diff --git a/.travis.yml b/.travis.yml
index fd0b94a..87e96f0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,5 +7,5 @@ install: "mvn install -P ci -U --quiet -DskipTests=true"
 script: "mvn -U -P ci test"
 env: MAVEN_OPTS="-Dhttps.protocols=SSLv3 -Dforce.http.jre.executor=true"
 branches:
-  only:
-    - master
+  except:
+    - demo-profile
diff --git a/pom.xml b/pom.xml
index 62bbe4a..7efdf23 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,21 +8,10 @@
     <name>Zuul: Parent POM</name>
     <url>https://github.com/psmith/Zuul</url>
     <scm>
-        <connection>scm:git:git@github.com:Confluex/zuul.git</connection>
-        <url>scm:git:git@github.com:Confluex/zuul.git</url>
-        <developerConnection>scm:git:git@github.com:Confluex/zuul.git</developerConnection>
-        <tag>1.6.x</tag>
+        <connection>scm:git:git@github.com:mcantrell/Zuul.git</connection>
+        <url>scm:git:git@github.com:mcantrell/Zuul.git</url>
+        <developerConnection>scm:git:git@github.com:mcantrell/Zuul.git</developerConnection>
     </scm>
-    <distributionManagement>
-        <repository>
-            <id>confluex-public-releases</id>
-            <url>http://dev.confluex.com/nexus/content/repositories/public-releases</url>
-        </repository>
-        <snapshotRepository>
-            <id>confluex-public-snapshots</id>
-            <url>http://dev.confluex.com/nexus/content/repositories/public-snapshots</url>
-        </snapshotRepository>
-    </distributionManagement>
     <licenses>
         <license>
             <name>The Apache Software License, Version 2.0</name>
@@ -36,16 +25,9 @@
             <name>Mike Cantrell</name>
             <email>mike.humansonly@devnull.org</email>
         </developer>
-        <developer>
-            <id>psmith</id>
-            <name>Paul.Smith</name>
-            <email>psmith.humansonly@confluex.com</email>
-        </developer>
     </developers>
     <properties>
         <devnull.version>1.1</devnull.version>
-        <sonar.language>grvy</sonar.language>
-        <sonar.sources>src/main/groovy</sonar.sources>
     </properties>
     <parent>
         <groupId>org.devnull</groupId>
diff --git a/zuul-data/pom.xml b/zuul-data/pom.xml
index d813367..19b74f9 100644
--- a/zuul-data/pom.xml
+++ b/zuul-data/pom.xml
@@ -115,4 +115,18 @@
             <artifactId>greenmail</artifactId>
         </dependency>
     </dependencies>
+
+    <build>
+        <plugins>
+            <!-- no need to deploy this module to central repo -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>2.7</version>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>
diff --git a/zuul-data/src/main/groovy/org/devnull/zuul/data/model/SettingsEntry.groovy b/zuul-data/src/main/groovy/org/devnull/zuul/data/model/SettingsEntry.groovy
index 6f9c19d..f538773 100644
--- a/zuul-data/src/main/groovy/org/devnull/zuul/data/model/SettingsEntry.groovy
+++ b/zuul-data/src/main/groovy/org/devnull/zuul/data/model/SettingsEntry.groovy
@@ -40,14 +40,4 @@ class SettingsEntry implements Serializable {
 
     @Column(nullable = false)
     Boolean encrypted = false
-
-    SettingsEntry copy() {
-        return new SettingsEntry(
-                key: this.key,
-                value: this.value,
-                group: this.group,
-                id: this.id,
-                encrypted: this.encrypted
-        )
-    }
 }
diff --git a/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulService.groovy b/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulService.groovy
index 186fef7..9a376cb 100644
--- a/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulService.groovy
+++ b/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulService.groovy
@@ -74,11 +74,11 @@ public interface ZuulService {
 
     SettingsEntry findSettingsEntry(Integer id)
 
-    @PreAuthorize("hasPermission(#entry.group.environment, 'admin')")
-    SettingsEntry encryptSettingsEntryValue(SettingsEntry entry)
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    SettingsEntry encryptSettingsEntryValue(Integer entryId)
 
-    @PreAuthorize("hasPermission(#entry.group.environment, 'admin')")
-    SettingsEntry decryptSettingsEntryValue(SettingsEntry entry)
+    @PreAuthorize("hasRole('ROLE_ADMIN')")
+    SettingsEntry decryptSettingsEntryValue(Integer entryId)
 
