001b[1;39m}\u001b[0m\u001b[1;39m\r\n  \u001b[1;39m}\u001b[0m\u001b[1;39m,\r\n  \u001b[0m\u001b[34;1m\"WorkloadOwnerKeyDigests\"\u001b[0m\u001b[1;39m: \u001b[0m\u001b[1;39m[\r\n    \u001b[0;32m\"216b9b02a24b6adeae82f594886ecb4178110cdc2e"]
+[36.929794, "o", "448152c7dd0abc1f9de5b0\"\u001b[0m\u001b[1;39m\r\n  \u001b[1;39m]\u001b[0m\u001b[1;39m\r\n\u001b[1;39m}\u001b[0m\r\n"]
+[36.930012, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[37.930635, "o", "#"]
+[37.981073, "o", " "]
+[38.031032, "o", "S"]
+[38.148936, "o", "e"]
+[38.199503, "o", "t"]
+[38.249754, "o", " "]
+[38.299889, "o", "t"]
+[38.34995, "o", "h"]
+[38.424015, "o", "e"]
+[38.474599, "o", " "]
+[38.541002, "o", "m"]
+[38.592089, "o", "a"]
+[38.694471, "o", "n"]
+[38.767858, "o", "i"]
+[38.877382, "o", "f"]
+[38.936648, "o", "e"]
+[38.986666, "o", "s"]
+[39.036707, "o", "t"]
+[39.087283, "o", " "]
+[39.158374, "o", "a"]
+[39.208459, "o", "t"]
+[39.258837, "o", " "]
+[39.309119, "o", "t"]
+[39.376189, "o", "h"]
+[39.426387, "o", "e"]
+[39.476461, "o", " "]
+[39.527126, "o", "c"]
+[39.577514, "o", "o"]
+[39.627627, "o", "o"]
+[39.699207, "o", "r"]
+[39.749322, "o", "d"]
+[39.799414, "o", "i"]
+[39.849694, "o", "n"]
+[39.965058, "o", "a"]
+[40.014773, "o", "t"]
+[40.065192, "o", "o"]
+[40.115994, "o", "r\r\n\u001b[?2004l\r\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[41.116879, "o", "c"]
+[41.167075, "o", "o"]
+[41.217089, "o", "n"]
+[41.267449, "o", "t"]
+[41.318199, "o", "r"]
+[41.36838, "o", "a"]
+[41.418522, "o", "s"]
+[41.468808, "o", "t"]
+[41.518937, "o", " "]
+[41.600129, "o", "s"]
+[41.650445, "o", "e"]
+[41.734569, "o", "t"]
+[41.785674, "o", " "]
+[41.83589, "o", "-"]
+[42.017914, "o", "c"]
+[42.068599, "o", " "]
+[42.138483, "o", "$"]
+[42.189028, "o", "c"]
+[42.239635, "o", "o"]
+[42.290509, "o", "o"]
+[42.341568, "o", "r"]
+[42.391687, "o", "d"]
+[42.490571, "o", "i"]
+[42.541752, "o", "n"]
+[42.591611, "o", "a"]
+[42.641998, "o", "t"]
+[42.692732, "o", "o"]
+[42.742745, "o", "r"]
+[42.793214, "o", ":"]
+[42.84331, "o", "1"]
+[42.894199, "o", "3"]
+[42.944944, "o", "1"]
+[42.995271, "o", "3"]
+[43.045239, "o", " "]
+[43.096117, "o", "d"]
+[43.151831, "o", "e"]
+[43.265202, "o", "p"]
+[43.315521, "o", "l"]
+[43.385005, "o", "o"]
+[43.435567, "o", "y"]
+[43.532871, "o", "m"]
+[43.582876, "o", "e"]
+[43.697437, "o", "n"]
+[43.754074, "o", "t"]
+[43.804357, "o", "/\r\n\u001b[?2004l\r"]
+[43.827828, "o", "  Waiting for coordinator "]
+[44.328763, "o", "."]
+[44.829462, "o", "."]
+[45.328318, "o", "."]
+[45.827888, "o", "."]
+[46.328743, "o", "."]
+[46.828436, "o", "."]
+[47.328053, "o", "."]
+[47.828759, "o", "."]
