Secret (Optional) field on login page

olgs · March 30, 2021, 12:23am

I am self-hosted.

I am a little dense on this and have looked through the documentation and source but I cannot figure out the use of the “Secret (Optional)” field that is on the login page. I understand it is tied to the APP_KEY variable in .env but what is the use?

If I put in my email/password/2fa, and put it random characters in the field I can still login?

This also shows up on the iOS app.

Super confused.

Thanks.

hillel · March 30, 2021, 5:38am

Hi,

You can optionally set an APP_SECRET value in the .env file

olgs · March 30, 2021, 9:03am

So, it is like a type of second password?

hillel · March 30, 2021, 9:13am

Correct, it’s an additional layer of security

ovizii · March 30, 2021, 3:33pm

can you somehow “whitelist” apps?

i.e. do not require it if accessed via the IN web front end but do require it if accessed from a desktop or mobile app?

hillel · March 30, 2021, 3:39pm

No, it isn’t supported