     @PreAuthorize("hasPermission(#entry.group.environment, 'admin')")
     void deleteSettingsEntry(SettingsEntry entry)
diff --git a/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulServiceImpl.groovy b/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulServiceImpl.groovy
index 18618e1..307784a 100644
--- a/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulServiceImpl.groovy
+++ b/zuul-data/src/main/groovy/org/devnull/zuul/service/ZuulServiceImpl.groovy
@@ -204,25 +204,25 @@ class ZuulServiceImpl implements ZuulService {
     }
 
     @Transactional(readOnly = false)
-    SettingsEntry encryptSettingsEntryValue(final SettingsEntry entry) {
-        def result = entry.copy()
-        if (result.encrypted) {
-            throw new ConflictingOperationException("Cannot encrypt value that are already encrypted. Entry ID: " + result.id)
+    SettingsEntry encryptSettingsEntryValue(Integer entryId) {
+        def entry = settingsEntryDao.findOne(entryId)
+        if (entry.encrypted) {
+            throw new ConflictingOperationException("Cannot encrypt value that are already encrypted. Entry ID: " + entryId)
         }
-        result.value = encryptionStrategy.encrypt(result.value, result.group.key)
-        result.encrypted = true
-        return result
+        entry.value = encryptionStrategy.encrypt(entry.value, entry.group.key)
+        entry.encrypted = true
+        return entry
     }
 
     @Transactional(readOnly = false)
-    SettingsEntry decryptSettingsEntryValue(final SettingsEntry entry) {
-        def result = entry.copy()
-        if (!result.encrypted) {
-            throw new ConflictingOperationException("Cannot decrypt value that are already decrypted. Entry ID: " + result.id)
+    SettingsEntry decryptSettingsEntryValue(Integer entryId) {
+        def entry = settingsEntryDao.findOne(entryId)
+        if (!entry.encrypted) {
+            throw new ConflictingOperationException("Cannot decrypt value that are already decrypted. Entry ID: " + entryId)
         }
-        result.value = encryptionStrategy.decrypt(result.value, result.group.key)
-        result.encrypted = false
-        return result
+        entry.value = encryptionStrategy.decrypt(entry.value, entry.group.key)
+        entry.encrypted = false
+        return entry
     }
 
     SettingsEntry findSettingsEntry(Integer id) {
diff --git a/zuul-data/src/test/groovy/org/devnull/zuul/data/model/SettingsEntryTest.groovy b/zuul-data/src/test/groovy/org/devnull/zuul/data/model/SettingsEntryTest.groovy
deleted file mode 100644
index 5ef8db8..0000000
--- a/zuul-data/src/test/groovy/org/devnull/zuul/data/model/SettingsEntryTest.groovy
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.devnull.zuul.data.model
-
-import org.junit.Test
-
-
-class SettingsEntryTest {
-
-    @Test
-    void shouldCopyValuesToNewObjectReference() {
-        def group = new SettingsGroup(key: new EncryptionKey(password: "abc123"))
-        def entry = new SettingsEntry(id: 1, key: "a", value: "foo", encrypted: true)
-        group.addToEntries(entry)
-        def copy = entry.copy()
-        assert !copy.is(entry)
-        assert copy == entry
-    }
-}
diff --git a/zuul-data/src/test/groovy/org/devnull/zuul/service/ZuulServiceImplTest.groovy b/zuul-data/src/test/groovy/org/devnull/zuul/service/ZuulServiceImplTest.groovy
index 301d5b7..e7634f5 100644
--- a/zuul-data/src/test/groovy/org/devnull/zuul/service/ZuulServiceImplTest.groovy
+++ b/zuul-data/src/test/groovy/org/devnull/zuul/service/ZuulServiceImplTest.groovy
@@ -562,14 +562,14 @@ public class ZuulServiceImplTest {
     void shouldErrorWhenTryingToEncryptValuesWhichAreAlreadyEncrypted() {
         def entry = new SettingsEntry(id: 1, encrypted: true)
         when(service.settingsEntryDao.findOne(entry.id)).thenReturn(entry)
-        service.encryptSettingsEntryValue(entry)
+        service.encryptSettingsEntryValue(entry.id)
     }
 
