diff --git a/appview/config/config.go b/appview/config/config.go
index 8fd0a48..aed054b 100644
--- a/appview/config/config.go
+++ b/appview/config/config.go
@@ -19,6 +19,9 @@ type CoreConfig struct {
 
 	// temporarily, to add users to default knot and spindle
 	AppPassword string `env:"APP_PASSWORD"`
+
+	// uhhhh this is because knot1 is under icy's did
+	TmpAltAppPassword string `env:"ALT_APP_PASSWORD"`
 }
 
 type OAuthConfig struct {
diff --git a/appview/oauth/handler/handler.go b/appview/oauth/handler/handler.go
index 65c458d..3264ede 100644
--- a/appview/oauth/handler/handler.go
+++ b/appview/oauth/handler/handler.go
@@ -379,7 +379,7 @@ func (o *OAuthHandler) addToDefaultSpindle(did string) {
 	}
 
 	log.Printf("adding %s to default spindle", did)
-	session, err := o.createAppPasswordSession()
+	session, err := o.createAppPasswordSession(o.config.Core.AppPassword)
 	if err != nil {
 		log.Printf("failed to create session: %s", err)
 		return
@@ -416,7 +416,7 @@ func (o *OAuthHandler) addToDefaultKnot(did string) {
 	}
 
 	log.Printf("adding %s to default knot", did)
-	session, err := o.createAppPasswordSession()
+	session, err := o.createAppPasswordSession(o.config.Core.TmpAltAppPassword)
 	if err != nil {
 		log.Printf("failed to create session: %s", err)
 		return
@@ -443,8 +443,7 @@ type session struct {
 	PdsEndpoint string
 }
 
-func (o *OAuthHandler) createAppPasswordSession() (*session, error) {
-	appPassword := o.config.Core.AppPassword
+func (o *OAuthHandler) createAppPasswordSession(appPassword string) (*session, error) {
 	if appPassword == "" {
 		return nil, fmt.Errorf("no app password configured, skipping member addition")
 	}