Account · keys · theme

User profile, API key vault (Fernet-encrypted at rest), and the multi-tenant theming controls that drive the whitelabel.

Profile

Email + display name + role + last-login timestamp. The first registered user is auto-promoted to admin; admins can promote/demote others and manage tenant settings. Self-delete is blocked (foot-gun); last-admin-delete is blocked (foot-gun).

API keys

One row per linked provider. Columns: provider id, masked key (e.g. PKGP...44F), linked-at timestamp, last-used-at, status. Buttons:

• Test — fire test_provider_connection.
• Rotate — paste a new key; old key is purged from the encrypted store.
• Unlink — delete; takes effect immediately.

Keys are stored under Fernet symmetric encryption. The master key sits at data/.auth_secret (chmod 600 + gitignored). Only the masked prefix/suffix is ever surfaced to the UI; the full plaintext key is never readable after submission.

Tenant theme & whitelabel

Admins see the Tenant theme section. Fields:

• Logo — upload a PNG/SVG (replaces the N badge in the header).
• Display name — replaces "NVTrader" in the header.
• Primary, accent, bg, panel colors — color pickers. Live preview at the top of the page.
• Custom CSS — text area. Injected site-wide via the shared auth.js bootstrap (after Tailwind, so it can override anything).

Multi-tenant data isolation

Every per-user resource (API keys, saved sleeves, audit decisions, scheduler history) is keyed on tenant_id. Cross-tenant reads are blocked at the SQL layer in src/traderspace/auth/queries.py.

REST surface