diff --git a/home.admin/00settingsMenuBasics.sh b/home.admin/00settingsMenuBasics.sh
index 6e81bea5a..4d31211b2 100755
--- a/home.admin/00settingsMenuBasics.sh
+++ b/home.admin/00settingsMenuBasics.sh
@@ -16,6 +16,8 @@ if [ ${#lcdrotate} -eq 0 ]; then lcdrotate=0; fi
 if [ ${#zerotier} -eq 0 ]; then zerotier="off"; fi
 if [ ${#circuitbreaker} -eq 0 ]; then circuitbreaker="off"; fi
 if [ ${#clboss} -eq 0 ]; then clboss="off"; fi
+if [ ${#clnEncryptedHSM} -eq 0 ]; then clnEncryptedHSM="off"; fi
+if [ ${#clnAutoUnlock} -eq 0 ]; then clnAutoUnlock="off"; fi
 
 echo "# map LND to on/off"
 lndNode="off"
@@ -47,7 +49,7 @@ if [ "${zerotier}" != "off" ]; then zerotierSwitch="on"; fi
 
 echo "# map parallel testnets to on/off"
 parallelTestnets="off"
-if [ "${testnet}" == "on"] || [ "${signet}" == "on" ]; then
+if [ "${testnet}" == "on" ] || [ "${signet}" == "on" ]; then
   parallelTestnets="on"
 fi
 
@@ -88,10 +90,22 @@ fi
 
 echo "# map clboss to on/off"
 clbossMenu='off'
-if [ ${clboss} -gt 0 ]; then
+if [ "${clboss}" == "on" ]; then
   clbossMenu='on'
 fi
 
+echo "# map clnEncryptedHSM to on/off"
+clnEncryptedHSMMenu='off'
+if [ "${clnEncryptedHSM}" == "on" ]; then
+  clnEncryptedHSMMenu='on'
+fi
+
+echo "# map clnAutoUnlock to on/off"
+clnAutoUnlockMenu='off'
+if [ "${clnAutoUnlock}" == "on" ]; then
+  clnAutoUnlockMenu='on'
+fi
+
 # show select dialog
 echo "run dialog ..."
 
@@ -130,7 +144,11 @@ fi
 # C-Lightning & options/PlugIns
 OPTIONS+=(n 'CLN C-LIGHTNING NODE' ${clnNode}) 
 if [ "${clnNode}" == "on" ]; then
-  OPTIONS+=(o '-CLN CLBOSS Automatic Node Manager' ${clbossMenu}) 
+  OPTIONS+=(o '-CLN CLBOSS Automatic Node Manager' ${clbossMenu})
+  OPTIONS+=(h '-CLN Wallet Encryption' ${clnEncryptedHSMMenu})
+  if [ "${clnEncryptedHSM}" == "on" ]; then
+    OPTIONS+=(q '-CLN Auto-Unlock' ${clnAutoUnlockMenu})
+  fi
 fi
 
 CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
@@ -450,6 +468,38 @@ else
   echo "CLBOSS Setting unchanged."
 fi
 
+# clnEncryptedHSM process choice
+choice="off"; check=$(echo "${CHOICES}" | grep -c "h")
+if [ ${check} -eq 1 ]; then choice="on"; fi
+if [ "${clnEncryptedHSM}" != "${choice}" ] && [ "${clnNode}" == "on" ]; then
+  echo "clnEncryptedHSM Setting changed .."
+  anychange=1
+  if [ "${choice}" == "on" ]; then
+    /home/admin/config.scripts/cln.hsmtool.sh encrypt mainnet
+  else
+    /home/admin/config.scripts/cln.hsmtool.sh decrypt mainnet
+  fi
+  needsReboot=0
+else
+  echo "clnEncryptedHSM Setting unchanged."
+fi
+
+# clnAutoUnlock process choice
+choice="off"; check=$(echo "${CHOICES}" | grep -c "q")
+if [ ${check} -eq 1 ]; then choice="on"; fi
+if [ "${clnAutoUnlock}" != "${choice}" ] && [ "${clnNode}" == "on" ]; then
+  echo "clnAutoUnlock Setting changed .."
+  anychange=1
+  if [ "${choice}" == "on" ]; then
+    /home/admin/config.scripts/cln.hsmtool.sh autounlock-on mainnet
+  else
+    /home/admin/config.scripts/cln.hsmtool.sh autounlock-off mainnet
+  fi
+  needsReboot=0
+else
+  echo "clnAutoUnlock Setting unchanged."
+fi
+
 # parallel testnet process choice
 choice="off"; check=$(echo "${CHOICES}" | grep -c "p")
 if [ ${check} -eq 1 ]; then choice="on"; fi
diff --git a/home.admin/99clnRepairMenu.sh b/home.admin/99clnRepairMenu.sh
index c62669f19..ed3e1588f 100644
--- a/home.admin/99clnRepairMenu.sh
+++ b/home.admin/99clnRepairMenu.sh
@@ -48,126 +48,126 @@ CHOICE=$(dialog --clear \
 
 case $CHOICE in
   ENCRYPT)
-  /home/admin/config.scripts/cln.hsmtool.sh encrypt $CHAIN
-  source /mnt/hdd/raspiblitz.conf
-  ;;
+    /home/admin/config.scripts/cln.hsmtool.sh encrypt $CHAIN
+    source /mnt/hdd/raspiblitz.conf
+    ;;
 