     @Test(expected = ConflictingOperationException)
     void shouldErrorWhenTryingToDecryptValuesWhichAreAlreadyDecrypted() {
         def entry = new SettingsEntry(id: 1, encrypted: false)
         when(service.settingsEntryDao.findOne(entry.id)).thenReturn(entry)
-        service.decryptSettingsEntryValue(entry)
+        service.decryptSettingsEntryValue(entry.id)
     }
 
     @Test
@@ -581,32 +581,12 @@ public class ZuulServiceImplTest {
         when(service.settingsEntryDao.findOne(entry.id)).thenReturn(entry)
         when(service.settingsEntryDao.save(entry)).thenReturn(entry)
         when(service.encryptionStrategy.encrypt(entry.value, group.key)).thenReturn("encryptedValue")
-        def encryptedEntry = service.encryptSettingsEntryValue(entry)
+        def encryptedEntry = service.encryptSettingsEntryValue(entry.id)
         verify(service.encryptionStrategy).encrypt("foo", group.key)
         assert encryptedEntry.encrypted
         assert encryptedEntry.value == "encryptedValue"
     }
 
-    @Test
-    void shouldEncryptSettingsEntryWithoutModifyingTheOriginalObject() {
-        def group = new SettingsGroup(key: new EncryptionKey(password: "abc123"))
-        def entry = new SettingsEntry(id: 1, key: "a", value: "foo")
-        group.addToEntries(entry)
-
-        def result = service.encryptSettingsEntryValue(entry)
-        assert !result.is(entry)
-
-        assert result.id == entry.id
-        assert result.group == entry.group
-        assert entry.key == entry.key
-
-        assert result.value != entry.value
-        assert entry.value == "foo"
-        assert result.encrypted != entry.encrypted
-        assert result.encrypted
-        assert !entry.encrypted
-    }
-
     @Test
     void shouldDecryptSettingsEntryWithItsGroupKey() {
         def group = new SettingsGroup(key: new EncryptionKey(password: "abc123"))
@@ -616,31 +596,12 @@ public class ZuulServiceImplTest {
         when(service.settingsEntryDao.findOne(entry.id)).thenReturn(entry)
         when(service.settingsEntryDao.save(entry)).thenReturn(entry)
         when(service.encryptionStrategy.decrypt(entry.value, group.key)).thenReturn("decrypted")
-        def decrypted = service.decryptSettingsEntryValue(entry)
+        def decrypted = service.decryptSettingsEntryValue(entry.id)
         verify(service.encryptionStrategy).decrypt("encrypted", group.key)
         assert !decrypted.encrypted
         assert decrypted.value == "decrypted"
     }
 
-    @Test
-    void shouldDecryptSettingsEntryWithoutModifyingTheOriginalObject() {
-        def group = new SettingsGroup(key: new EncryptionKey(password: "abc123"))
-        def entry = new SettingsEntry(id: 1, key: "a", value: "foo", encrypted: true)
-        group.addToEntries(entry)
-
-        def result = service.decryptSettingsEntryValue(entry)
-        assert !result.is(entry)
-
-        assert result.id == entry.id
-        assert result.group == entry.group
-        assert entry.key == entry.key
-
-        assert result.value != entry.value
-        assert entry.value == "foo"
-        assert !result.encrypted
-        assert entry.encrypted
-    }
-
     @Test
     void findEntryShouldReturnResultFromDao() {
         def expected = new SettingsEntry(id: 1)
diff --git a/zuul-web/src/main/groovy/org/devnull/zuul/web/OpenIdLoginController.groovy b/zuul-web/src/main/groovy/org/devnull/zuul/web/OpenIdLoginController.groovy
index 09f6be5..c9cb261 100644
--- a/zuul-web/src/main/groovy/org/devnull/zuul/web/OpenIdLoginController.groovy
+++ b/zuul-web/src/main/groovy/org/devnull/zuul/web/OpenIdLoginController.groovy
@@ -1,29 +1,14 @@
 package org.devnull.zuul.web
 
-import groovy.json.JsonSlurper
 import org.springframework.context.annotation.Profile
-import org.springframework.core.io.ClassPathResource
 import org.springframework.stereotype.Controller
 import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RequestMethod
-import org.springframework.web.servlet.ModelAndView
 
