diff --git a/core/server/services/settings/index.js b/core/server/services/settings/index.js
index 1bb7902521..c2480cf5ef 100644
--- a/core/server/services/settings/index.js
+++ b/core/server/services/settings/index.js
@@ -6,23 +6,7 @@ const events = require('../../lib/common/events');
 const models = require('../../models');
 const SettingsCache = require('../../../shared/settings-cache');
 const SettingsBREADService = require('./settings-bread-service');
-
-// The string returned when a setting is set as write-only
-const obfuscatedSetting = '••••••••';
-
-// The function used to decide whether a setting is write-only
-function isSecretSetting(setting) {
-    return /secret/.test(setting.key);
-}
-
-// The function that obfuscates a write-only setting
-// NOTE: move this method into SettingsBREADService once once refactoring is finished
-function hideValueIfSecret(setting) {
-    if (setting.value && isSecretSetting(setting)) {
-        return {...setting, value: obfuscatedSetting};
-    }
-    return setting;
-}
+const {obfuscatedSetting, isSecretSetting, hideValueIfSecret} = require('./settings-utils');
 
 /**
  * @returns {SettingsBREADService} instance of the PostsService
diff --git a/core/server/services/settings/settings-bread-service.js b/core/server/services/settings/settings-bread-service.js
index 1c1c870494..3623e29628 100644
--- a/core/server/services/settings/settings-bread-service.js
+++ b/core/server/services/settings/settings-bread-service.js
@@ -1,28 +1,13 @@
 const _ = require('lodash');
 const tpl = require('@tryghost/tpl');
 const {NotFoundError, NoPermissionError, BadRequestError} = require('@tryghost/errors');
+const {obfuscatedSetting, isSecretSetting, hideValueIfSecret} = require('./settings-utils');
 
 const messages = {
     problemFindingSetting: 'Problem finding setting: {key}',
     accessCoreSettingFromExtReq: 'Attempted to access core setting from external request'
 };
 
-// The string returned when a setting is set as write-only
-const obfuscatedSetting = '••••••••';
-
-// The function used to decide whether a setting is write-only
-function isSecretSetting(setting) {
-    return /secret/.test(setting.key);
-}
-
-// The function that obfuscates a write-only setting
-function hideValueIfSecret(setting) {
-    if (setting.value && isSecretSetting(setting)) {
-        return {...setting, value: obfuscatedSetting};
-    }
-    return setting;
-}
-
 class SettingsBREADService {
     /**
      *
diff --git a/core/server/services/settings/settings-utils.js b/core/server/services/settings/settings-utils.js
new file mode 100644
index 0000000000..8ab3b1ec91
--- /dev/null
+++ b/core/server/services/settings/settings-utils.js
@@ -0,0 +1,32 @@
+// The string returned when a setting is set as write-only
+const obfuscatedSetting = '••••••••';
+
+/**
+ * @description // The function used to decide whether a setting is write-only
+ * @param {Object} setting setting record
+ * @param {String} setting.key
+ * @returns {Boolean}
+ */
+function isSecretSetting(setting) {
+    return /secret/.test(setting.key);
+}
+
+/**
+ * @description The function that obfuscates a write-only setting
+ * @param {Object} setting setting record
+ * @param {String} setting.value
+ * @param {String} setting.key
+ * @returns {Object} settings record with obfuscated value if it's a secret
+ */
+function hideValueIfSecret(setting) {
+    if (setting.value && isSecretSetting(setting)) {
+        return {...setting, value: obfuscatedSetting};
+    }
+    return setting;
+}
+
+module.exports = {
+    obfuscatedSetting,
+    isSecretSetting,
+    hideValueIfSecret
+};