{% extends "settings/_layout.html" %} {% block settings_title %}Credentials{% endblock %} {% block settings_content %}

Credentials

Write-only: values are encrypted at rest and never sent back to the browser. Leave a field blank to keep it unchanged.

{% if not key_present %}
No encryption key found.

Credentials cannot be saved until the master key is in place. Generate one with openssl rand -base64 32 and mount it as the alembic_master_key secret, then restart. See the setup check.

{% endif %}
{% for scope, fields in scope_fields.items() %} {% set is_core = scope in core_scopes %} {% set is_enabled = enabled.get(scope, True) %}

{{ scope }} {% if is_core %} Required {% elif configured.get(scope) %} Configured {% else %} Not configured {% endif %}

{{ scope_descriptions.get(scope, "") }}

{% if not is_core %}
{% endif %}
{% if not is_core and not is_enabled %}

Disabled — its scheduled automation is paused (or, for buy-link sources, its rendered credential file is removed) until you turn this back on. Saved values below are kept.

{% endif %} {% if scope == "spotify" %}

Newly created Spotify apps can no longer read playlists without this — connecting an account mints a user token that works where the app-only credentials above are blocked. Grandfathered apps keep working without it.

{% if "refresh_token" in configured.get(scope, []) %} Connected Reconnect Spotify {% else %} Connect Spotify {% endif %}
{% endif %}
{% for field in fields %} {% if not (scope == "spotify" and field == "refresh_token") %}
{% if field in ("cookies_txt",) %} {% elif field in secret_keys %} {% else %} {% endif %}
{% endif %} {% endfor %}
{% endfor %}
{% endblock %}