Admin Config
Persist auth-method, email-client, Stripe, and public UI configuration in the database.
The admin config plugin stores operational auth configuration in the same adapter as the rest of Kernia. It is meant for SaaS admin panels where an owner can turn login methods on or off, configure email delivery, review Stripe settings, and publish public login-screen state without editing Python code.
Installation
uv add kerniaServer configuration
from kernia.plugins.admin import admin
from kernia.plugins.admin_config import AdminConfigOptions, admin_config
auth = init(KerniaOptions(
database=adapter,
secret=os.environ["KERNIA_SECRET"],
plugins=(
admin(),
admin_config(AdminConfigOptions(admin_roles=("admin", "owner"))),
),
))Stored model
adminConfig rows store a string key, JSON value, optional secretFields, and timestamps. Secret fields are accepted on write and redacted on read so admin screens can show configured state without leaking credentials.
Auth-method gate
Disabled methods fail before their normal handler runs. The gate covers email/password, magic link, email OTP, username, phone number, SIWE, anonymous, one-tap, passkey, and SSO route prefixes.
/api/auth/admin/config/auth-methodsReturns enabled/disabled state and labels for public login methods.
/api/auth/admin/config/auth-methodsUpdates login method state. Secrets are not stored in this document.
Email clients
Email client config supports smtp, resend, and postmark records. Store API keys or SMTP passwords as secret fields and return only redacted values to the browser.
Stripe settings
Stripe setup belongs in admin config when the SaaS app needs a database-backed setup screen. Keep webhook signing secrets write-only and verify the live webhook endpoint separately.
Public UI config
A login screen can call the public config endpoint to decide which buttons to render. It should still handle server-side disabled errors because admin state may change while the page is open.