diff --git a/agent/actions/login.go b/agent/actions/login.go
index ab26aaa..3d5e165 100644
--- a/agent/actions/login.go
+++ b/agent/actions/login.go
@@ -34,10 +34,13 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 	var masterpasswordHash string
 
 	if secret, err := cfg.GetClientSecret(); err == nil && secret != "" {
+		actionsLog.Info("Logging in with client secret")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithApiKey(ctx, req.Email, cfg, vault)
 	} else if req.Passwordless {
+		actionsLog.Info("Logging in with passwordless")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithDevice(ctx, req.Email, cfg, vault)
 	} else {
+		actionsLog.Info("Logging in with master password")
 		token, masterKey, masterpasswordHash, err = bitwarden.LoginWithMasterpassword(ctx, req.Email, cfg, vault)
 	}
 	if err != nil {
diff --git a/agent/config/config.go b/agent/config/config.go
index a95a497..3708d73 100644
--- a/agent/config/config.go
+++ b/agent/config/config.go
@@ -165,6 +165,8 @@ func (c *Config) Purge() {
 	c.ConfigFile.EncryptedMasterPasswordHash = ""
 	c.ConfigFile.EncryptedToken = ""
 	c.ConfigFile.EncryptedUserSymmetricKey = ""
+	c.ConfigFile.EncryptedClientID = ""
+	c.ConfigFile.EncryptedClientSecret = ""
 	c.ConfigFile.ConfigKeyHash = ""
 	c.ConfigFile.EncryptedMasterKey = ""
 	key := NewBuffer(32, c.useMemguard)
@@ -189,6 +191,8 @@ func (c *Config) UpdatePin(password string, write bool) {
 	plaintextUserSymmetricKey, err3 := c.decryptString(c.ConfigFile.EncryptedUserSymmetricKey)
 	plaintextEncryptedMasterPasswordHash, err4 := c.decryptString(c.ConfigFile.EncryptedMasterPasswordHash)
 	plaintextMasterKey, err5 := c.decryptString(c.ConfigFile.EncryptedMasterKey)
+	plaintextClientID, err6 := c.decryptString(c.ConfigFile.EncryptedClientID)
+	plaintextClientSecret, err7 := c.decryptString(c.ConfigFile.EncryptedClientSecret)
 
 	key := NewBufferFromBytes(newKey, c.useMemguard)
 	c.key = &key
@@ -205,6 +209,12 @@ func (c *Config) UpdatePin(password string, write bool) {
 	if err5 == nil {
 		c.ConfigFile.EncryptedMasterKey, err5 = c.encryptString(plaintextMasterKey)
 	}
+	if err6 == nil {
+		c.ConfigFile.EncryptedClientID, err6 = c.encryptString(plaintextClientID)
+	}
+	if err7 == nil {
+		c.ConfigFile.EncryptedClientSecret, err7 = c.encryptString(plaintextClientSecret)
+	}
 	c.mu.Unlock()
 
 	if write {
diff --git a/cmd/config.go b/cmd/config.go
index 8867833..851e8e2 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/quexten/goldwarden/ipc/messages"
 	"github.com/spf13/cobra"
@@ -116,6 +117,10 @@ var setApiClientIDCmd = &cobra.Command{
 		}
 
 		id := args[0]
+		if len(id) >= 2 && strings.HasPrefix(id, "\"") && strings.HasSuffix(id, "\"") {
+			id = id[1 : len(id)-1]
+		}
+		id = strings.TrimSpace(id)
 		request := messages.SetClientIDRequest{}
 		request.Value = id
 
@@ -149,6 +154,10 @@ var setApiSecretCmd = &cobra.Command{
 		}
 
 		secret := args[0]
+		if len(secret) >= 2 && strings.HasPrefix(secret, "\"") && strings.HasSuffix(secret, "\"") {
+			secret = secret[1 : len(secret)-1]
+		}
+		secret = strings.TrimSpace(secret)
 		request := messages.SetClientSecretRequest{}
 		request.Value = secret
 
diff --git a/ui/goldwarden.py b/ui/goldwarden.py
index dd3b638..424a59c 100644
--- a/ui/goldwarden.py
+++ b/ui/goldwarden.py
@@ -28,13 +28,13 @@ def set_notification_url(url):
         raise Exception("Failed to initialize repository, err", result.stderr)
 
 def set_client_id(client_id):
-    restic_cmd = f"{BINARY_PATH} config set-client-id {client_id}"
+    restic_cmd = f"{BINARY_PATH} config set-client-id \"{client_id}\""
     result = subprocess.run(restic_cmd.split(), capture_output=True, text=True)
     if result.returncode != 0:
         raise Exception("Failed err", result.stderr)
 
 def set_client_secret(client_secret):
-    restic_cmd = f"{BINARY_PATH} config set-client-secret {client_secret}"
+    restic_cmd = f"{BINARY_PATH} config set-client-secret \"{client_secret}\""
     result = subprocess.run(restic_cmd.split(), capture_output=True, text=True)
     if result.returncode != 0:
         raise Exception("Failed err", result.stderr)
diff --git a/ui/settings.py b/ui/settings.py
index 90c42ee..94db32d 100644
--- a/ui/settings.py
+++ b/ui/settings.py
@@ -304,10 +304,8 @@ def show_login():
         def login():
             res = goldwarden.login_with_password(email_entry.get_text(), "password")
             def handle_res():
-                print("handle res", res)
                 if res == "ok":
                     dialog.close()
-                    print("ok")
                 elif res == "badpass":
                     bad_pass_diag = Gtk.MessageDialog(transient_for=dialog, modal=True, message_type=Gtk.MessageType.ERROR, buttons=Gtk.ButtonsType.OK, text="Bad password")
                     bad_pass_diag.connect("response", lambda dialog, response: bad_pass_diag.close())