 @Controller
 @Profile("security-openid")
 class OpenIdLoginController {
-
-    @RequestMapping(value = "/login", method = RequestMethod.GET)
-    public ModelAndView login() {
-        //return back to index.jsp
-        ModelAndView model = new ModelAndView("/login/openid");
-        model.addObject("providers",  getProviders());
-        return model;
-
-    }
-
-    def getProviders(){
-        def json = new ClassPathResource("security/OpenIdProviders.json").inputStream.text
-        def slurper = new JsonSlurper()
-        return slurper.parseText(json).openIdProviders
+    @RequestMapping("/login")
+    String login() {
+        return "/login/openid"
     }
 }
diff --git a/zuul-web/src/main/groovy/org/devnull/zuul/web/SettingsServicesController.groovy b/zuul-web/src/main/groovy/org/devnull/zuul/web/SettingsServicesController.groovy
index 162fffb..c79a29f 100644
--- a/zuul-web/src/main/groovy/org/devnull/zuul/web/SettingsServicesController.groovy
+++ b/zuul-web/src/main/groovy/org/devnull/zuul/web/SettingsServicesController.groovy
@@ -150,9 +150,9 @@ class SettingsServicesController {
      */
     @RequestMapping(value = "/settings/entry/encrypt.json")
     @ResponseBody
-    SettingsEntry encrypt(@RequestParam("id")Integer id) {
-        def entry = zuulService.findSettingsEntry(id)
-        return zuulService.encryptSettingsEntryValue(entry)
+    SettingsEntry encrypt(@RequestParam("id") Integer id) {
+        def entry = zuulService.encryptSettingsEntryValue(id)
+        return zuulService.save(entry, SettingsAudit.AuditType.ENCRYPT)
     }
 
     /**
@@ -161,8 +161,8 @@ class SettingsServicesController {
     @RequestMapping(value = "/settings/entry/decrypt.json")
     @ResponseBody
     SettingsEntry decrypt(@RequestParam("id") Integer id) {
-        def entry = zuulService.findSettingsEntry(id)
-        return zuulService.decryptSettingsEntryValue(entry)
+        def entry = zuulService.decryptSettingsEntryValue(id)
+        return zuulService.save(entry, SettingsAudit.AuditType.DECRYPT)
     }
 
