diff --git a/controllers/provider.go b/controllers/provider.go
index aa4da7af..da62a817 100644
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -37,13 +37,19 @@ func (c *ApiController) GetProviders() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+
+	ok, isMaskEnabled := c.IsMaskedEnabled()
+	if !ok {
+		return
+	}
+
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner))
+		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner), isMaskEnabled)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
 		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
-		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -61,13 +67,19 @@ func (c *ApiController) GetGlobalProviders() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+
+	ok, isMaskEnabled := c.IsMaskedEnabled()
+	if !ok {
+		return
+	}
+
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders())
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders(), isMaskEnabled)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
 		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
-		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -81,7 +93,13 @@ func (c *ApiController) GetGlobalProviders() {
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
+
+	ok, isMaskEnabled := c.IsMaskedEnabled()
+	if !ok {
+		return
+	}
+
+	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id), isMaskEnabled)
 	c.ServeJSON()
 }
 
diff --git a/controllers/util.go b/controllers/util.go
index 2c41a960..161ecf2f 100644
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -114,6 +114,27 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	return user.Owner, true
 }
 
+// IsMaskedEnabled ...
+func (c *ApiController) IsMaskedEnabled() (bool, bool) {
+	isMaskEnabled := true
+	withSecret := c.Input().Get("withSecret")
+	if withSecret == "1" {
+		isMaskEnabled = false
+
+		if conf.IsDemoMode() {
+			c.ResponseError(c.T("general:this operation is not allowed in demo mode"))
+			return false, isMaskEnabled
+		}
+
+		_, ok := c.RequireAdmin()
+		if !ok {
+			return false, isMaskEnabled
+		}
+	}
+
+	return true, isMaskEnabled
+}
+
 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
 	if providerName != "" {
diff --git a/object/application.go b/object/application.go
index a5ca09eb..79d8e3b9 100644
--- a/object/application.go
+++ b/object/application.go
@@ -150,7 +150,7 @@ func getProviderMap(owner string) map[string]*Provider {
 			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
 		}
 
-		m[provider.Name] = GetMaskedProvider(provider)
+		m[provider.Name] = GetMaskedProvider(provider, true)
 	}
 	return m
 }
diff --git a/object/provider.go b/object/provider.go
index 1951ca0f..b3d65504 100644
--- a/object/provider.go
+++ b/object/provider.go
@@ -70,7 +70,11 @@ type Provider struct {
 	ProviderUrl string `xorm:"varchar(200)" json:"providerUrl"`
 }
 
-func GetMaskedProvider(provider *Provider) *Provider {
+func GetMaskedProvider(provider *Provider, isMaskEnabled bool) *Provider {
+	if !isMaskEnabled {
+		return provider
+	}
+
 	if provider == nil {
 		return nil
 	}
@@ -88,9 +92,13 @@ func GetMaskedProvider(provider *Provider) *Provider {
 	return provider
 }
 
-func GetMaskedProviders(providers []*Provider) []*Provider {
+func GetMaskedProviders(providers []*Provider, isMaskEnabled bool) []*Provider {
+	if !isMaskEnabled {
+		return providers
+	}
+
 	for _, provider := range providers {
-		provider = GetMaskedProvider(provider)
+		provider = GetMaskedProvider(provider, isMaskEnabled)
 	}
 	return providers
 }