diff --git a/app/Model/User.php b/app/Model/User.php
index 1016c5f2e..98fb96961 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -913,6 +913,8 @@ class User extends AppModel
         unset($fields['certif_public']);
         // Do not fetch password from db, it is automatically fetched by BaseAuthenticate::_findUser
         unset($fields['password']);
+        // Do not fetch authkey from db, it is sensitive and not need
+        unset($fields['authkey']);
         $fields = array_keys($fields);
 
         foreach ($this->belongsTo as $relatedModel => $foo) {