 }
diff --git a/zuul-web/src/main/resources/examples/zuul-data-config.properties b/zuul-web/src/main/resources/examples/zuul-data-config.properties
new file mode 100644
index 0000000..38f9718
--- /dev/null
+++ b/zuul-web/src/main/resources/examples/zuul-data-config.properties
@@ -0,0 +1,59 @@
+#------------ In Memory H2 Database ------------#
+# Embedded databases which is useful for        #
+# evaluation purposes. The data is wiped after  #
+# server restart.                               #
+#-----------------------------------------------#
+jdbc.zuul.url=jdbc:h2:mem:zuul
+#jdbc.zuul.url=jdbc:h2:tcp://localhost/~/.zuul/data
+jdbc.zuul.generate.ddl=validate
+jdbc.zuul.username=sa
+jdbc.zuul.password=
+jdbc.zuul.driver=org.h2.Driver
+jdbc.zuul.dialect=org.hibernate.dialect.H2Dialect
+jdbc.zuul.validationQuery=select 1
+
+#------------ Microsoft SQL Database ------------#
+# Create a connection for microsoft SQL server   #
+# using the JTDS driver.                         #
+#                                                #
+# Check the JTDS docs for more info:             #
+# http://jtds.sourceforge.net/faq.html#urlFormat #
+#------------------------------------------------#
+#jdbc.zuul.url=jdbc:jtds:sqlserver://SERVERNAME:1433/zuul
+#jdbc.zuul.generate.ddl=none
+#jdbc.zuul.username=
+#jdbc.zuul.password=
+#jdbc.zuul.driver=net.sourceforge.jtds.jdbc.Driver
+#jdbc.zuul.dialect=org.hibernate.dialect.SQLServerDialect
+#jdbc.zuul.validationQuery=select 1
+
+#---------------- MySQL Database ----------------#
+# Create a connection for MySQL                  #
+#------------------------------------------------#
+#jdbc.zuul.url=jdbc:mysql://SERVERNAME/zuul
+#jdbc.zuul.generate.ddl=none
+#jdbc.zuul.username=
+#jdbc.zuul.password=
+#jdbc.zuul.driver=com.mysql.jdbc.Driver
+#jdbc.zuul.dialect=org.hibernate.dialect.MySQLDialect
+#jdbc.zuul.validationQuery=select 1 from DUAL
+
+#---------------- Other Databases ----------------#
+# Zuul should work with most other databases. You #
+# Just need to find out the appropriate driver    #
+# class, hibernate dialect and validation query.  #
+#                                                 #
+# Google has your back. Go do some searching :-)  #
+#-------------------------------------------------#
+
+
+#------------ Mail Settings ------------#
+# If set to 3025 and localhost, an      #
+# embedded GreenMail server will be     #
+# started for testing purposes.         #
+#---------------------------------------#
+smtp.port=25
+smtp.host=smtp
+smtp.from=Zuul <zuul@mydomain.com>
+smtp.username=
+smtp.password=
diff --git a/zuul-web/src/main/resources/security/OpenIdProviders.json b/zuul-web/src/main/resources/security/OpenIdProviders.json
deleted file mode 100644
index 96aa91e..0000000
--- a/zuul-web/src/main/resources/security/OpenIdProviders.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-    "openIdProviders": [
-
-        {
-            "name": "Google",
-            "openIdUrl": "https://www.google.com/accounts/o8/id",
-            "iconLocation": "google.png"
-        },
-        {
-            "name": "Yahoo!",
-            "openIdUrl": "https://me.yahoo.com/",
-            "iconLocation": "yahoo.png"
-        },
-        {
-            "name": "Verisign",
-            "openIdUrl": "https://pip.verisignlabs.com/",
-            "iconLocation": "verisign.png"
-        },
-        {
-            "name": "Aol",
-            "openIdUrl": "https://openid.aol.com",
-            "iconLocation": "aol.png"
-        }
-
-    ]
-}
\ No newline at end of file
diff --git a/zuul-web/src/main/webapp/WEB-INF/jsp/login/openid.jsp b/zuul-web/src/main/webapp/WEB-INF/jsp/login/openid.jsp
index f06d9f2..d1e7e74 100644
--- a/zuul-web/src/main/webapp/WEB-INF/jsp/login/openid.jsp
+++ b/zuul-web/src/main/webapp/WEB-INF/jsp/login/openid.jsp
@@ -16,13 +16,15 @@
             <h1>Select a Login Provider</h1>
         </div>
         <ul class="thumbnails">
-            <c:forEach var="provider" items="${providers}">
-                <li class="span2">
-                    <z:openIdProvider url="${provider.openIdUrl}"
-                                      icon="${provider.iconLocation}"
-                                      name="${provider.name}" />
-                </li>
-            </c:forEach>
+            <li class="span2">
+                <z:openIdProvider url="https://www.google.com/accounts/o8/id" icon="google.png" name="Google"/>
+            </li>
+            <li class="span2">
+                <z:openIdProvider url="https://me.yahoo.com/" icon="yahoo.png" name="Yahoo!"/>
+            </li>
+            <li class="span2">
+                <z:openIdProvider url="https://myopenid.com/" icon="myopenid.png" name="My OpenID!"/>
+            </li>
         </ul>
     </div>
     <div class="span-6">
diff --git a/zuul-web/src/main/webapp/WEB-INF/jsp/settings/_viewGroup.jsp b/zuul-web/src/main/webapp/WEB-INF/jsp/settings/_viewGroup.jsp
index c247ea3..d34d2c9 100644
--- a/zuul-web/src/main/webapp/WEB-INF/jsp/settings/_viewGroup.jsp
+++ b/zuul-web/src/main/webapp/WEB-INF/jsp/settings/_viewGroup.jsp
@@ -95,7 +95,7 @@
             <td>
                 <c:if test="${isAdmin}">
                     <div class="btn-group">
-                        <button class="btn edit-link" data-id="${e.id}" data-encrypted="${e.encrypted}">
+                        <button class="btn edit-link" data-id="${e.id}">
                             <i class="icon-edit"></i>
                             Edit
                         </button>
@@ -103,6 +103,14 @@
                             <span class="caret"></span>
                         </button>
                         <ul class="settings-entry dropdown-menu">
+                            <li>
+                                <a href="javascript:void(0);" class="encrypt-link" data-id="${e.id}"
+                                   data-encrypted="${e.encrypted}">
+                                    <i class="icon-lock"></i>
+                                        ${e.encrypted ? 'Decrypt' : 'Encrypt'}
+                                </a>
+                            </li>
+                            <li class="divider"></li>
                             <li>
                                 <a href="#" class="delete-link" data-id="${e.id}">
                                     <i class="icon-trash"></i>
diff --git a/zuul-web/src/main/webapp/WEB-INF/jsp/settings/show.jsp b/zuul-web/src/main/webapp/WEB-INF/jsp/settings/show.jsp
index 15e0238..1b761a1 100644
--- a/zuul-web/src/main/webapp/WEB-INF/jsp/settings/show.jsp
+++ b/zuul-web/src/main/webapp/WEB-INF/jsp/settings/show.jsp
@@ -87,15 +87,17 @@
                     <label class="control-label" for="value">Value</label>
 
