diff --git a/apps/sim/app/workspace/[workspaceId]/settings/components/secrets/components/secret-value-field/secret-value-field.tsx b/apps/sim/app/workspace/[workspaceId]/settings/components/secrets/components/secret-value-field/secret-value-field.tsx
index fd3d8056c9..be6b14d6f9 100644
--- a/apps/sim/app/workspace/[workspaceId]/settings/components/secrets/components/secret-value-field/secret-value-field.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/settings/components/secrets/components/secret-value-field/secret-value-field.tsx
@@ -6,6 +6,13 @@ import { ChipInput } from '@/components/emcn'
 
 const BULLET = '\u2022'
 
+/**
+ * Viewers always see this many bullets regardless of the real value, which the
+ * server withholds (empty string) for non-admins. A fixed length also avoids
+ * leaking the secret's length.
+ */
+const VIEWER_MASK_LENGTH = 10
+
 type SecretValueFieldProps = Omit<
   ComponentProps<'input'>,
   'type' | 'value' | 'onChange' | 'readOnly'
@@ -50,7 +57,7 @@ export function SecretValueField({
   const [focused, setFocused] = useState(false)
   const editable = canEdit && !readOnly
   const maskActive = canEdit && !unmasked && !focused
-  const displayValue = canEdit ? value : value ? BULLET.repeat(value.length) : ''
+  const displayValue = canEdit ? value : BULLET.repeat(VIEWER_MASK_LENGTH)
 
   const mergedStyle: CSSProperties | undefined = maskActive
     ? ({ ...style, WebkitTextSecurity: 'disc' } as CSSProperties)
diff --git a/apps/sim/lib/oauth/oauth.ts b/apps/sim/lib/oauth/oauth.ts
index f7af93832e..9cca712769 100644
--- a/apps/sim/lib/oauth/oauth.ts
+++ b/apps/sim/lib/oauth/oauth.ts
@@ -541,9 +541,6 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
           'write:request.participant:jira-service-management',
           'read:request.approval:jira-service-management',
           'write:request.approval:jira-service-management',
-          'read:form:jira-service-management',
-          'write:form:jira-service-management',
-          'delete:form:jira-service-management',
         ],
       },
     },
diff --git a/apps/sim/lib/oauth/utils.ts b/apps/sim/lib/oauth/utils.ts
index 1f7eae2e77..f95626781a 100644
--- a/apps/sim/lib/oauth/utils.ts
+++ b/apps/sim/lib/oauth/utils.ts
@@ -201,9 +201,6 @@ export const SCOPE_DESCRIPTIONS: Record<string, string> = {
     'Add and remove participants from customer requests',
   'read:request.approval:jira-service-management': 'View approvals on customer requests',
   'write:request.approval:jira-service-management': 'Approve or decline customer requests',
-  'read:form:jira-service-management': 'View JSM forms and templates',
-  'write:form:jira-service-management': 'Attach, save, and submit JSM forms',
-  'delete:form:jira-service-management': 'Delete JSM forms',
 
   // Microsoft scopes
   'User.Read': 'Read Microsoft user',