   DECRYPT)
-  /home/admin/config.scripts/cln.hsmtool.sh decrypt $CHAIN
-  source /mnt/hdd/raspiblitz.conf
-  ;;
+    /home/admin/config.scripts/cln.hsmtool.sh decrypt $CHAIN
+    source /mnt/hdd/raspiblitz.conf
+    ;;
   
   PASSWORD_C)
-  /home/admin/config.scripts/cln.hsmtool.sh change-password $CHAIN
-  ;;
+    /home/admin/config.scripts/cln.hsmtool.sh change-password $CHAIN
+    ;;
   
   AUTOUNLOCK-ON)
-  /home/admin/config.scripts/cln.hsmtool.sh autounlock-on $CHAIN
-  ;;
+    /home/admin/config.scripts/cln.hsmtool.sh autounlock-on $CHAIN
+    ;;
   
   AUTOUNLOCK-OFF)
-  /home/admin/config.scripts/cln.hsmtool.sh autounlock-off $CHAIN
-  ;;
+    /home/admin/config.scripts/cln.hsmtool.sh autounlock-off $CHAIN
+    ;;
   
   BACKUP)
-  ## from dialogLightningWallet.sh 
-  # run upload dialog and get result
-  _temp="/var/cache/raspiblitz/temp/.temp.tmp"
-  clear
-  /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
-  source $_temp 2>/dev/null
-  sudo rm $_temp 2>/dev/null
-
-  ;;
+    ## from dialogLightningWallet.sh 
+    # run upload dialog and get result
+    _temp="/var/cache/raspiblitz/temp/.temp.tmp"
+    clear
+    /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
+    source $_temp 2>/dev/null
+    sudo rm $_temp 2>/dev/null
+    ;;
+  
   RESET)
-  # backup
-  ## from dialogLightningWallet.sh 
-  _temp="/var/cache/raspiblitz/temp/.temp.tmp"
-  clear
-  /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
-  source $_temp 2>/dev/null
-  sudo rm $_temp 2>/dev/null
-  echo
-  echo "The rescue file is stored on the SDcard named cln-rescue.*.tar.gz just in case."
-  echo "The next step will overwrite the old C-lighthning $CHAIN wallet"
-  echo "Press ENTER to continue or CTRL+C to abort"
-  read key
-  # reset
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/*.*
-  # make sure the new hsm_secret is treated as unencrypted and clear autounlock
-  sudo sed -i \
-    "s/^${netprefix}clnEncryptedHSM=.*/${netprefix}clnEncryptedHSM=off/g" \
-    /mnt/hdd/raspiblitz.conf
-  sudo sed -i \
-    "s/^${netprefix}clnAutoUnlock=.*/${netprefix}clnEncryptedHSM=off/g" \
-    /mnt/hdd/raspiblitz.conf
-  # new
-  /home/admin/config.scripts/cln.hsmtool.sh new $CHAIN
-  # set the lightningd service file on each active network
-  if [ "${cln}" == "on" ] || [ "${cln}" == "1" ]; then
-    /home/admin/config.scripts/cln.install-service.sh mainnet
-  fi
-  if [ "${tcln}" == "on" ] || [ "${tcln}" == "1" ]; then
-    /home/admin/config.scripts/cln.install-service.sh testnet
-  fi
-  if [ "${scln}" == "on" ] || [ "${scln}" == "1" ]; then
-    /home/admin/config.scripts/cln.install-service.sh signet
-  fi
-  ;;
+    # backup
+    ## from dialogLightningWallet.sh 
+    _temp="/var/cache/raspiblitz/temp/.temp.tmp"
+    clear
+    /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
+    source $_temp 2>/dev/null
+    sudo rm $_temp 2>/dev/null
+    echo
+    echo "The rescue file is stored on the SDcard named cln-rescue.*.tar.gz just in case."
+    echo "The next step will overwrite the old C-lighthning $CHAIN wallet"
+    echo "Press ENTER to continue or CTRL+C to abort"
+    read key
+    # reset
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/*.*
+    # make sure the new hsm_secret is treated as unencrypted and clear autounlock
+    sudo sed -i \
+      "s/^${netprefix}clnEncryptedHSM=.*/${netprefix}clnEncryptedHSM=off/g" \
+      /mnt/hdd/raspiblitz.conf
+    sudo sed -i \
+      "s/^${netprefix}clnAutoUnlock=.*/${netprefix}clnEncryptedHSM=off/g" \
+      /mnt/hdd/raspiblitz.conf
+    # new
+    /home/admin/config.scripts/cln.hsmtool.sh new $CHAIN
+    # set the lightningd service file on each active network
+    if [ "${cln}" == "on" ] || [ "${cln}" == "1" ]; then
+      /home/admin/config.scripts/cln.install-service.sh mainnet
+    fi
+    if [ "${tcln}" == "on" ] || [ "${tcln}" == "1" ]; then
+      /home/admin/config.scripts/cln.install-service.sh testnet
+    fi
+    if [ "${scln}" == "on" ] || [ "${scln}" == "1" ]; then
+      /home/admin/config.scripts/cln.install-service.sh signet
+    fi
+    ;;
   