                     <div class="controls">
-                        <div class="input-append">
-                            <input id="value" name="value" class="span3" type="text">
-                            <span id="encryptToggle" class="add-on" title="Toggle Encryption">
-                                <i class="icon-lock"></i>
-                            </span>
-                        </div>
+                        <input id="value" name="value" class="span3" type="text">
+                    </div>
+                </div>
+                <div class="control-group">
+                    <label class="control-label" for="encrypted">Encrypted</label>
+
+                    <div class="controls">
+                        <input id="encrypted" name="encrypted" type="checkbox" value="true" title="Encrypted Flag"
+                               data-content="Use only to manually encrypted state. Can be useful for resetting values, etc.">
                     </div>
                 </div>
-                <input id="encrypted" name="encrypted" type="hidden" value="true"/>
             </fieldset>
         </form>
     </div>
diff --git a/zuul-web/src/main/webapp/assets/images/logins/aol.png b/zuul-web/src/main/webapp/assets/images/logins/aol.png
deleted file mode 100644
index e5a80e3..0000000
Binary files a/zuul-web/src/main/webapp/assets/images/logins/aol.png and /dev/null differ
diff --git a/zuul-web/src/main/webapp/assets/images/logins/flickr.png b/zuul-web/src/main/webapp/assets/images/logins/flickr.png
deleted file mode 100644
index 1e6f45c..0000000
Binary files a/zuul-web/src/main/webapp/assets/images/logins/flickr.png and /dev/null differ
diff --git a/zuul-web/src/main/webapp/assets/images/logins/verisign.png b/zuul-web/src/main/webapp/assets/images/logins/verisign.png
deleted file mode 100644
index 3a1262c..0000000
Binary files a/zuul-web/src/main/webapp/assets/images/logins/verisign.png and /dev/null differ
diff --git a/zuul-web/src/main/webapp/assets/js/json-form.js b/zuul-web/src/main/webapp/assets/js/json-form.js
index 7b86f51..af8e3c9 100644
--- a/zuul-web/src/main/webapp/assets/js/json-form.js
+++ b/zuul-web/src/main/webapp/assets/js/json-form.js
@@ -5,7 +5,6 @@
     var dialog = null;
     var onSave = null;
     var onDelete = null;
-    var onLoad = null;
     var onError = function(xhr, status, error) {
         try {
             var json = $.parseJSON(xhr.responseText);
@@ -35,7 +34,6 @@
             dialog = options.dialog;
             onSave = options.onSave;
             onDelete = options.onDelete;
-            onLoad = options.onLoad;
             if (dialog) {
                 registerButtonHandlers();
             }
@@ -50,7 +48,6 @@
                 success:function (data, status, xhr) {
                     var binder = Binder.FormBinder.bind(form.get(0), data);
                     binder.deserialize();
-                    if (onLoad) onLoad(data);
                 },
                 error: onError
             });
diff --git a/zuul-web/src/main/webapp/assets/js/settings-show.js b/zuul-web/src/main/webapp/assets/js/settings-show.js
index a636324..451450b 100644
--- a/zuul-web/src/main/webapp/assets/js/settings-show.js
+++ b/zuul-web/src/main/webapp/assets/js/settings-show.js
@@ -2,14 +2,25 @@ $(function () {
     var dialog = $('#editEntryDialog').modal({show:false});
     var link = null;
 