+[48.328611, "o", "."]
+[48.828341, "o", "."]
+[49.328703, "o", "."]
+[49.828184, "o", "."]
+[50.328265, "o", "."]
+[50.828059, "o", "."]
+[51.32855, "o", "."]
+[51.82806, "o", "."]
+[52.328168, "o", "."]
+[52.337498, "o", "\u001b[2K\r✔️ Connected to coordinator\r\nManifest set successfully\r\n"]
+[52.341813, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[52.341929, "o", "#"]
+[52.392556, "o", " "]
+[52.520676, "o", "A"]
+[52.63086, "o", "p"]
+[52.68086, "o", "p"]
+[52.730956, "o", "l"]
+[52.781054, "o", "y"]
+[52.83151, "o", " "]
+[52.882042, "o", "t"]
+[53.053496, "o", "h"]
+[53.125574, "o", "e"]
+[53.175688, "o", " "]
+[53.225955, "o", "d"]
+[53.341938, "o", "e"]
+[53.45797, "o", "p"]
+[53.508659, "o", "l"]
+[53.558951, "o", "o"]
+[53.609755, "o", "y"]
+[53.688654, "o", "m"]
+[53.757179, "o", "e"]
+[53.807805, "o", "n"]
+[53.857896, "o", "t\r\n\u001b[?2004l\r\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[54.85877, "o", "k"]
+[54.909223, "o", "u"]
+[54.959861, "o", "b"]
+[55.025852, "o", "e"]
+[55.076231, "o", "c"]
+[55.126505, "o", "t"]
+[55.176711, "o", "l"]
+[55.226945, "o", " "]
+[55.277081, "o", "a"]
+[55.361367, "o", "p"]
+[55.412179, "o", "p"]
+[55.46262, "o", "l"]
+[55.522829, "o", "y"]
+[55.573731, "o", " "]
+[55.637439, "o", "-"]
+[55.688155, "o", "f"]
+[55.738389, "o", " "]
+[55.788806, "o", "d"]
+[55.838859, "o", "e"]
+[55.931404, "o", "p"]
+[55.981523, "o", "l"]
+[56.038745, "o", "o"]
+[56.107426, "o", "y"]
+[56.157999, "o", "m"]
+[56.208406, "o", "e"]
+[56.258477, "o", "n"]
+[56.308546, "o", "t"]
+[56.358625, "o", "/\r\n\u001b[?2004l\r"]
+[56.652546, "o", "serviceaccount/emoji created\r\n"]
+[56.85198, "o", "deployment.apps/emoji created\r\n"]
+[56.961027, "o", "service/emoji-svc created\r\n"]
+[57.032662, "o", "pod/port-forwarder-coordinator created\r\n"]
+[57.112219, "o", "pod/port-forwarder-emojivoto-web created\r\n"]
+[57.177579, "o", "deployment.apps/vote-bot created\r\n"]
+[57.248244, "o", "serviceaccount/voting created\r\n"]
+[57.341639, "o", "deployment.apps/voting created\r\n"]
+[57.429243, "o", "service/voting-svc created\r\n"]
+[57.502526, "o", "serviceaccount/web created\r\n"]
+[57.609993, "o", "deployment.apps/web created\r\n"]
+[57.69107, "o", "service/web-svc created\r\n"]
+[57.695655, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[57.695852, "o", "#"]
+[57.745988, "o", " "]
+[57.869625, "o", "E"]
+[57.919724, "o", "n"]
+[57.98037, "o", "d"]
+[58.030252, "o", "-"]
+[58.107681, "o", "u"]
+[58.157647, "o", "s"]
+[58.208356, "o", "e"]
+[58.258363, "o", "r"]
+[58.308538, "o", "s"]
+[58.359732, "o", " "]
+[58.432891, "o", "c"]
+[58.486994, "o", "a"]
+[58.555571, "o", "n"]
+[58.606186, "o", " "]
+[58.656591, "o", "v"]
