diff --git a/Taskfile.yml b/Taskfile.yml
index 4f94b0fb..3cdd474d 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -62,7 +62,7 @@ tasks:
       - '{{ if ne OS "windows" }} sh -c "curl -L https://github.com/goreleaser/goreleaser/releases/download/v{{ .GORELEASER_VERSION }}/goreleaser_$(uname -s)_$(uname -m).tar.gz | tar -xz -C $(go env GOPATH)/bin goreleaser"{{ else }} {{ end }}'
       - '{{ if ne OS "windows" }} chmod +x $(go env GOPATH)/bin/goreleaser{{ else }} {{ end }}'
       - '{{ if eq OS "windows" }} echo "NOTICE: You must download goreleaser manually to build this application https://github.com/goreleaser/goreleaser/releases "{{ else }}:{{ end }}'
-      - '{{ if ne OS "windows" }} sh -c "curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v{{ .GOLINTER_VERSION }}"{{ else }}{{ end }}'
+#      - '{{ if ne OS "windows" }} sh -c "curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v{{ .GOLINTER_VERSION }}"{{ else }}{{ end }}'
       - '{{ if eq OS "windows" }} echo "NOTICE: You need to install golangci-lint manually to build this application https://github.com/golangci/golangci-lint#install"{{ else }}{{ end }}'
 
   compile:
diff --git a/api/router.go b/api/router.go
index 4bf56f12..b5a3d8e6 100644
--- a/api/router.go
+++ b/api/router.go
@@ -348,13 +348,6 @@ func servePublic(w http.ResponseWriter, r *http.Request) {
 }
 
 func getSystemInfo(w http.ResponseWriter, r *http.Request) {
-	dbConfig, err := util.Config.GetDBConfig()
-
-	if err != nil {
-		helpers.WriteError(w, fmt.Errorf("can't get config"))
-		return
-	}
-
 	//updateAvailable, err := util.CheckUpdate()
 
 	//if err != nil {
@@ -365,13 +358,6 @@ func getSystemInfo(w http.ResponseWriter, r *http.Request) {
 	body := map[string]interface{}{
 		"version": util.Version,
 		//"update":  updateAvailable,
-		"config": map[string]string{
-			"dbHost":  dbConfig.Hostname,
-			"dbName":  dbConfig.DbName,
-			"dbUser":  dbConfig.Username,
-			"path":    util.Config.TmpPath,
-			"cmdPath": util.FindSemaphore(),
-		},
 		"ansible": util.AnsibleVersion(),
 		"demo":    util.Config.DemoMode,
 	}
diff --git a/db/bolt/BoltDb.go b/db/bolt/BoltDb.go
index 12404ced..f1e98f99 100644
--- a/db/bolt/BoltDb.go
+++ b/db/bolt/BoltDb.go
@@ -96,7 +96,7 @@ func (d *BoltDb) Connect(token string) {
 		if err != nil {
 			panic(err)
 		}
-		filename = config.Hostname
+		filename = config.GetHostname()
 	} else {
 		filename = d.Filename
 	}
diff --git a/db/sql/SqlDb.go b/db/sql/SqlDb.go
index 90a242e7..710e4687 100644
--- a/db/sql/SqlDb.go
+++ b/db/sql/SqlDb.go
@@ -174,7 +174,7 @@ func createDb() error {
 		return err
 	}
 
-	_, err = conn.Exec("create database " + cfg.DbName)
+	_, err = conn.Exec("create database " + cfg.GetDbName())
 
 	if err != nil {
 		log.Warn(err.Error())
diff --git a/lib/AnsiblePlaybook.go b/lib/AnsiblePlaybook.go
index 75dd1ad4..7b1209f8 100644
--- a/lib/AnsiblePlaybook.go
+++ b/lib/AnsiblePlaybook.go
@@ -28,6 +28,21 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
 		cmd.Env = append(cmd.Env, *environmentVars...)
 	}
 
