Settings¶
What it's for¶
Admin → Settings holds the server-wide configuration: how clients authenticate to the backend, how admins sign in, mail, and data retention. Most of it is set once and rarely touched again.
How to use it¶
Client connectivity — the API key. Every client authenticates to your
backend with the installation's API key shown here. New devices receive it
automatically during activation; for scripted
rollouts you can download it embedded in a valenius-setup.ini.
Rotate the API key (hygiene, or after a suspected leak):
- Click Rotate key. Both the old and new key stay valid during a grace window.
- Clients adopt the new key automatically on their next check-in — no visits to any machine.
- Once the fleet has switched (give it a day for laptops that are off), click Retire previous key.
Traffic data retention Pro — how many days of traffic samples to keep (default 90).
Authentication methods & OIDC — which sign-in methods the admin panel accepts and the identity-provider configuration. Covered in Users & sign-in.
SMTP configuration — outgoing mail server, with a test-send button to verify it.
Pitfalls¶
- Retiring the previous key too early strands offline devices. A laptop that was in a drawer during the whole grace window comes back knowing only the retired key and can't check in — it would need a reinstall or manual key fix. Rotate, wait, then retire.
- Rotation is not an emergency lockout. An attacker actively using the current key receives the new one like any client. To cut off a single device, deactivate or delete that client instead.
- OIDC settings apply on container restart, not on save — see Users & sign-in.