+[58.706389, "o", "e"]
+[58.809987, "o", "r"]
+[58.859981, "o", "i"]
+[58.938091, "o", "f"]
+[58.988264, "o", "y"]
+[59.038805, "o", " "]
+[59.089252, "o", "t"]
+[59.223663, "o", "h"]
+[59.27378, "o", "e"]
+[59.323654, "o", " "]
+[59.4065, "o", "C"]
+[59.629032, "o", "o"]
+[59.681147, "o", "n"]
+[59.731861, "o", "t"]
+[59.782093, "o", "r"]
+[59.86737, "o", "a"]
+[59.917254, "o", "s"]
+[59.976167, "o", "t"]
+[60.026226, "o", " "]
+[60.07702, "o", "C"]
+[60.126919, "o", "o"]
+[60.255746, "o", "o"]
+[60.305926, "o", "r"]
+[60.35997, "o", "d"]
+[60.5007, "o", "i"]
+[60.552848, "o", "n"]
+[60.602723, "o", "a"]
+[60.65302, "o", "t"]
+[60.703096, "o", "o"]
+[60.758533, "o", "r\r\n\u001b[?2004l\r"]
+[60.758667, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[61.759237, "o", "c"]
+[61.809623, "o", "o"]
+[61.859784, "o", "n"]
+[61.910142, "o", "t"]
+[61.960265, "o", "r"]
+[62.038815, "o", "a"]
+[62.089575, "o", "s"]
+[62.139562, "o", "t"]
+[62.189671, "o", " "]
+[62.24024, "o", "v"]
+[62.293555, "o", "e"]
+[62.344213, "o", "r"]
+[62.394176, "o", "i"]
+[62.444707, "o", "f"]
+[62.521141, "o", "y"]
+[62.571424, "o", " "]
+[62.685591, "o", "-"]
+[62.838921, "o", "c"]
+[62.888833, "o", " "]
+[62.939143, "o", "$"]
+[62.989607, "o", "c"]
+[63.08474, "o", "o"]
+[63.191927, "o", "o"]
+[63.241775, "o", "r"]
+[63.292126, "o", "d"]
+[63.37872, "o", "i"]
+[63.477916, "o", "n"]
+[63.52829, "o", "a"]
+[63.578816, "o", "t"]
+[63.629205, "o", "o"]
+[63.679394, "o", "r"]
+[63.730033, "o", ":"]
+[63.780131, "o", "1"]
+[63.830457, "o", "3"]
+[63.880694, "o", "1"]
+[63.931043, "o", "3\r\n\u001b[?2004l\r"]
+[67.293145, "o", "Successfully verified coordinator\r\n"]
+[67.294688, "o", "\u001b[?2004h"]
+[67.294702, "o", "\u001b[38;2;139;4;221m$\u001b[0m "]
+[67.294806, "o", "l"]
+[67.363297, "o", "s"]
+[67.414091, "o", " "]
+[67.485516, "o", "."]
+[67.535383, "o", "/"]
+[67.720541, "o", "v"]
+[67.771207, "o", "e"]
+[67.82151, "o", "r"]
+[67.872085, "o", "i"]
+[67.96622, "o", "f"]
+[68.041638, "o", "y\r\n\u001b[?2004l\r"]
+[68.043569, "o", "coordinator-root.pem  policy.2566f5b2172910e57b5162190f0556041b86614c8e8d8981f80bf47b621140c0.rego\r\nmanifest.0.json       policy.37427d9bc17b6766909fdd1225298226a344e14ce298c232a6bc2a80baa244b8.rego\r\nmesh-root.pem         policy.561b5164452bee3956e1b3ec0420b2f32c87c53423bb1ec10821bc8be37199e7.rego\r\n"]
+[68.04372, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
+[69.044865, "o", "#"]
+[69.09501, "o", " "]
+[69.222953, "o", "m"]
+[69.344522, "o", "e"]
+[69.39438, "o", "s"]
+[69.469237, "o", "h"]
+[69.519935, "o", "-"]
+[69.606249, "o", "r"]
+[69.694443, "o", "o"]
+[69.745119, "o", "o"]
+[69.795487, "o", "t"]
+[69.846258, "o", "."]