   FILERESTORE)
-  # backup
-  ## from dialogLightningWallet.sh 
-  _temp="/var/cache/raspiblitz/temp/.temp.tmp"
-  clear
-  /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
-  source $_temp 2>/dev/null
-  sudo rm $_temp 2>/dev/null
-  echo
-  echo "The rescue file is stored on the SDcard named cln-rescue.*.tar.gz just in case."
-  echo "The next step will overwrite the old C-lighthning $CHAIN wallet"
-  echo "Press ENTER to continue or CTRL+C to abort"
-  read key
-  # reset
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/*.*
-  # import file
-  _temp="/var/cache/raspiblitz/temp/.temp.tmp"
-  clear
-  /home/admin/config.scripts/cln.backup.sh cln-import-gui production $_temp
-  source $_temp 2>/dev/null
-  sudo rm $_temp 2>/dev/null
-  ;;
+    # backup
+    ## from dialogLightningWallet.sh 
+    _temp="/var/cache/raspiblitz/temp/.temp.tmp"
+    clear
+    /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
+    source $_temp 2>/dev/null
+    sudo rm $_temp 2>/dev/null
+    echo
+    echo "The rescue file is stored on the SDcard named cln-rescue.*.tar.gz just in case."
+    echo "The next step will overwrite the old C-lighthning $CHAIN wallet"
+    echo "Press ENTER to continue or CTRL+C to abort"
+    read key
+    # reset
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/*.*
+    # import file
+    _temp="/var/cache/raspiblitz/temp/.temp.tmp"
+    clear
+    /home/admin/config.scripts/cln.backup.sh cln-import-gui production $_temp
+    source $_temp 2>/dev/null
+    sudo rm $_temp 2>/dev/null
+    ;;
   
   SEEDRESTORE)
-  # backup
-  ## from dialogLightningWallet.sh 
-  _temp="/var/cache/raspiblitz/temp/.temp.tmp"
-  clear
-  /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
-  source $_temp 2>/dev/null
-  sudo rm $_temp 2>/dev/null
-  echo
-  echo "The rescue file is stored on the SDcard named cln-rescue.*.tar.gz just in case."
-  echo "The next step will overwrite the old C-lighthning $CHAIN wallet"
-  echo "Press ENTER to continue or CTRL+C to abort"
-  read key
-  # reset
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/config
-  sudo rm /home/bitcoin/.lightning/${CLNETWORK}/*.*
-  # import seed
-  _temp="/var/cache/raspiblitz/.temp.tmp"
-  /home/admin/config.scripts/cln.backup.sh seed-import-gui $_temp
-  /home/admin/config.scripts/cln.hsmtool.sh seed "$CHAIN" "$(cat $_temp)"
-  source $_temp 2>/dev/null
-  sudo rm $_temp 2>/dev/null
-  # regenerate config
-  /home/admin/config.scripts/cln.hsmtool.sh autounlock-off
-  /home/admin/config.scripts/cln.hsmtool.sh decrypt
-  /home/admin/config.scripts/cln.install.sh on $CHAIN
-  ;;
+    # backup
+    ## from dialogLightningWallet.sh 
+    _temp="/var/cache/raspiblitz/temp/.temp.tmp"
+    clear
+    /home/admin/config.scripts/cln.backup.sh cln-export-gui production $_temp
+    source $_temp 2>/dev/null
+    sudo rm $_temp 2>/dev/null
+    echo
+    echo "The rescue file is stored on the SDcard named cln-rescue.*.tar.gz just in case."
+    echo "The next step will overwrite the old C-lighthning $CHAIN wallet"
+    echo "Press ENTER to continue or CTRL+C to abort"
+    read key
+    # reset
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/config
+    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/*.*
+    # import seed
+    _temp="/var/cache/raspiblitz/.temp.tmp"
+    /home/admin/config.scripts/cln.backup.sh seed-import-gui $_temp
+    /home/admin/config.scripts/cln.hsmtool.sh seed "$CHAIN" "$(cat $_temp)"
+    source $_temp 2>/dev/null
+    sudo rm $_temp 2>/dev/null
+    # regenerate config
+    /home/admin/config.scripts/cln.hsmtool.sh autounlock-off
+    /home/admin/config.scripts/cln.hsmtool.sh decrypt
+    /home/admin/config.scripts/cln.install.sh on $CHAIN
+    ;;
 
 esac