diff --git a/server_environment/server_env.py b/server_environment/server_env.py
index f18c0312d..9f2208c2a 100644
--- a/server_environment/server_env.py
+++ b/server_environment/server_env.py
@@ -308,11 +308,11 @@ def get_view(self, view_id=None, view_type="form", **options):
     @api.model
     def _is_secret(self, key):
         """
-        This method is intended to be inherited to defined which keywords
-        should be secret.
-        :return: list of secret keywords
+        This method is intended to be inherited to define which values
+        should be kept secret.
+        :return: True if information has to be protected, False otherwise
         """
-        secret_keys = ["passw", "key", "secret", "token"]
+        secret_keys = ["_pass", "passw", "key", "secret", "token"]
         return any(secret_key in key for secret_key in secret_keys)
 
     @api.model
diff --git a/server_environment/tests/common.py b/server_environment/tests/common.py
index 798895ef1..6ac6266e3 100644
--- a/server_environment/tests/common.py
+++ b/server_environment/tests/common.py
@@ -34,13 +34,24 @@ def set_env_variables(self, public=None, secret=None):
             yield
 
     @contextmanager
-    def load_config(self, public=None, secret=None, serv_config_class=server_env_mixin):
+    def load_config(
+        self,
+        public=None,
+        secret=None,
+        config_dir=None,
+        serv_config_class=server_env_mixin,
+    ):
         original_serv_config = serv_config_class.serv_config
         try:
-            with self.set_config_dir(None), self.set_env_variables(public, secret):
+            with (
+                self.set_config_dir(config_dir),
+                self.set_env_variables(public, secret),
+            ):
                 parser = server_env._load_config()
                 serv_config_class.serv_config = parser
+                server_env.serv_config = parser
                 yield
 
         finally:
             serv_config_class.serv_config = original_serv_config
+            server_env.serv_config = original_serv_config
diff --git a/server_environment/tests/test_server_environment.py b/server_environment/tests/test_server_environment.py
index cfa6878c9..9f605942a 100644
--- a/server_environment/tests/test_server_environment.py
+++ b/server_environment/tests/test_server_environment.py
@@ -9,6 +9,17 @@
 from .. import server_env
 from . import common
 
+NO_DEFAULT = [
+    "id",
+    "create_uid",
+    "create_date",
+    "write_uid",
+    "write_date",
+    "display_name",
+    "config",
+    "__last_update",
+]
+
 
 class TestEnv(common.ServerEnvironmentCase):
     def test_view(self):
@@ -20,17 +31,20 @@ def _test_default(self, hidden_pwd=False):
         model = self.env["server.config"]
         rec = model.create({})
         fields = model.fields_get()
-        self.assertTrue(fields)
         defaults = rec.default_get(list(fields))
-        self.assertTrue(defaults)
+        fields_with_default = {fld for fld in fields if fld not in NO_DEFAULT}
+        self.assertTrue(fields_with_default)
         self.assertIsInstance(defaults, dict)
+        self.assertEqual(fields_with_default, set(defaults))
+        # Check secrets
         pass_checked = False
         for default in defaults:
-            if "passw" in default:
+            if "_pass" in default:
                 check = self.assertEqual if hidden_pwd else self.assertNotEqual
                 check(defaults[default], "**********")
                 pass_checked = True
         self.assertTrue(pass_checked)
+        return defaults
 
     @patch.dict(odoo_config.options, {"running_env": "dev"})
     def test_default_dev(self):
@@ -54,10 +68,23 @@ def test_odoosh_dev_from_environ(self):
         self._test_default()
 
     @patch.dict(odoo_config.options, {"running_env": "testing"})
-    def test_value_retrival(self):
+    def test_value_retrieval(self):
         with self.set_config_dir("testfiles"):
             parser = server_env._load_config()
             val = parser.get("external_service.ftp", "user")
             self.assertEqual(val, "testing")
             val = parser.get("external_service.ftp", "host")
             self.assertEqual(val, "sftp.example.com")
+
+    @patch.dict(odoo_config.options, {"running_env": "testing"})
+    def test_default_hidden_password(self):
+        with self.load_config(config_dir="testfiles"):
+            model = self.env["server.config"]
+            model._add_columns()
+            self.env.registry.setup_models(self.env.cr)
+        defaults = self._test_default(hidden_pwd=True)
+
+        self.assertIn("odoo_I_admin_passwd", defaults)
+        self.assertIn("odoo_I_db_password", defaults)
+        self.assertIn("odoo_I_smtp_password", defaults)
+        self.assertIn("outgoing_mail_provider_promail_I_smtp_pass", defaults)
diff --git a/server_environment/tests/testfiles/testing/outmail.conf b/server_environment/tests/testfiles/testing/outmail.conf
new file mode 100644
index 000000000..cbc0df7ba
--- /dev/null
+++ b/server_environment/tests/testfiles/testing/outmail.conf
@@ -0,0 +1,6 @@
+[outgoing_mail.provider_promail]
+smtp_encryption	= ssl
+smtp_host = email.server.invalid
+smtp_pass = THISISNOTPUBLIC
+smtp_port = 912
+smtp_user = user_abc