+[69.929674, "o", "p"]
+[69.979789, "o", "e"]
+[70.030573, "o", "m"]
+[70.081014, "o", " "]
+[70.138364, "o", "c"]
+[70.20201, "o", "a"]
+[70.251988, "o", "n"]
+[70.302519, "o", " "]
+[70.372885, "o", "b"]
+[70.423036, "o", "e"]
+[70.472945, "o", " "]
+[70.523517, "o", "u"]
+[70.579669, "o", "s"]
+[70.629827, "o", "e"]
+[70.680124, "o", "d"]
+[70.730475, "o", " "]
+[70.88823, "o", "t"]
+[71.05902, "o", "o"]
+[71.109618, "o", " "]
+[71.165602, "o", "s"]
+[71.215771, "o", "e"]
+[71.265935, "o", "c"]
+[71.316502, "o", "u"]
+[71.366186, "o", "r"]
+[71.444021, "o", "e"]
+[71.493784, "o", "l"]
+[71.560477, "o", "y"]
+[71.610699, "o", " "]
+[71.660799, "o", "c"]
+[71.710875, "o", "o"]
+[71.844034, "o", "n"]
+[71.894421, "o", "n"]
+[71.944716, "o", "e"]
+[71.994724, "o", "c"]
+[72.125885, "o", "t"]
+[72.176286, "o", " "]
+[72.229508, "o", "t"]
+[72.314215, "o", "o"]
+[72.364297, "o", " "]
+[72.414448, "o", "t"]
+[72.464886, "o", "h"]
+[72.579217, "o", "e"]
+[72.629618, "o", " "]
+[72.742751, "o", "s"]
+[72.823353, "o", "e"]
+[72.873616, "o", "r"]
+[72.923813, "o", "v"]
+[72.994176, "o", "i"]
+[73.04447, "o", "c"]
+[73.094789, "o", "e\r\n\u001b[?2004l\r"]
+[73.094834, "o", "\u001b[?2004h\u001b[38;2;139;4;221m$\u001b[0m "]
diff --git a/docs/screencast/scripts/flow.expect b/docs/screencast/scripts/flow.expect
new file mode 100755
index 0000000000..d268a43d94
--- /dev/null
+++ b/docs/screencast/scripts/flow.expect
@@ -0,0 +1,64 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set CTRLX \030
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # This matches the trailing 0m of our ANSI control sequence. See PS1 in Dockerfile.
+    expect "0m "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+
+# Start recording
+spawn asciinema rec --overwrite /recordings/flow.cast
+send "\r"
+expect_prompt
+
+run_command "# Deploy the Contrast Coordinator"
+expect_prompt
+run_command "kubectl apply -f coordinator.yaml"
+expect_prompt
+sleep 3
+run_command "coordinator=`kubectl get svc coordinator -o=jsonpath='\{.status.loadBalancer.ingress\[0\].ip\}'`"
+expect_prompt
+# run_command "echo \$coordinator"
+# expect_prompt
+
+run_command "# Generate workload policies and manifest"
+expect_prompt
+run_command "contrast generate deployment/"
+expect_prompt
+run_command "cat manifest.json | jq"
+expect_prompt
+
+run_command "# Set the manifest at the coordinator"
+expect_prompt
+run_command "contrast set -c \$coordinator:1313 deployment/"
+expect_prompt
+
+run_command "# Apply the deployment"
+expect_prompt
+run_command "kubectl apply -f deployment/"
+expect_prompt
+
+run_command "# End-users can verify the Contrast Coordinator"
+expect_prompt
+run_command "contrast verify -c \$coordinator:1313"
+expect_prompt
+run_command "ls ./verify"
+expect_prompt
+run_command "# mesh-root.pem can be used to securely connect to the service"
+expect_prompt
+
+# Stop recording
+send "exit"
diff --git a/docs/screencast/window-frame.svg b/docs/screencast/window-frame.svg
new file mode 100644
index 0000000000..9801934f3f
--- /dev/null
+++ b/docs/screencast/window-frame.svg
@@ -0,0 +1,38 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="terminal" baseProfile="full" viewBox="0 0 703 404" width="703" version="1.1">
+    <defs>
+        <termtosvg:template_settings xmlns:termtosvg="https://github.com/nbedos/termtosvg">
+            <termtosvg:screen_geometry columns="82" rows="19"/>
+            <termtosvg:animation type="css"/>
+        </termtosvg:template_settings>
+        <style type="text/css" id="generated-style"></style>
+        <style type="text/css" id="user-style">
+            /* The colors defined below are the default 16 colors used for rendering text of the terminal. Adjust
+               them as needed.
