Values are stored in launcher_db.app_secrets.
Apps read them at lifespan startup via the localhost-only internal API. A restart picks up changes.
Use app shared for a cross-app key
(e.g. shared/openai-api-key): every app inherits it,
no per-app copy needed. An app-specific row still overrides the shared one.
Mints a signed JWT bound to the host + path with the chosen expiry. The URL is shown
once — copy it from the prompt. To kill a link before its expiry, click Revoke below.
To kill every outstanding link at once, delete the
launcher/share-link-secret row in App secrets above.