As of right now all secret tokens, passwords, and everything that shouldn't be exposed can be seen by the UI in the tools page. We should have it hidden following standards from other tools, where one posts the token and they cannot see it another time unless they change it