diff --git a/server/api/admin/recaptcha-config.post.ts b/server/api/admin/recaptcha-config.post.ts
index ca41bb9..e5356bb 100644
--- a/server/api/admin/recaptcha-config.post.ts
+++ b/server/api/admin/recaptcha-config.post.ts
@@ -45,12 +45,25 @@ export default defineEventHandler(async (event) => {
       });
     }
 
+    // Get existing configuration to preserve secretKey if not changed
+    const { getRecaptchaConfig, saveRecaptchaConfig } = await import('~/server/utils/admin-config');
+    const existingConfig = getRecaptchaConfig();
+    
+    // Check if secretKey is the masked value
+    const isMaskedSecretKey = body.secretKey === '••••••••••••••••';
+    
     // Save reCAPTCHA configuration
-    const { saveRecaptchaConfig } = await import('~/server/utils/admin-config');
     await saveRecaptchaConfig({
       siteKey: body.siteKey.trim(),
-      secretKey: body.secretKey.trim()
+      // If secretKey is masked bullets, preserve existing secretKey
+      // Otherwise, use the new secretKey
+      secretKey: isMaskedSecretKey 
+        ? (existingConfig.secretKey || '') 
+        : body.secretKey.trim()
     }, session.user.email);
+    
+    console.log('[api/admin/recaptcha-config.post] Secret key action:', 
+      isMaskedSecretKey ? 'preserved' : 'updated');
 
     console.log('[api/admin/recaptcha-config.post] ✅ reCAPTCHA configuration saved successfully');
 
diff --git a/server/api/admin/smtp-config.post.ts b/server/api/admin/smtp-config.post.ts
index 76e5112..6ec5272 100644
--- a/server/api/admin/smtp-config.post.ts
+++ b/server/api/admin/smtp-config.post.ts
@@ -57,20 +57,33 @@ export default defineEventHandler(async (event) => {
       });
     }
 
+    // Get existing configuration to preserve password if not changed
+    const { getSMTPConfig } = await import('~/server/utils/admin-config');
+    const existingConfig = getSMTPConfig();
+    
+    // Check if password is the masked value
+    const isMaskedPassword = body.password === '••••••••••••••••';
+    
     // Prepare configuration object
     const smtpConfig = {
       host: body.host.trim(),
       port: port,
       secure: Boolean(body.secure),
       username: body.username?.trim() || '',
-      password: body.password?.trim() || '',
+      // If password is masked bullets, preserve existing password
+      // If password is empty, clear it
+      // Otherwise, use the new password
+      password: isMaskedPassword 
+        ? (existingConfig.password || '') 
+        : (body.password?.trim() || ''),
       fromAddress: body.fromAddress.trim(),
       fromName: body.fromName.trim()
     };
 
     console.log('[api/admin/smtp-config.post] Saving SMTP config:', {
       ...smtpConfig,
-      password: smtpConfig.password ? '••••••••••••••••' : ''
+      password: smtpConfig.password ? '••••••••••••••••' : '',
+      passwordAction: isMaskedPassword ? 'preserved' : (body.password ? 'updated' : 'cleared')
     });
 
     // Save SMTP configuration