+    var updateEncryptLink = function(target, encrypted) {
+        target.data('encrypted', encrypted);
+        target.text(encrypted ? ' Decrypt ' : ' Encrypt ');
+        var icon = $(document.createElement('i')).addClass("icon-lock");
+        target.prepend(icon);
+    };
+
     var toggleEncrypt = function () {
+        link = $(this);
         var operation = link.data('encrypted') ? 'decrypt' : 'encrypt';
         var id = link.data('id');
         $.ajax({
             url:getContextPath() + "/settings/entry/" + operation + ".json",
             data:{id:id},
             contentType:'application/json',
-            success:onUpdateHandler,
+            success:function (data) {
+                updateEncryptLink(link, data.encrypted);
+                link.parents("tr").children(".value").text(data.value);
+            },
             error: showJsonErrors
         });
     };
@@ -33,21 +44,13 @@ $(function () {
     };
     var onSaveHandler = function (entry) {
         var row = link.parents("tr");
+        updateEncryptLink(link.parent().find(".encrypt-link"), entry.encrypted);
         row.fadeOut('slow', function () {
             row.children(".value").text(entry.value);
             row.children(".key").text(entry.key);
         });
         row.fadeIn('slow');
     };
-    var onUpdateHandler = function(entry) {
-        var encrypted = entry.encrypted;
-        link.data('encrypted', encrypted);
-        $("#value").val(entry.value).attr("readonly", encrypted);
-        $("#encrypted").val(encrypted);
-        $("#encryptToggle").
-            toggleClass("btn-danger", !encrypted).find("i")
-            .toggleClass("icon-white", !encrypted);
-    };
     var showEditDialog = function () {
         link = $(this);
         $('#editEntryDialog').modal('show');
@@ -93,9 +96,10 @@ $(function () {
     };
 
 
-    $("#encryptToggle").click(toggleEncrypt).tooltip({placement:'right', trigger:'hover'});
+    $("#encrypted").popover({placement:'right', trigger:'hover'});
     $(".descriptive").popover({placement:'top', trigger:'hover'});
-    $("#editEntryForm").jsonForm({ dialog:dialog, onSave:onSaveHandler, onDelete:onDeleteHandler, onLoad: onUpdateHandler });
+    $("#editEntryForm").jsonForm({ dialog:dialog, onSave:onSaveHandler, onDelete:onDeleteHandler });
+    $(".encrypt-link").click(toggleEncrypt);
     $(".edit-link").click(showEditDialog);
     $(".delete-link").click(deleteEntry);
     $(".delete-group-link").click(deleteGroup);
diff --git a/zuul-web/src/test/groovy/org/devnull/zuul/web/OpenIdLoginControllerTest.groovy b/zuul-web/src/test/groovy/org/devnull/zuul/web/OpenIdLoginControllerTest.groovy
index 5d54766..1393391 100644
--- a/zuul-web/src/test/groovy/org/devnull/zuul/web/OpenIdLoginControllerTest.groovy
+++ b/zuul-web/src/test/groovy/org/devnull/zuul/web/OpenIdLoginControllerTest.groovy
@@ -13,31 +13,7 @@ public class OpenIdLoginControllerTest {
     
     @Test
     void shouldHaveLoginPage() {
-        def modelView = controller.login()
-        assert modelView.viewName == "/login/openid"
-        verifyProviderMap(modelView.model.providers)
-    }
-
-    @Test
-    void shouldLoadOpenIdProviders(){
-        def providers = controller.getProviders()
-        verifyProviderMap(providers)
-    }
-
-    private void verifyProviderMap(providers) {
-        assert providers != null
-        assert providers.size() == 4
-        assert providers[0].name == "Google"
-        assert providers[0].openIdUrl == "https://www.google.com/accounts/o8/id"
-        assert providers[0].iconLocation == "google.png"
-        assert providers[1].name == "Yahoo!"
-        assert providers[1].openIdUrl == "https://me.yahoo.com/"
-        assert providers[1].iconLocation == "yahoo.png"
-        assert providers[2].name == "Verisign"
-        assert providers[2].openIdUrl == "https://pip.verisignlabs.com/"
-        assert providers[2].iconLocation == "verisign.png"
-        assert providers[3].name == "Aol"
-        assert providers[3].openIdUrl == "https://openid.aol.com"
-        assert providers[3].iconLocation == "aol.png"
+        def view = controller.login()
+        assert view == "/login/openid"
     }
 }
diff --git a/zuul-web/src/test/groovy/org/devnull/zuul/web/SettingsServicesControllerTest.groovy b/zuul-web/src/test/groovy/org/devnull/zuul/web/SettingsServicesControllerTest.groovy
index 2c151b1..0527d78 100644
--- a/zuul-web/src/test/groovy/org/devnull/zuul/web/SettingsServicesControllerTest.groovy
+++ b/zuul-web/src/test/groovy/org/devnull/zuul/web/SettingsServicesControllerTest.groovy
@@ -131,20 +131,22 @@ class SettingsServicesControllerTest {
     @Test
     void shouldEncryptEntry() {
         def expected = new SettingsEntry(id: 1, key: "a.b.c", value: "foo", encrypted: false)
-        when(controller.zuulService.findSettingsEntry(expected.id)).thenReturn(expected)
-        when(controller.zuulService.encryptSettingsEntryValue(expected)).thenReturn(expected)
+        when(controller.zuulService.encryptSettingsEntryValue(expected.id)).thenReturn(expected)
+        when(controller.zuulService.save(expected, SettingsAudit.AuditType.ENCRYPT)).thenReturn(expected)
         def result = controller.encrypt(expected.id)
-        verify(controller.zuulService).encryptSettingsEntryValue(expected)
+        verify(controller.zuulService).encryptSettingsEntryValue(expected.id)
+        verify(controller.zuulService).save(expected, SettingsAudit.AuditType.ENCRYPT)
         assert result.is(expected)
     }
 
