How can I prevent the "write config" methods from saving a sensitive value?

[Houlistonm]

I have a working cobra/viper configuration that utilizes defaults, environment variables, and command line switches.
I would like write the settings to the configuration file w/o saving sensitive values like passwords

Is there a mechanism to identify a variable as sensitive (password) or to filter the state prior to writing?

The most obvious solution to me so far is the use the AllSettings method, filter the results, and write it myself.

Any other ideas?