Admin Settings
GiftWrapt has two configuration surfaces:
- Environment variables - boot-time secrets and connection strings. See Environment variables.
- Admin settings - everything else, stored in the
app_settingstable and editable from the admin UI without a restart.
This page is the map: what each admin section controls and where to read more.
Where to Find It
Section titled “Where to Find It”The admin panel lives at /admin. Once you’re signed in as an admin, the top-right user menu shows the link. Each section is a sub-route:
| Section | Path | What it controls |
|---|---|---|
| Dashboard | /admin | At-a-glance counts and recent activity. |
| Users | /admin/users | User list, roles, partner/guardian relationships, user-detail pages, impersonation. |
| Settings | /admin/settings | App-level toggles: list types, archive timing, comments, mobile, OIDC, passkeys. |
/admin/email | Email-family toggles (comments, birthday, Christmas, holiday, reminders, relationship reminders) and a test-send button. | |
| Auth | /admin/auth | OIDC client config; passkey toggle. |
| Barcode | /admin/barcode | Mobile barcode-lookup provider, API key, cache TTL, and scraper fallback. Surfaced when enableMobileApp is on. |
| Scraping | /admin/scraping | URL scraping providers, tiers, quality threshold, cache, AI toggles. |
| AI | /admin/ai | LLM provider (OpenAI / Anthropic / OpenAI-compatible), model, base URL, API key. |
| Intelligence | /admin/intelligence | Recommendations feature: enable, schedule, analyzers, retention, notifications. |
| Storage | /admin/storage | Bucket connectivity, recent uploads, test-upload. |
| Scheduling | /admin/scheduling | Cron-run history and next-fire times per endpoint. |
| Data | /admin/data | DB-level diagnostics and one-off admin actions. |
What Lives in app_settings vs. Env
Section titled “What Lives in app_settings vs. Env”A rough heuristic:
| In env | In app_settings |
|---|---|
| Database connection | List type toggles |
| Master encryption key | Email family toggles |
| Cron secret | Reveal-delay offsets |
| Storage credentials | Scraper provider configs |
| Default Resend API key (optional) | AI provider config |
| Default AI provider (optional) | Intelligence settings |
| Logging | Cron-run retention |
Env vars are baked in at boot; changes need a restart. app_settings changes apply on the next read (cron tick, next request, etc.) without a restart.
A few secret fields in app_settings (scraper API keys, AI keys, OIDC client secret) are AES-256-GCM-encrypted using a key derived from BETTER_AUTH_SECRET. Don’t rotate BETTER_AUTH_SECRET without re-entering those.
Top-Level Toggles Worth Knowing
Section titled “Top-Level Toggles Worth Knowing”A few app-wide toggles that shape what users see:
| Setting | Default | What it does |
|---|---|---|
appTitle | GiftWrapt | Rendered in nav, emails, OG tags. |
defaultListType | wishlist | Pre-selected type in the new-list dialog. |
enableChristmasLists | true | Christmas list type available. Disables related reminders and emails when off. |
enableBirthdayLists | true | Same, for birthday lists. |
enableGenericHolidayLists | true | Same, for admin-curated custom holidays. |
enableTodoLists | true | Todo lists, a separate row shape from gift items. |
enableComments | true | Item comments. |
enableMobileApp | false | Exposes the mobile API and shows the per-device API key UI. See Mobile App. |
enablePasskeys | false | WebAuthn passkey enrollment. |
The list-type toggles are deliberately fine-grained so a single-family deployment can run wishlists-only and not see Christmas / birthday / holiday machinery anywhere.
Reveal Timing
Section titled “Reveal Timing”These control when claims auto-archive (which is also when the recipient sees them):
| Setting | Default (days) | When it fires |
|---|---|---|
archiveDaysAfterBirthday | 14 | N days after the recipient’s birthday. Applies to birthday and wishlist lists owned by that user. |
archiveDaysAfterChristmas | 14 | N days after Dec 25. Applies to all Christmas lists. |
archiveDaysAfterHoliday | 14 | N days after the configured holiday’s occurrence. Per-list via customHolidayId. |
The auto-archive runs regardless of whether the corresponding email toggle is on. Disabling the post-birthday email doesn’t disable the reveal.
Cross-References
Section titled “Cross-References”Each admin section has its own configuration page in these docs: