--- title: Enable password masking slug: /deployment/security/enable-password-masking --- # Enable password masking The **1.0.0** version of OpenMetadata now includes a new feature that allows users to activate password masking. This feature was added in response to feedback from our community of users who expressed concerns about the security of their passwords when using our application. With the password masking feature enabled, all API calls made by your application will replace the password fields with asterisks (*) before sending the request. This will prevent the password from being sent in plain text. Even though passwords are replaced by asterisks, it will not affect when editing a connection, saving will update the passwords only if they are changed. {% image caption="Editing a service connection with masked password." src="/images/v1.1.0/deployment/mask-password/edit-connection.png" alt="mask-password" /%} However, note that the `ingestion-bot` user will still send the password in plain text as it needs to access the API without any obstructions. This is because the `ingestion-bot` user requires full access to the API, and any masking would hinder its ability to perform its tasks. {% note %} In future releases, the password masking feature will be activated by default. The feature will be automatically enabled to provide an added layer of security for all API calls made. {% /note %} ## How to enable the feature To activate the password masking feature in your application, follow the steps below: ### Docker Add the following environment variable to the list: ```yaml # openmetadata.prod.env MASK_PASSWORDS_API=true ``` ### Bare Metal Edit the `openmetadata.yaml` file as it is shown below: ```yaml security: maskPasswordsAPI: true ``` ### Kubernetes Update your helm `maskPasswordsApi` value: ```yaml # openmetadata.prod.values.yml openmetadata: config: ... maskPasswordsApi: true ... ```