+               gjm8 color theme (source: https://terminal.sexy/) */
+            /* customized colors 10, 11, and 14 */
+            .foreground {fill: #f8f8f2}
+            .background {fill: #272822}
+            .color0 {fill: #272822}
+            .color1 {fill: #f92672}
+            .color2 {fill: #a6e22e}
+            .color3 {fill: #f4bf75}
+            .color4 {fill: #66d9ef}
+            .color5 {fill: #ae81ff}
+            .color6 {fill: #a1efe4}
+            .color7 {fill: #f8f8f2}
+            .color8 {fill: #75715e}
+            .color9 {fill: #fd971f}
+            .color10 {fill: #8b04dd}
+            .color11 {fill: #dcaf3b}
+            .color12 {fill: #a59f85}
+            .color13 {fill: #f5f4f1}
+            .color14 {fill: #90ff99}
+            .color15 {fill: #f9f8f5}
+        </style>
+    </defs>
+    <rect id="terminalui" class="background" width="100%" height="100%" ry="4.5826941"/>
+    <circle cx="24" cy="23" r="7" class="color1"/>
+    <circle cx="44" cy="23" r="7" class="color3"/>
+    <circle cx="64" cy="23" r="7" class="color2"/>
+    <svg id="screen" width="656" height="323" x="23" y="50" viewBox="0 0 656 323" preserveAspectRatio="xMidYMin slice"></svg>
+</svg>
\ No newline at end of file
diff --git a/justfile b/justfile
index 93f67eafb5..f9f9ad2ce2 100644
--- a/justfile
+++ b/justfile
@@ -3,22 +3,22 @@ default target=default_deploy_target cli=default_cli: undeploy coordinator initi
 
 # Build the coordinator, containerize and push it.
 coordinator:
-    nix run .#containers.push-coordinator -- "$container_registry/contrast/coordinator"
+    nix run .#containers.push-coordinator -- "$container_registry/contrast/coordinator" >&2
 
 # Build the openssl container and push it.
 openssl:
-    nix run .#containers.push-openssl -- "$container_registry/contrast/openssl"
+    nix run .#containers.push-openssl -- "$container_registry/contrast/openssl" >&2
 
 # Build the port-forwarder container and push it.
 port-forwarder:
-    nix run .#containers.push-port-forwarder -- "$container_registry/contrast/port-forwarder"
+    nix run .#containers.push-port-forwarder -- "$container_registry/contrast/port-forwarder" >&2
 
 service-mesh-proxy:
-    nix run .#containers.push-service-mesh-proxy -- "$container_registry/contrast/service-mesh-proxy"
+    nix run .#containers.push-service-mesh-proxy -- "$container_registry/contrast/service-mesh-proxy" >&2
 
 # Build the initializer, containerize and push it.
 initializer:
-    nix run .#containers.push-initializer -- "$container_registry/contrast/initializer"
+    nix run .#containers.push-initializer -- "$container_registry/contrast/initializer" >&2
 
 default_cli := "contrast.cli"
 default_deploy_target := "simple"
@@ -191,16 +191,17 @@ lint:
 demodir namespace="default": coordinator initializer
     #!/usr/bin/env bash
     d=$(mktemp -d)
-    echo "Creating demo directory at ${d}"
+    echo "Creating demo directory at ${d}" >&2
     cp -R ./deployments/emojivoto "${d}/deployment"
-    rm -f "${d}/deployment/coordinator.yml"
+    rm -f "${d}/deployment/coordinator.yml" "${d}/deployment/ns.yml"
     nix run .#scripts.patch-contrast-image-hashes -- "${d}/deployment"
     nix run .#kypatch images -- "${d}/deployment" \
         --replace ghcr.io/edgelesssys ${container_registry}
     nix run .#kypatch namespace -- "${d}/deployment" \
         --replace edg-default {{ namespace }}
     nix run .#scripts.fetch-latest-contrast -- {{ namespace }} "${d}"
-    echo "Demo directory ready at ${d}"
+    echo "Demo directory ready at ${d}" >&2
+    echo "${d}"
 
 # Cleanup auxiliary files, caches etc.
 clean: undeploy