diff --git a/controllers/node.go b/controllers/node.go
index 01b16c2e..6257baa6 100644
--- a/controllers/node.go
+++ b/controllers/node.go
@@ -304,6 +304,12 @@ func getNetworkNodes(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for _, node := range nodes {
+		if len(node.NetworkSettings.AccessKeys) > 0 {
+			node.NetworkSettings.AccessKeys = []models.AccessKey{} // not to be sent back to client; client already knows how to join the network
+		}
+	}
+
 	//Returns all the nodes in JSON format
 	logger.Log(2, r.Header.Get("user"), "fetched nodes on network", networkName)
 	w.WriteHeader(http.StatusOK)
@@ -380,6 +386,10 @@ func getNode(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(node.NetworkSettings.AccessKeys) > 0 {
+		node.NetworkSettings.AccessKeys = []models.AccessKey{} // not to be sent back to client; client already knows how to join the network
+	}
+
 	response := models.NodeGet{
 		Node:         node,
 		Peers:        peerUpdate.Peers,
diff --git a/mq/publishers.go b/mq/publishers.go
index 49b958e6..423e1461 100644
--- a/mq/publishers.go
+++ b/mq/publishers.go
@@ -85,6 +85,11 @@ func NodeUpdate(node *models.Node) error {
 		return nil
 	}
 	logger.Log(3, "publishing node update to "+node.Name)
+
+	if len(node.NetworkSettings.AccessKeys) > 0 {
+		node.NetworkSettings.AccessKeys = []models.AccessKey{} // not to be sent (don't need to spread access keys around the network; we need to know how to reach other nodes, not become them)
+	}
+
 	data, err := json.Marshal(node)
 	if err != nil {
 		logger.Log(2, "error marshalling node update ", err.Error())