Current Behavior

While using the APISIX Dashboard, I noticed that sensitive fields such as admin keys and secret vault tokens are displayed in plain text. This poses a potential security risk, as anyone with access to the dashboard UI can easily see and copy these credentials.

Expected Behavior

Sensitive fields (e.g., keys, tokens, secrets) should be masked or hidden by default, similar to how password fields are handled. Ideally, the dashboard should display these fields as password-type fields (•••••).

Error Logs

No response

Steps to Reproduce

1. Log in to the APISIX Dashboard.
2. Navigate to configuration sections where sensitive values are managed (e.g., admin key, secret vault tokens, or similar).
3. Observe that the values are shown in plain text without any masking

Environment

• APISIX version (run apisix version): 3.13
• Operating system (run uname -a): Linux - Docker
• APISIX Dashboard version, if relevant: 3.13