Title: API Key Visible Last modified: April 19, 2019 --- # API Key Visible * [Greg Mount](https://wordpress.org/support/users/gregmount/) * (@gregmount) * [7 years, 1 month ago](https://wordpress.org/support/topic/api-key-visible/) * Consider changing the input field type from text to password for the following fields: - Gmail client ID and client secret - MailGun private API key - SendGrid API key * This will prevent exposing sensitive API keys on sites with multiple admins. Viewing 4 replies - 1 through 4 (of 4 total) * [Jess Quig](https://wordpress.org/support/users/jquigam/) * (@jquigam) * [7 years, 1 month ago](https://wordpress.org/support/topic/api-key-visible/#post-11455034) * Hi Greg – I’ve shared this feature request with our team. Thanks for the suggestion! 🙂 * [Jess Quig](https://wordpress.org/support/users/jquigam/) * (@jquigam) * [6 years, 8 months ago](https://wordpress.org/support/topic/api-key-visible/#post-11969303) * Hi Greg (@gregmount), * I wanted to check back in with you about your feature request here 🙂 * We’ve made lots of changes since this was originally posted, including meeting( just about all of) this request. The only item you mentioned that isn’t concealed as password dots when entered is the Gmail Client ID, I believe because this isn’t considered a protected value in the ways the others are. * I wanted to share something else, too, though. When you have a chance, could you please check out our option to define settings values with constants (rather than defining in the admin area)? [Here’s our tutorial with all the details](https://wpmailsmtp.com/docs/how-to-secure-smtp-settings-by-using-constants/). * There are a couple of benefits to this constants method: 1) No one can see those values from within the WordPress admin 2) These values will not be held in your WordPress database 3) The only way to see these values will be to have access to your site files (which in most sites would require FTP or cPanel access) * I hope these details are helpful! 🙂 * Thread Starter [Greg Mount](https://wordpress.org/support/users/gregmount/) * (@gregmount) * [6 years, 8 months ago](https://wordpress.org/support/topic/api-key-visible/#post-11971982) * Hey Jess. Thanks for the detailed response and especially for the link to the constant values article. Since the original post, we have shifted to using constants to define settings. * For bonus points, it’s also helpful to define conditional constants for WPMS in wp-config.php based on the hosting environment. For example, we define PHP Mailer constants for our development environment, which is configured to send all mail to a specific test account. In production, we configure email to be sent using SendGrid. * This enables us to migrate sites between development, staging and production environments without worrying about transactional email. Here’s a snippet of what we use: * ``` if ( ! preg_match( '/(^dev\.)|(\.dev$)/', $_SERVER['HTTP_HOST'] ) ) { // Production environment only define( 'WPMS_MAILER', 'sendgrid' ); define( 'WPMS_SENDGRID_API_KEY', 'API key required' ); // Enter SendGrid API key } else { // Development environment only define( 'WPMS_MAILER', 'mail' ); } ``` * [Jess Quig](https://wordpress.org/support/users/jquigam/) * (@jquigam) * [6 years, 8 months ago](https://wordpress.org/support/topic/api-key-visible/#post-11972667) * Awesome, thanks Greg! I don’t believe I’ve seen conditional usage of these constants before, but that definitely makes sense. Pretty cool way to simplify development! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘API Key Visible’ is closed to new replies. * ![](https://ps.w.org/wp-mail-smtp/assets/icon-256x256.png?rev=1755440) * [WP Mail SMTP by WPForms - The Most Popular SMTP and Email Log Plugin](https://wordpress.org/plugins/wp-mail-smtp/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-mail-smtp/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-mail-smtp/) * [Active Topics](https://wordpress.org/support/plugin/wp-mail-smtp/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-mail-smtp/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-mail-smtp/reviews/) * 4 replies * 2 participants * Last reply from: [Jess Quig](https://wordpress.org/support/users/jquigam/) * Last activity: [6 years, 8 months ago](https://wordpress.org/support/topic/api-key-visible/#post-11972667) * Status: not a support question