diff --git a/maloja/data_files/config/clients/example_file.tsv b/maloja/data_files/config/clients/example_file.tsv
deleted file mode 100644
index 008c446..0000000
--- a/maloja/data_files/config/clients/example_file.tsv
+++ /dev/null
@@ -1,6 +0,0 @@
-# Only the entries in authenticated_machines.tsv are used, this is an example file
-# It is recommended to have a separate key for every scrobbler application you use,
-# as well as a key for manual interactions on the website
-YDzcmp8JpYHCcvJbDOVT7nEDoyCEND6K	Chromium Extension on Manjaro
-correcthorsebatterystaple		Pano Scrobbler on Android
-thingolisthebestking			Web Interface
diff --git a/maloja/database.py b/maloja/database.py
index f4180c2..34cdcfc 100644
--- a/maloja/database.py
+++ b/maloja/database.py
@@ -10,7 +10,7 @@ from .malojauri import uri_to_internal, internal_to_uri, compose_querystring
 from .thirdparty import proxy_scrobble_all
 
 from .__pkginfo__ import version
-from .globalconf import data_dir, malojaconfig
+from .globalconf import data_dir, malojaconfig, apikeystore
 
 # doreah toolkit
 from doreah.logging import log
@@ -103,24 +103,14 @@ def add_known_server(url):
 
 
 
-### symmetric keys are fine for now since we hopefully use HTTPS
-def loadAPIkeys():
-	global clients
-	tsv.create(data_dir['clients']("authenticated_machines.tsv"))
-	#createTSV("clients/authenticated_machines.tsv")
-	clients = tsv.parse(data_dir['clients']("authenticated_machines.tsv"),"string","string")
-	#clients = parseTSV("clients/authenticated_machines.tsv","string","string")
-	log("Authenticated Machines: " + ", ".join([m[1] for m in clients]))
 
-def checkAPIkey(k):
-	#return (k in [k for [k,d] in clients])
-	for key, identifier in clients:
-		if key == k: return identifier
+log("Authenticated Machines: " + ", ".join([k for k in apikeystore]))
 
-	return False
+def checkAPIkey(key):
+	return any((key == apikeystore[k]) for k in apikeystore)
 
 def allAPIkeys():
-	return [k for [k,d] in clients]
+	return [apikeystore[k] for k in apikeystore]
 
 
 ####
@@ -706,7 +696,6 @@ def start_db():
 	log("Starting database...")
 	global lastsync
 	lastsync = int(datetime.datetime.now(tz=datetime.timezone.utc).timestamp())
-	loadAPIkeys()
 	build_db()
 	#run(dbserver, host='::', port=PORT, server='waitress')
 	log("Database reachable!")
diff --git a/maloja/globalconf.py b/maloja/globalconf.py
index 2e773b5..8dc37ea 100644
--- a/maloja/globalconf.py
+++ b/maloja/globalconf.py
@@ -1,6 +1,7 @@
 import os
 from doreah.configuration import Configuration
 from doreah.configuration import types as tp
+from doreah.keystore import KeyStore
 
 from .__pkginfo__ import versionstr
 
@@ -258,7 +259,7 @@ data_directories = {
 	"images":pthj(dir_settings['state'],"images"),
 	"scrobbles":pthj(dir_settings['state'],"scrobbles"),
 	"rules":pthj(dir_settings['config'],"rules"),
-	"clients":pthj(dir_settings['config'],"clients"),
+	"clients":pthj(dir_settings['config']),
 	"settings":pthj(dir_settings['config']),
 	"css":pthj(dir_settings['config'],"custom_css"),
 	"logs":pthj(dir_settings['logs']),
@@ -305,6 +306,27 @@ config(
 )
 
 
+
+
+### API KEYS
+
+
+
+### symmetric keys are fine for now since we hopefully use HTTPS
+apikeystore = KeyStore(file=data_dir['clients']("apikeys.yml"),save_endpoint="/apis/mlj_1/api_keys")
+
+oldfile = pthj(dir_settings['config'],"clients","authenticated_machines.tsv")
+if os.path.exists(oldfile):
+	try:
+		from doreah import tsv
+		clients = tsv.parse(oldfile,"string","string")
+		for key,identifier in clients:
+			apikeystore[identifier] = key
+		os.remove(oldfile)
+	except:
+		pass
+
+
 # what the fuck did i just write
 # this spaghetti file is proudly sponsored by the rice crackers i'm eating at the
 # moment as well as some cute chinese girl whose asmr i'm listening to in the
diff --git a/maloja/proccontrol/setup.py b/maloja/proccontrol/setup.py
index af2ed2f..8062e06 100644
--- a/maloja/proccontrol/setup.py
+++ b/maloja/proccontrol/setup.py
@@ -4,11 +4,11 @@ from doreah.io import col, ask, prompt
 from doreah import auth
 import os
 
