diff --git a/kernel/api/system.go b/kernel/api/system.go
index 2c1936532..59426c573 100644
--- a/kernel/api/system.go
+++ b/kernel/api/system.go
@@ -146,8 +146,15 @@ func getConf(c *gin.Context) {
 	ret := gulu.Ret.NewResult()
 	defer c.JSON(http.StatusOK, ret)
 
+	maskedConf, err := model.GetMaskedConf()
+	if nil != err {
+		ret.Code = -1
+		ret.Msg = "get conf failed: " + err.Error()
+		return
+	}
+
 	ret.Data = map[string]interface{}{
-		"conf":  model.Conf,
+		"conf":  maskedConf,
 		"start": start,
 	}
 
@@ -193,6 +200,10 @@ func setAccessAuthCode(c *gin.Context) {
 	}
 
 	aac := arg["accessAuthCode"].(string)
+	if model.MaskedAccessAuthCode == aac {
+		aac = model.Conf.AccessAuthCode
+	}
+
 	model.Conf.AccessAuthCode = aac
 	model.Conf.Save()
 
diff --git a/kernel/model/conf.go b/kernel/model/conf.go
index 57d663a66..ad9caec3c 100644
--- a/kernel/model/conf.go
+++ b/kernel/model/conf.go
@@ -582,6 +582,29 @@ func IsSubscriber() bool {
 	return nil != Conf.User && (-1 == Conf.User.UserSiYuanProExpireTime || 0 < Conf.User.UserSiYuanProExpireTime) && 0 == Conf.User.UserSiYuanSubscriptionStatus
 }
 
+const (
+	MaskedUserData       = ""
+	MaskedAccessAuthCode = "*******"
+)
+
+func GetMaskedConf() (ret *AppConf, err error) {
+	// 脱敏处理
+	data, err := gulu.JSON.MarshalIndentJSON(Conf, "", "  ")
+	if nil != err {
+		logging.LogErrorf("marshal conf failed: %s", err)
+		return
+	}
+	ret = &AppConf{}
+	if err = gulu.JSON.UnmarshalJSON(data, ret); nil != err {
+		logging.LogErrorf("unmarshal conf failed: %s", err)
+		return
+	}
+
+	ret.UserData = MaskedUserData
+	ret.AccessAuthCode = MaskedAccessAuthCode
+	return
+}
+
 func clearWorkspaceTemp() {
 	os.RemoveAll(filepath.Join(util.TempDir, "bazaar"))
 	os.RemoveAll(filepath.Join(util.TempDir, "export"))