diff --git a/flake.lock b/flake.lock
index 8036d42..b5376a3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5199,11 +5199,11 @@
         "stylix": "stylix_6"
       },
       "locked": {
-        "lastModified": 1779216861,
-        "narHash": "sha256-fmgvPXXlrVJhIRGNjuYbrr5sHNFxFdlU3kdkmmzPirY=",
+        "lastModified": 1779211946,
+        "narHash": "sha256-PZsNGNnwgiFh8sm8POIEeDf/JVB0+lhGEApp/wS4XCk=",
         "ref": "release-25.11",
-        "rev": "a7daa3b9f33cf266218a04c41f4c45af1c7e5207",
-        "revCount": 92,
+        "rev": "fe6b0d6c47b29b95697c310997f19bf70a29e8a6",
+        "revCount": 89,
         "type": "git",
         "url": "https://git.sid.ovh/sid/synix.git"
       },
diff --git a/hosts/rx4/secrets/secrets.yaml b/hosts/rx4/secrets/secrets.yaml
index e78419f..0589c8a 100644
--- a/hosts/rx4/secrets/secrets.yaml
+++ b/hosts/rx4/secrets/secrets.yaml
@@ -18,11 +18,8 @@ vaultwarden:
     smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str]
 hetzner-api-key: ENC[AES256_GCM,data:casjNOXzuQDWgnSFftbBMygA8kGpGiZDqup08faWO9kfjvgOyWOXeqPd2VA1ND8yfM2LvoLYvPs6gUWtni2ldQ==,iv:p2W24uhJgBvpi3g4+cHw0/XbbTM5oYCPHreMBUR4CNs=,tag:lpwjZGoJe/91+CHX/hAkKA==,type:str]
 librechat:
-    jwt-secret: ENC[AES256_GCM,data:/OJr23Sw975byjyHN6yqWxuk5FeRfLdQYYOPYJeDHTjzq9X78c3VHqdvnN2a9ZUEtzRi1sx6YLIjNkxBkGbvuQ==,iv:2D0iBj2U3iy3JPtKZBWP5nCfmXMA2/pBhBKUD2f5DoM=,tag:0ZYNxBhUdCBOne0otcG2iQ==,type:str]
-    jwt-refresh-secret: ENC[AES256_GCM,data:qIaunHUMTUFyp88whrxe65eM3Mfi3EX0ieWOUCmYYojSKQQRudh8d4Cb1zMqPbXJLG3zqTVCaZl9xwQn5K4Z/g==,iv:k5+oSCd0TzdOmIUe8BQBesofjvjuRiPXdLT6H9yQf18=,tag:4wcJjX7MvJNx19PCxgqyhw==,type:str]
-    creds-key: ENC[AES256_GCM,data:EljwEqFByJaOjd8lRFGwo/FyXHUtl5an0xS1EjRe+kmpo5z4P33EUKbMeeIl69rEcziMHZQLiadzSEcS2cb2uA==,iv:sidBN6VTBeFhMUtN67HZuyofiXCeGFG4tuMRckLZv84=,tag:n7vI8LuPgER3J6r6Q6Jkjg==,type:str]
-    creds-iv: ENC[AES256_GCM,data:oc0sPm5RM/7AbH3vdDLJ2m0q6C7eAAME0GPbiojHZUspP8Cto5QX5WKnUjUVLLcvgK+t6pnu7BEmAuD3PLr11A==,iv:Z6XJmlqv0ULFiwqHyRO5v7lb/iyv4g9aSTV4xw9VTXU=,tag:7kptbQwc6lBZ70aXw7wOVA==,type:str]
-    meili-master-key: ENC[AES256_GCM,data:eugFl40a6Ks3ba8hcn83WS76AwA0TXkhu3K4gSrbNHtXRliLQCWhGTEvoaQSeb7whmpszh4zh8cKSxByBdhJiQ==,iv:rrWlcVyBlrE5dnBBFWjheIo6SgQTbkzqskGQvQczR+U=,tag:fjKOSVoPxomA3qUw+baV4w==,type:str]
+    jwt-token: ENC[AES256_GCM,data:/NZfZsvg4mDCgB3prDbyPEXIOuN/WSWP3dmSYlvTn7TRSO6oKtnSz20zC0FLvwDAn5QvBYvBKF+LnYjXJeUNkw==,iv:vgESrSyy6IoCMNHG0eL05c9k7Z+tdNb88u5sz+4cYCI=,tag:/WPi7v3hrgKPgwdV0ZE2Bg==,type:str]
