diff --git a/modules/core/sovran-hub.nix b/modules/core/sovran-hub.nix
index 51f3526..a981ed1 100644
--- a/modules/core/sovran-hub.nix
+++ b/modules/core/sovran-hub.nix
@@ -61,7 +61,11 @@ let
     # ── Communication ──────────────────────────────────────────
     ++ [
       { name = "Matrix-Synapse"; unit = "matrix-synapse.service"; type = "system"; icon = "synapse"; enabled = cfg.services.synapse;          category = "communication"; credentials = [
-        { label = "Users"; file = "/var/lib/secrets/matrix-users"; multiline = true; }
+        { label = "Homeserver URL";   file = "/var/lib/secrets/matrix-homeserver-url"; }
+        { label = "Admin Username";   file = "/var/lib/secrets/matrix-admin-username"; }
+        { label = "Admin Password";   file = "/var/lib/secrets/matrix-admin-password"; }
+        { label = "Test Username";    file = "/var/lib/secrets/matrix-test-username"; }
+        { label = "Test Password";    file = "/var/lib/secrets/matrix-test-password"; }
       ]; }
       { name = "Element-Call";   unit = "livekit.service";        type = "system"; icon = "livekit"; enabled = cfg.features.element-calling;  category = "communication"; credentials = []; }
     ]
diff --git a/modules/synapse.nix b/modules/synapse.nix
index 580e835..9bf64bb 100755
--- a/modules/synapse.nix
+++ b/modules/synapse.nix
@@ -226,6 +226,23 @@ CREDS
         fi
 
         chmod 600 "$CREDS_FILE"
+
+        # Write individual credential files for the hub UI (umask 077 ensures 600 from creation)
+        PREEXISTING_NOTE="Password set during original setup"
+        (umask 077; echo "https://$DOMAIN" > /var/lib/secrets/matrix-homeserver-url)
+        (umask 077; echo "@$ADMIN_USER:$DOMAIN" > /var/lib/secrets/matrix-admin-username)
+        if [ "$ADMIN_CREATED" = true ]; then
+          (umask 077; echo "$ADMIN_PASS" > /var/lib/secrets/matrix-admin-password)
+        else
+          (umask 077; echo "$PREEXISTING_NOTE" > /var/lib/secrets/matrix-admin-password)
+        fi
+        (umask 077; echo "@$TEST_USER:$DOMAIN" > /var/lib/secrets/matrix-test-username)
+        if [ "$TEST_CREATED" = true ]; then
+          (umask 077; echo "$TEST_PASS" > /var/lib/secrets/matrix-test-password)
+        else
+          (umask 077; echo "$PREEXISTING_NOTE" > /var/lib/secrets/matrix-test-password)
+        fi
+
         echo "Matrix users setup completed."
       fi
     '';