Account

Settings

Bring your own API keys

Keys are sent to the server, encrypted with AES-GCM using KEY_ENCRYPTION_KEY, and stored as ciphertext. They are decrypted only at request time. The plaintext never touches localStorage.

No keys saved yet.

Auth

Sign-in is wired to better-auth with email/password and Google OAuth (the same grant used for Calendar). Configure AUTH_SECRET, GOOGLE_CLIENT_ID, and GOOGLE_CLIENT_SECRET as Worker secrets.