Settings
Panel-wide configuration β email, encrypted secrets, git accounts, locality, and the audit log. Admin-only.
Settings is the admin area for panel-wide configuration β a set of pages in the sidebar, each covered below.
Configure the SMTP server SpipCP uses to send invites, password resets, and monitoring alerts. Email settings are stored encrypted, and login never depends on email β so a broken mailer can't lock you out.
β Detail: Setup wizard.
DNS providers
Named DNS credentials β Cloudflare, Bunny, Hetzner, deSEC, or Gcore β that let SpipCP create DNS records for you when you attach a domain. The API token is encrypted and never reaches a node, and an account can be set as a default that cascades node β instance β domain. To run your own nameservers instead, see the DNS section.
β Full page: DNS providers.
SSL issuers
Alternative certificate authorities for HTTPS β ZeroSSL or Actalis (ACME with EAB) and bring-your-own custom certificates. Let's Encrypt is the default and needs no account. Secrets (EAB HMAC keys, private keys) are encrypted and never reach a node; the chosen issuer cascades node β instance β domain.
β Full page: SSL issuer accounts.
Secrets
The encrypted secret store. Secrets are kept encrypted, and revealing one is audited, so there's a record of every time a secret was viewed.
Git accounts
Reusable provider credentials (GitHub, GitLab, Bitbucket, Gitea) used to browse repos and register deploy keys. The token stays in the panel and never reaches a node.
β Full page: Git accounts.
Locality
The panel's default timezone and locale, plus per-user overrides β so timestamps and formats read the way each person expects.
β Detail: Locality.
Audit log
The append-only record of accountable actions β who did what, when. Also reachable from Activity in the sidebar.
β Full page: Audit log.
Admin only
Settings is admin-only. Operators don't see it in their navigation, and the server refuses the underlying calls either way β hiding the menu is just a convenience on top of that.
DB console & restarts
Open the site's database in Adminer behind a single-use, short-lived token gate, copy password-free connection snippets, and restart a service (nginx / PHP-FPM / the app unit) from the site workspace β with the panel asserting the unit came back.
Users & Roles
Invite people to the panel and give them a role. Admin-only.