+	sensitiveEnvs := []string{
+		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
+		"SEMAPHORE_ADMIN_PASSWORD",
+		"SEMAPHORE_DB_USER",
+		"SEMAPHORE_DB_NAME",
+		"SEMAPHORE_DB_HOST",
+		"SEMAPHORE_DB_PASS",
+		"SEMAPHORE_LDAP_PASSWORD",
+	}
+
+	// Remove sensitive env variables from cmd process
+	for _, env := range sensitiveEnvs {
+		cmd.Env = append(cmd.Env, env+"=")
+	}
+
 	return cmd
 }
 
diff --git a/util/config.go b/util/config.go
index c52c797e..15eb3fa3 100644
--- a/util/config.go
+++ b/util/config.go
@@ -292,31 +292,68 @@ func (d DbDriver) String() string {
 }
 
 func (d *DbConfig) IsPresent() bool {
-	return d.Hostname != ""
+	return d.GetHostname() != ""
 }
 
 func (d *DbConfig) HasSupportMultipleDatabases() bool {
 	return true
 }
 
+func (d *DbConfig) GetDbName() string {
+	dbName := os.Getenv("SEMAPHORE_DB_NAME")
+	if dbName != "" {
+		return dbName
+	}
+	return d.DbName
+}
+
+func (d *DbConfig) GetUsername() string {
+	username := os.Getenv("SEMAPHORE_DB_USER")
+	if username != "" {
+		return username
+	}
+	return d.Username
+}
+
+func (d *DbConfig) GetPassword() string {
+	password := os.Getenv("SEMAPHORE_DB_PASS")
+	if password != "" {
+		return password
+	}
+	return d.Password
+}
+
+func (d *DbConfig) GetHostname() string {
+	hostname := os.Getenv("SEMAPHORE_DB_HOST")
+	if hostname != "" {
+		return hostname
+	}
+	return d.Hostname
+}
+
 func (d *DbConfig) GetConnectionString(includeDbName bool) (connectionString string, err error) {
+	dbName := d.GetDbName()
+	dbUser := d.GetUsername()
+	dbPass := d.GetPassword()
+	dbHost := d.GetHostname()
+
 	switch d.Dialect {
 	case DbDriverBolt:
-		connectionString = d.Hostname
+		connectionString = dbHost
 	case DbDriverMySQL:
 		if includeDbName {
 			connectionString = fmt.Sprintf(
 				"%s:%s@tcp(%s)/%s",
-				d.Username,
-				d.Password,
-				d.Hostname,
-				d.DbName)
+				dbUser,
+				dbPass,
+				dbHost,
+				dbName)
 		} else {
 			connectionString = fmt.Sprintf(
 				"%s:%s@tcp(%s)/",
-				d.Username,
-				d.Password,
-				d.Hostname)
+				dbUser,
+				dbPass,
+				dbHost)
 		}
 		options := map[string]string{
 			"parseTime":         "true",
@@ -330,16 +367,16 @@ func (d *DbConfig) GetConnectionString(includeDbName bool) (connectionString str
 		if includeDbName {
 			connectionString = fmt.Sprintf(
 				"postgres://%s:%s@%s/%s",
-				d.Username,
-				url.QueryEscape(d.Password),
-				d.Hostname,
-				d.DbName)
+				dbUser,
+				url.QueryEscape(dbPass),
+				dbHost,
+				dbName)
 		} else {
 			connectionString = fmt.Sprintf(
 				"postgres://%s:%s@%s",
-				d.Username,
-				url.QueryEscape(d.Password),
-				d.Hostname)
+				dbUser,
+				url.QueryEscape(dbPass),
+				dbHost)
 		}
 		connectionString += mapToQueryString(d.Options)
 	default:
@@ -355,11 +392,11 @@ func (conf *ConfigType) PrintDbInfo() {
 	}
 	switch dialect {
 	case DbDriverMySQL:
-		fmt.Printf("MySQL %v@%v %v\n", conf.MySQL.Username, conf.MySQL.Hostname, conf.MySQL.DbName)
+		fmt.Printf("MySQL %v@%v %v\n", conf.MySQL.GetUsername(), conf.MySQL.GetHostname(), conf.MySQL.GetDbName())
 	case DbDriverBolt:
-		fmt.Printf("BoltDB %v\n", conf.BoltDb.Hostname)
+		fmt.Printf("BoltDB %v\n", conf.BoltDb.GetHostname())
 	case DbDriverPostgres:
-		fmt.Printf("Postgres %v@%v %v\n", conf.Postgres.Username, conf.Postgres.Hostname, conf.Postgres.DbName)
+		fmt.Printf("Postgres %v@%v %v\n", conf.Postgres.GetUsername(), conf.Postgres.GetHostname(), conf.Postgres.GetDbName())
 	default:
 		panic(fmt.Errorf("database configuration not found"))
 	}