diff --git a/api/api_utils.go b/api/api_utils.go
index 14bba528..50c42cb5 100644
--- a/api/api_utils.go
+++ b/api/api_utils.go
@@ -275,9 +275,6 @@ func checkUser(expected dataprovider.User, actual dataprovider.User) error {
 	if len(actual.Password) > 0 {
 		return errors.New("User password must not be visible")
 	}
-	if len(actual.PublicKeys) > 0 {
-		return errors.New("User public keys must not be visible")
-	}
 	if expected.ID <= 0 {
 		if actual.ID <= 0 {
 			return errors.New("actual user ID must be > 0")
diff --git a/api/schema/openapi.yaml b/api/schema/openapi.yaml
index 949f316f..9c611f9e 100644
--- a/api/schema/openapi.yaml
+++ b/api/schema/openapi.yaml
@@ -184,7 +184,7 @@ paths:
       tags:
       - users
       summary: Returns an array with one or more users
-      description: For security reasons password and public key are empty in the response
+      description: For security reasons passwords are empty in the response
       operationId: get_users
       parameters:
         - in: query
@@ -311,7 +311,7 @@ paths:
       tags:
       - users
       summary: Find user by ID
-      description: For security reasons password and public key are empty in the response
+      description: For security reasons passwords are empty in the response
       operationId: get_user_by_id
       parameters: 
       - name: userID
@@ -545,7 +545,7 @@ components:
           items:
             type: string
           nullable: true
-          description: a password or at least one public key are mandatory. For security reasons this field is omitted when you search/get users.
+          description: a password or at least one public key are mandatory.
         home_dir:
           type: string
           description: path to the user home directory. The user cannot upload or download files outside this directory. SFTPGo tries to automatically create this folder if missing. Must be an absolute path
diff --git a/api/user.go b/api/user.go
index 719aa63d..14d7a8c9 100644
--- a/api/user.go
+++ b/api/user.go
@@ -64,7 +64,6 @@ func getUserByID(w http.ResponseWriter, r *http.Request) {
 	user, err := dataprovider.GetUserByID(dataProvider, userID)
 	if err == nil {
 		user.Password = ""
-		user.PublicKeys = []string{}
 		render.JSON(w, r, user)
 	} else if _, ok := err.(*dataprovider.RecordNotFoundError); ok {
 		sendAPIResponse(w, r, err, "", http.StatusNotFound)
diff --git a/dataprovider/bolt.go b/dataprovider/bolt.go
index 60ac0482..06d91b82 100644
--- a/dataprovider/bolt.go
+++ b/dataprovider/bolt.go
@@ -303,7 +303,6 @@ func (p BoltProvider) close() error {
 
 func getUserNoCredentials(user *User) User {
 	user.Password = ""
-	user.PublicKeys = []string{}
 	return *user
 }
 
diff --git a/dataprovider/sqlcommon.go b/dataprovider/sqlcommon.go
index 524204a1..f5443124 100644
--- a/dataprovider/sqlcommon.go
+++ b/dataprovider/sqlcommon.go
@@ -202,10 +202,9 @@ func sqlCommonGetUsers(limit int, offset int, order string, username string, dbH
 		defer rows.Close()
 		for rows.Next() {
 			u, err := getUserFromDbRow(nil, rows)
-			// hide password and public key
+			// hide password
 			if err == nil {
 				u.Password = ""
-				u.PublicKeys = []string{}
 				users = append(users, u)
 			} else {
 				break