-from ..globalconf import data_dir, dir_settings, malojaconfig
+from ..globalconf import data_dir, dir_settings, malojaconfig, apikeystore
 
 
 # EXTERNAL API KEYS
-apikeys = [
+ext_apikeys = [
 	"LASTFM_API_KEY",
 	"SPOTIFY_API_ID",
 	"SPOTIFY_API_SECRET",
@@ -33,7 +33,7 @@ def setup():
 	SKIP = malojaconfig["SKIP_SETUP"]
 
 	print("Various external services can be used to display images. If not enough of them are set up, only local images will be used.")
-	for k in apikeys:
+	for k in ext_apikeys:
 		keyname = malojaconfig.get_setting_info(k)['name']
 		key = malojaconfig[k]
 		if key is False:
@@ -47,13 +47,11 @@ def setup():
 
 
 	# OWN API KEY
-	if not os.path.exists(data_dir['clients']("authenticated_machines.tsv")):
+	if len(apikeystore) == 0:
 		answer = ask("Do you want to set up a key to enable scrobbling? Your scrobble extension needs that key so that only you can scrobble tracks to your database.",default=True,skip=SKIP)
 		if answer:
-			key = randomstring(64)
+			key = apikeystore.generate_key('default')
 			print("Your API Key: " + col["yellow"](key))
-			with open(data_dir['clients']("authenticated_machines.tsv"),"w") as keyfile:
-				keyfile.write(key + "\t" + "Default Generated Key")
 
 	# PASSWORD
 	forcepassword = malojaconfig["FORCE_PASSWORD"]
diff --git a/maloja/server.py b/maloja/server.py
index c15a6b2..8b00259 100644
--- a/maloja/server.py
+++ b/maloja/server.py
@@ -21,7 +21,7 @@ from doreah import auth
 from . import database
 from .utilities import resolveImage
 from .malojauri import uri_to_internal, remove_identical
-from .globalconf import malojaconfig, data_dir
+from .globalconf import malojaconfig, apikeystore, data_dir
 from .jinjaenv.context import jinja_environment
 from .apis import init_apis
 
@@ -231,6 +231,7 @@ def static_html(name):
 		"adminmode":adminmode,
 		"config":malojaconfig,
 		"apikey":request.cookies.get("apikey") if adminmode else None,
+		"apikeys":apikeystore,
 		"_urikeys":keys, #temporary!
 	}
 	loc_context["filterkeys"], loc_context["limitkeys"], loc_context["delimitkeys"], loc_context["amountkeys"], loc_context["specialkeys"] = uri_to_internal(keys)
diff --git a/maloja/web/jinja/abstracts/admin.jinja b/maloja/web/jinja/abstracts/admin.jinja
index 2098ea3..0e0a271 100644
--- a/maloja/web/jinja/abstracts/admin.jinja
+++ b/maloja/web/jinja/abstracts/admin.jinja
@@ -36,11 +36,16 @@
 					{% else %}
 						<a href="/admin_issues">Database Maintenance</a>
 					{% endif %} |
-					 {% if page=='admin_settings' %}
+					{% if page=='admin_settings' %}
 						<span style="opacity:0.5;">Settings</span>
 					{% else %}
 						<a href="/admin_settings">Settings</a>
-					{% endif %}
+					{% endif %} |
+					{% if page=='admin_apikeys' %}
+					   <span style="opacity:0.5;">API Keys</span>
+				   {% else %}
+					   <a href="/admin_apikeys">API Keys</a>
+				   {% endif %}
 				</span>
 				<br/><br/>
 				<span id="notification"></span>
diff --git a/maloja/web/jinja/admin_apikeys.jinja b/maloja/web/jinja/admin_apikeys.jinja
new file mode 100644
index 0000000..bc16fb4
--- /dev/null
+++ b/maloja/web/jinja/admin_apikeys.jinja
@@ -0,0 +1,8 @@
+{% set page ='admin_apikeys' %}
+{% extends "abstracts/admin.jinja" %}
+{% block title %}Maloja - API Keys{% endblock %}
+
+
+{% block maincontent %}
+{{ apikeys.html() }}
+{% endblock %}