diff --git a/htdocs/admin/system/dolibarr.php b/htdocs/admin/system/dolibarr.php
index 1f34c23c8dc..57d288dfb4c 100644
--- a/htdocs/admin/system/dolibarr.php
+++ b/htdocs/admin/system/dolibarr.php
@@ -365,7 +365,12 @@ foreach ($configfileparameters as $key => $value)
 			print '<td>'.$newkey.'</td>';
 			// Value
 			print "<td>";
-			if ($newkey == 'dolibarr_main_db_pass') print preg_replace('/./i', '*', ${$newkey});
+			if ($newkey == 'dolibarr_main_db_pass') {
+				if (empty($dolibarr_main_prod)) {
+					print '<!-- '.${$newkey}.' -->';
+				}
+				print '**********';
+			}
 			elseif ($newkey == 'dolibarr_main_url_root' && preg_match('/__auto__/', ${$newkey})) print ${$newkey}.' => '.constant('DOL_MAIN_URL_ROOT');
 			elseif ($newkey == 'dolibarr_main_document_root_alt') {
 				$tmparray = explode(',', ${$newkey});
@@ -458,7 +463,16 @@ if ($resql)
 
 		print '<tr class="oddeven">';
 		print '<td class="tdoverflowmax300">'.$obj->name.'</td>'."\n";
-		print '<td class="tdoverflowmax300">'.dol_escape_htmltag($obj->value).'</td>'."\n";
+		print '<td class="tdoverflowmax300">';
+		if (preg_match('/(_pass|password|_pw|_key|securekey|serverkey|secret\d?|p12key|exportkey|_PW_[a-z]+|token)$/i', $obj->name)) {
+			if (empty($dolibarr_main_prod)) {
+				print '<!-- '.$obj->value.' -->';
+			}
+			print '**********';
+		} else {
+			print dol_escape_htmltag($obj->value);
+		}
+		print '</td>'."\n";
 		if (empty($conf->multicompany->enabled) || !$user->entity) print '<td class="center" width="80px">'.$obj->entity.'</td>'."\n"; // If superadmin or multicompany disabled
 		print "</tr>\n";