diff --git a/config.go b/config.go
index 665e1d1..f25cd79 100644
--- a/config.go
+++ b/config.go
@@ -15,6 +15,15 @@ type Config struct {
 	// Cannot be set using environment variables
 	Bottin bottin.APIClientConfig
 
+	DB struct {
+		Database string
+		Host     string
+		Password string
+		Port     int
+		SSLMode  string
+		Username string
+	}
+
 	// TLS holds options for TLS / SSL / HTTPS
 	TLS struct {
 		// Cert holds the public certificate (or path to a file containing one) for user interface TLS
diff --git a/main.go b/main.go
index e08463d..d6a16f2 100644
--- a/main.go
+++ b/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"fmt"
 	"net/http"
 
 	"codeberg.org/vlbeaudoin/voki/v3"
@@ -35,7 +36,15 @@ func run(ctx context.Context, cfg Config) error {
 		)}
 
 		// connect to db
-		dbPool, err := pgxpool.New(ctx, "postgres://agendas:agendas@localhost:5432/agendas")
+		dbPool, err := pgxpool.New(ctx,
+			fmt.Sprintf("postgres://%s:%s@%s:%d/%s?sslmode=%s",
+				cfg.DB.Username,
+				cfg.DB.Password,
+				cfg.DB.Host,
+				cfg.DB.Port,
+				cfg.DB.Database,
+				cfg.DB.SSLMode,
+			))
 		if err != nil {
 			return err
 		}
diff --git a/server.go b/server.go
index 30d77ca..a414744 100644
--- a/server.go
+++ b/server.go
@@ -2,7 +2,9 @@ package main
 
 import (
 	"context"
+	"crypto/subtle"
 	"fmt"
+	"log"
 
 	"git.agecem.com/bottin/agendas/ui"
 	"git.agecem.com/bottin/bottin/v10/pkg/bottin"
@@ -25,12 +27,36 @@ func RunServer(ctx context.Context, cfg Config, bottinClient *bottin.APIClient,
 
 		e := echo.New()
 
-		e.Renderer = ui.NewRenderer()
+		r := ui.NewRenderer()
+
+		if r == nil {
+			return fmt.Errorf("nil renderer")
+		}
+
+		e.Renderer = r
 
 		e.Pre(middleware.AddTrailingSlash())
 
-		//TODO basic auth
-		//TODO log successful basic auths username
+		// basic auth
+		if len(cfg.Credentials) == 0 {
+			return fmt.Errorf("UI requires at least one credential (config key `Credentials` of type map[string]string)")
+		}
+
+		e.Use(middleware.BasicAuth(
+			func(username, password string, c echo.Context) (bool, error) {
+				for validUser, validPass := range cfg.Credentials {
+					userOK := subtle.ConstantTimeCompare([]byte(username), []byte(validUser)) == 1
+					passOK := subtle.ConstantTimeCompare([]byte(password), []byte(validPass)) == 1
+					if userOK && passOK {
+						// log successful basic auths username
+						log.Println("login ok for user", username)
+
+						return true, nil
+					}
+				}
+				return false, nil
+			}),
+		)
 
 		e.GET("/", UIIndex(ctx, bottinClient, dbClient))
 		//e.GET("/transaction/", UIReadTransaction
diff --git a/ui/index.html b/ui/index.html
index 0583275..bdf4e1c 100644
--- a/ui/index.html
+++ b/ui/index.html
@@ -112,10 +112,8 @@ button {
         </ul>
     </form>
 
-    <!--<p class="result">{{ .Result }}</p>--!>
-    <!--<p>{{ .Error }}</p>--!>
-    <!--<details><summary>Détails de connexion au bottin</summary>{{ .BottinHealth }}</details>--!>
-    <p class="result">{{ . }}</p>
+    {{ if .Error }}<p class="result">Erreur: {{ .Error }}</p> {{ end }}
+    <p class="result">{{ .Result }}</p>
   </body>
 
 </html>