Settings
Configure your personal preferences, encryption keys, and integrations.
The Settings page is divided into sections accessible from the left navigation. Admins see additional sections not visible to regular users.
General
Theme
Choose between Light and Dark appearance. Your preference is saved locally in the browser.
Organisation Display Name (Admins only)
Set the human-readable name shown for your organization in the dashboard.
MCP Auto-Quarantine (Admins only)
Toggle whether newly detected MCP servers are automatically quarantined in the desktop client until an admin approves them. Controlled by the org-level auto_quarantine_other_mcp_servers setting. See MCP Quarantine for the full flow.
Session
Displays your current email address and role. Click Sign Out to end your session.
Secrets
Personal Encryption Key
Edison Watch uses zero-knowledge encryption to protect your MCP server credentials. Your personal key never leaves your browser - Edison only stores a hash.
| State | Description |
|---|---|
| Not set up | No key registered yet. |
| Not verified | A key is registered on the server but hasn't been loaded in this browser session. |
| Active | Key is registered and cached in this browser. |
Setting up a new key:
- Click Generate a new key - Edison generates a 256-bit key in your browser and registers its hash.
- Save the key somewhere safe (password manager). It will not be shown again.
Using an existing key: Click I already have a key and paste your key to verify it in this browser.
Key management:
- Roll Key - Generates a new key and re-encrypts your credentials.
- Reset Key - Removes the key and all associated encrypted data.
Organization Encryption Key
Admins can set an organization-wide encryption key that encrypts admin-set server credentials for all users. Users enter this key once to decrypt those credentials.
Admin flow:
- Click Generate a new key - a 256-bit organization key is generated.
- Copy and securely distribute the key to your users (e.g. via a password manager or encrypted message).
- To rotate the key, click Roll Organization Key and supply the current composite key.
User flow:
- Click Enter existing key and paste the key your admin provided.
MCP Server Credentials
Lists all servers that require user-provided values (API keys, tokens, etc.). Fill in any missing fields to activate those servers for your account.
Enterprise Features (Enterprise only)
This section is visible only to users in enterprise organizations.
PII Obfuscation
Automatically detect and redact personally identifiable information (PII) in MCP tool results before they reach AI models. Obfuscated values are replaced with opaque tokens that are transparently restored when passed back to tools, so workflows continue to function normally.
Enable PII obfuscation: Toggle the master switch to activate obfuscation for your account.
Detectors: When enabled, you can toggle individual PII categories:
| Detector | What it catches |
|---|---|
| Email addresses | Email patterns (e.g. [email protected]) |
| API keys & tokens | OpenAI keys, GitHub PATs, AWS access keys, Google API keys, Slack tokens |
| Phone numbers | Phone number patterns (via Presidio) |
| Credit card numbers | Credit card patterns (via Presidio) |
PII obfuscation is a per-user setting. Each user in an enterprise organization can enable or disable it independently and choose which detectors are active.
Integrations (Enterprise only)
Configure connections to external AI tools, SIEM endpoints, and other enterprise services. This section generates the configuration snippets and URLs your AI clients need to connect through Edison Watch. Visible to users in enterprise organizations.
Encryption keys are stored only in your browser's memory and are never sent to Edison's servers in plaintext. Clearing your browser data will remove the cached key - you'll need to verify it again on next login.