diff --git a/core/api/endpoint/keycloak.go b/core/api/endpoint/keycloak.go
index 77728659..58e46bb8 100644
--- a/core/api/endpoint/keycloak.go
+++ b/core/api/endpoint/keycloak.go
@@ -439,6 +439,36 @@ func KeycloakUsers(c keycloakConfig) (users []entity.User, err error) {
 	return users, nil
 }
 
+// StripAuthSecrets removes sensitive data from auth provider configuration
+func StripAuthSecrets(provider, config string) string {
+	switch provider {
+	case "documize":
+		return config
+		break
+	case "keycloak":
+		c := keycloakConfig{}
+		err := json.Unmarshal([]byte(config), &c)
+		if err != nil {
+			log.Error("StripAuthSecrets", err)
+			return config
+		}
+		c.AdminPassword = ""
+		c.AdminUser = ""
+		c.PublicKey = ""
+
+		j, err := json.Marshal(c)
+		if err != nil {
+			log.Error("StripAuthSecrets", err)
+			return config
+		}
+
+		return string(j)
+		break
+	}
+
+	return config
+}
+
 // Data received via Keycloak client library
 type keycloakAuthRequest struct {
 	Domain    string `json:"domain"`
diff --git a/core/api/endpoint/meta_endpoint.go b/core/api/endpoint/meta_endpoint.go
index b6ad8f8a..aa7d089f 100644
--- a/core/api/endpoint/meta_endpoint.go
+++ b/core/api/endpoint/meta_endpoint.go
@@ -49,6 +49,9 @@ func GetMeta(w http.ResponseWriter, r *http.Request) {
 	data.Edition = Product.License.Edition
 	data.Valid = Product.License.Valid
 
+	// Strip secrets
+	data.AuthConfig = StripAuthSecrets(org.AuthProvider, org.AuthConfig)
+
 	json, err := json.Marshal(data)
 	if err != nil {
 		writeJSONMarshalError(w, method, "meta", err)