+    jwt-refresh-token: ENC[AES256_GCM,data:w/gHj+dXgGk4BcT1ueIdVujjgYWzUGgY8TG/ci8WUDkU12aPcqi6Kuqe55Did0s2AH1Am+1cToy/Q8QiOnt7QQ==,iv:5LJ8ht5yZlql+TayLwU3CNhAd9DUjGw8sRamwbwm7JA=,tag:GJ9zaU7p36oZsOnXeifyyw==,type:str]
 sops:
     age:
         - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy
@@ -43,7 +40,7 @@ sops:
             NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8
             f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-19T19:05:23Z"
-    mac: ENC[AES256_GCM,data:X2ELeFFUNEonCDZqJ5a9JCJ8U1EysxcIfbZM751NMK9PvJM8wbRC7MUg5cM/r25Gmua+voch9piTfmL77bJaCq8p6p9EwcBNxc1Weo5sWsHQ5J78MOAoO0wuDSBibOdI7CYEmFC8tRSoEdRQWRBoIOVCyP40fk5fEHhGYOAg9hE=,iv:8PGZRzEq2ezWvdKPi47cECvZD2wJpTDysgLZY3LYOcs=,tag:7TmaiYJ5MEj1+80i2jUgGw==,type:str]
+    lastmodified: "2026-05-19T17:41:34Z"
+    mac: ENC[AES256_GCM,data:UPpz15iUrysYMovpNFLGyAnw1TZ8mmGUo4HDCPlyGI8ADo0v8RfhGjBL/0H0EIA4UX6D+EfRpp4wNacvTdgapQmKHd4H2Q4uDxRUJAHaAkBQVljiuTAEf+8aF/99/U5nEoYrUba15zV8WOONDD7CnzMm+fOosjJuZwKd+akt0KQ=,iv:+nzB0ffdB4PGsnaQ5x9WzWrhfcVQqv1WENUEJOAYbyE=,tag:VvEgvSyBUZixRK3MgCpFvQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.12.1
diff --git a/hosts/rx4/services/librechat-oci.nix b/hosts/rx4/services/librechat-oci.nix
index e4b915b..80db7a1 100644
--- a/hosts/rx4/services/librechat-oci.nix
+++ b/hosts/rx4/services/librechat-oci.nix
@@ -19,10 +19,6 @@ in
     inherit port;
     externalUrl = "https://${fqdn}";
     environmentFile = config.sops.templates.librechat-env-file.path;
-
-    # environment = {
-    #   ALLOW_REGISTRATION = "true";
-    # };
   };
 
   services.nginx.virtualHosts."${fqdn}" = {
@@ -47,20 +43,11 @@ in
   };
 
   sops = {
-    # generate with:
-    # openssl rand -hex 32
-    secrets."librechat/jwt-secret" = { };
-    secrets."librechat/jwt-refresh-secret" = { };
-    secrets."librechat/creds-key" = { };
-    secrets."librechat/creds-iv" = { };
-    secrets."librechat/meili-master-key" = { };
-
+    secrets."librechat/jwt-token" = { }; # openssl rand -hex 32
+    secrets."librechat/jwt-refresh-token" = { }; # openssl rand -hex 32
     templates.librechat-env-file.content = ''
-      JWT_SECRET=${config.sops.placeholder."librechat/jwt-secret"}
-      JWT_REFRESH_SECRET=${config.sops.placeholder."librechat/jwt-refresh-secret"}
-      CREDS_KEY=${config.sops.placeholder."librechat/creds-key"}
-      CREDS_IV=${config.sops.placeholder."librechat/creds-iv"}
-      MEILI_MASTER_KEY=${config.sops.placeholder."librechat/meili-master-key"}
+      JET_TOKEN=${config.sops.placeholder."librechat/jwt-token"}
+      JET_REFRESH_TOKEN=${config.sops.placeholder."librechat/jwt-refresh-token"}
     '';
   };
 }