     @Test
     void shouldDecryptEntry() {
         def expected = new SettingsEntry(id: 1, key: "a.b.c", value: "foo", encrypted: true)
-        when(controller.zuulService.findSettingsEntry(expected.id)).thenReturn(expected)
-        when(controller.zuulService.decryptSettingsEntryValue(expected)).thenReturn(expected)
+        when(controller.zuulService.decryptSettingsEntryValue(expected.id)).thenReturn(expected)
+        when(controller.zuulService.save(expected, SettingsAudit.AuditType.DECRYPT)).thenReturn(expected)
         def result = controller.decrypt(expected.id)
-        verify(controller.zuulService).decryptSettingsEntryValue(expected)
+        verify(controller.zuulService).decryptSettingsEntryValue(expected.id)
+        verify(controller.zuulService).save(expected, SettingsAudit.AuditType.DECRYPT)
         assert result.is(expected)
     }
 
diff --git a/zuul-web/src/test/groovy/org/devnull/zuul/web/security/SettingEntryEncryptSecurityIntegrationTest.groovy b/zuul-web/src/test/groovy/org/devnull/zuul/web/security/SettingEntryEncryptSecurityIntegrationTest.groovy
index 83ae50f..89bc277 100644
--- a/zuul-web/src/test/groovy/org/devnull/zuul/web/security/SettingEntryEncryptSecurityIntegrationTest.groovy
+++ b/zuul-web/src/test/groovy/org/devnull/zuul/web/security/SettingEntryEncryptSecurityIntegrationTest.groovy
@@ -23,15 +23,14 @@ class SettingEntryEncryptSecurityIntegrationTest extends SecurityWebIntegrationT
         loginAsUser(LOGIN_ROLE_ADMIN)
         def entry = findUnRestrictedGroup().entries.first()
         def unencrypted = entry.value
-        assert settingsServicesController.encrypt(entry.id).value != unencrypted
-        assert settingsEntryDao.findOne(entry.id).value == unencrypted
+        settingsServicesController.encrypt(entry.id)
+        assert settingsEntryDao.findOne(entry.id).value != unencrypted
     }
 
     @Test(expected = AccessDeniedException)
     void shouldNotAllowRoleAdminToEncryptEntryBelongingToRestrictedGroup() {
         loginAsUser(LOGIN_ROLE_ADMIN)
         def entry = findRestrictedGroup().entries.first()
-        assert entry.group
         settingsServicesController.encrypt(entry.id)
     }
 
@@ -40,8 +39,8 @@ class SettingEntryEncryptSecurityIntegrationTest extends SecurityWebIntegrationT
         loginAsUser(LOGIN_ROLE_SYSTEM_ADMIN)
         def entry = findRestrictedGroup().entries.first()
         def unencrypted = entry.value
-        assert settingsServicesController.encrypt(entry.id).value != unencrypted
-        assert settingsEntryDao.findOne(entry.id).value == unencrypted
+        settingsServicesController.encrypt(entry.id)
+        assert settingsEntryDao.findOne(entry.id).value != unencrypted
     }
 
 }