Extension settings (admin UI)
Host module @artiroute/host/settings stores admin-only extension configuration in the database.
Backend
Extensions declare keys during setup:
ts
export default defineExtension((ctx) => {
ctx.registerSettingsKeys({
keys: ['issuer', 'clientId', 'redirectUri'],
secretKeys: ['clientSecret'],
});
const issuer = ctx.settings.get('issuer');
void ctx.settings.getSecret('clientSecret');
});Secrets are encrypted at rest with EXTENSION_SECRETS_KEY (32-byte base64).
Admin GraphQL API
| Operation | Description |
|---|---|
adminExtensionSettings(extensionId) | Plain values + { configured: true } for secrets |
updateAdminExtensionSettings(extensionId, settings) | Upsert settings; empty secret field keeps previous value |
Requires admin session (Authorization: Bearer), same as adminExtensions.
After save the host reloads the extension backend so auth routes pick up new config.
Frontend settings tab
Register a custom panel in app.settingsTabs:
ts
getExtensionRegistry<ExtensionSettingsTabItem>('app.settingsTabs').register('my-ext__settings', {
key: 'my-ext',
extensionId: '@artiroute/my-ext',
label: 'My Extension',
icon: 'pi-cog',
requiredRoles: ['admin'],
panel: MySettingsPanel,
});Inside the panel use @artiroute/host/settings:
ts
import { getExtensionSettings, saveExtensionSettings } from '@artiroute/host/settings';See reference implementations: auth-keycloak, auth-ldap.