No need to reinvent the wheel. The "safe" data has already been defined for use by the admin sysinfo

good catch

I have tested this item ✅ successfully on d51fb22

Tested in Nightly Build of May 23 successfully.

Made this a draft so it's clear to others not to merge this until discussions in original issue are complete

Well I personally would say that this PR here that is just hiding the sensible fields for now is the right thing todo. Removing the endpoint at all is discussed in the other issue. Or do you think we should expose the sensible fields via the API too? We even don't do that in the UI for all fields.

Yes. I'd expose the fields if you have the permissions to view the fields. You have to be a super admin. so why not? Database in the API allows you to do proper DevOps deploys of your website from say a staging to a production site (restore a backup and update the global configuration to the Prod values)

Reading #29196 which was closed June 3 should this now be closed @alikon to clear it out of the patch tester and pending PR list?

Still getting the hang of the protocol on things here so feel free to correct my perspective if that's not how these types of things are managed.

Discovered during PBF July 18 while testing other API PRs.

I am a bit confused now. Issue #29196 has been closed as intended behavior. But maybe this PR still makes sense, now not as a bug fix but as a new feature? The discussion above seems to be open to me, but also stale, nothing new since a while. @alikon @wilsonge @zero-24 how to continue here?

i really don't know what i can do more
i've opened this pr as a RFC cause of #29196
after, it has been demoted to draft
after #29196 has been closed
...after 2 months...
so i guess the best think i can do
it is simply to close this one