diff --git a/config/config.js b/config/config.js
index 33f3bb69d..271f7ac95 100644
--- a/config/config.js
+++ b/config/config.js
@@ -9,7 +9,39 @@ const envConf = require(path.resolve(__dirname + "/../config/env/" + finalEnv.to
 
 const config = { ...allConf, ...envConf };
 
-console.log(`Current Config:`);
-console.log(util.inspect(config, false, null));
+function redactMongoConnectionString(uri) {
+    if (typeof uri !== "string" || !uri) {
+        return uri;
+    }
+    try {
+        const parsed = new URL(uri);
+        if (parsed.username || parsed.password) {
+            parsed.username = "***";
+            parsed.password = "***";
+        }
+        return parsed.toString();
+    } catch (e) {
+        return "[redacted-db-uri]";
+    }
+}
+
+function sanitizeConfigForLog(cfg) {
+    const sanitized = { ...cfg };
+    if (Object.prototype.hasOwnProperty.call(sanitized, "cookieSecret")) {
+        sanitized.cookieSecret = "[redacted]";
+    }
+    if (Object.prototype.hasOwnProperty.call(sanitized, "cryptoKey")) {
+        sanitized.cryptoKey = "[redacted]";
+    }
+    if (Object.prototype.hasOwnProperty.call(sanitized, "db")) {
+        sanitized.db = redactMongoConnectionString(sanitized.db);
+    }
+    return sanitized;
+}
+
+if (process.env.NODE_ENV === "development" && process.env.DEBUG_CONFIG) {
+    console.log("Current Config:");
+    console.log(util.inspect(sanitizeConfigForLog(config), false, null));
+}
 
 module.exports = config;