diff --git a/roles/web-app-mailu/tasks/02_create-mailu-user.yml b/roles/web-app-mailu/tasks/02_create-mailu-user.yml
index 375b4a08..11b325a7 100644
--- a/roles/web-app-mailu/tasks/02_create-mailu-user.yml
+++ b/roles/web-app-mailu/tasks/02_create-mailu-user.yml
@@ -13,6 +13,7 @@
     )
   changed_when: mailu_user_result.rc == 0
   when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Change password for user '{{ mailu_user_key }};{{ mailu_user_name }}@{{ mailu_domain }}'"
   command: >
@@ -21,6 +22,7 @@
   args:
     chdir: "{{ mailu_compose_dir }}"
   when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Create Mailu API Token for {{ mailu_user_name }}"
   include_tasks: 03_create-mailu-token.yml
diff --git a/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml b/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml
index a9959a81..b6dab8c4 100644
--- a/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml
+++ b/roles/web-app-mailu/tasks/04_set-mailu-dns-records.yml
@@ -16,6 +16,7 @@
     state: present
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Set CNAME record for autoconfig"
   community.general.cloudflare_dns:
@@ -29,6 +30,7 @@
     state: present
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Set MX record"
   community.general.cloudflare_dns:
@@ -42,6 +44,7 @@
     state: present
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Set SRV records"
   community.general.cloudflare_dns:
@@ -63,6 +66,7 @@
   #changed_when: srv_result.rc == 0 and ("An identical record already exists" not in srv_result.stdout)
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Set SPF TXT record"
   community.general.cloudflare_dns:
@@ -75,6 +79,7 @@
     state: present
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Set DMARC TXT record"
   community.general.cloudflare_dns:
@@ -87,6 +92,7 @@
     state: present
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: "Set DKIM TXT record"
   community.general.cloudflare_dns:
@@ -98,4 +104,5 @@
     ttl: 1
     state: present
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
\ No newline at end of file
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
\ No newline at end of file
diff --git a/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml b/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml
index 73e71947..110e6eb3 100644
--- a/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml
+++ b/roles/web-app-mailu/tasks/05_generate-and-read-dkim.yml
@@ -1,7 +1,7 @@
 - name: Check if DKIM private key file exists in the antispam container
   command: >
     docker compose exec -T antispam
-    test -f {{mailu_dkim_key_path}}
+    test -f {{ mailu_dkim_key_path }}
   register: dkim_key_file_stat
   failed_when:  false
   changed_when: false
@@ -16,6 +16,7 @@
   when: dkim_key_file_stat.rc != 0
   args:
     chdir: "{{ docker_compose.directories.instance }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: Fetch DKIM private key from antispam container
   shell: >
@@ -26,6 +27,7 @@
   register: dkim_priv_content
   failed_when: dkim_priv_content.rc != 0
   changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: Generate DKIM public key on the host
   command: openssl rsa -pubout
@@ -33,6 +35,7 @@
     stdin: "{{ dkim_priv_content.stdout }}"
   register: dkim_pub_raw
   changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: Normalize and build Mailu DKIM TXT record
   set_fact:
@@ -43,7 +46,10 @@
         | regex_replace('-----END PUBLIC KEY-----', '')
         | regex_replace('\s+', '')
       }}
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
 
 - name: Debug Mailu DKIM public key
   debug:
-    msg: "Mailu DKIM public key: {{ mailu_dkim_public_key }}"
\ No newline at end of file
+    msg: "Mailu DKIM public key: {{ mailu_dkim_public_key }}"
+  when: MODE_DEBUG | bool
+  
\ No newline at end of file