diff --git a/cmd/immuadmin/command/service/configs/immugw.toml.linux.dist.go b/cmd/immuadmin/command/service/configs/immugw.toml.linux.dist.go
index 51e8d00d9d..1462438feb 100644
--- a/cmd/immuadmin/command/service/configs/immugw.toml.linux.dist.go
+++ b/cmd/immuadmin/command/service/configs/immugw.toml.linux.dist.go
@@ -30,4 +30,10 @@ detached = false
 servername = "localhost"
 pkey = "/etc/immudb/mtls/4_client/private/localhost.key.pem"
 certificate = "/etc/immudb/mtls/4_client/certs/localhost.cert.pem"
-clientcas = "/etc/immudb/mtls/2_intermediate/certs/ca-chain.cert.pem"`)
+clientcas = "/etc/immudb/mtls/2_intermediate/certs/ca-chain.cert.pem"
+audit = false
+# valid suffixes: "s", "m", "h", examples: 10s, 5m 1h
+audit-interval = "5m"
+audit-username = "immugwauditor"
+# password can be plaintext or base64
+audit-password = ""`)
diff --git a/cmd/immuadmin/command/service/configs/immugw.toml.windows.dist.go b/cmd/immuadmin/command/service/configs/immugw.toml.windows.dist.go
index 2a65cad5d9..1bde7657cd 100644
--- a/cmd/immuadmin/command/service/configs/immugw.toml.windows.dist.go
+++ b/cmd/immuadmin/command/service/configs/immugw.toml.windows.dist.go
@@ -30,4 +30,10 @@ detached = false
 servername = "localhost"
 pkey = "%programdata%\\Immugw\\config\\mtls\\4_client\\private\\localhost.key.pem"
 certificate = "%programdata%\\Immugw\\config\\mtls\\4_client\\certs\\localhost.cert.pem"
-clientcas = "%programdata%\\Immugw\\config\\mtls\\2_intermediate\\certs\\ca-chain.cert.pem"`)
+clientcas = "%programdata%\\Immugw\\config\\mtls\\2_intermediate\\certs\\ca-chain.cert.pem"
+audit = false
+# valid suffixes: "s", "m", "h", examples: 10s, 5m 1h
+audit-interval = "5m"
+audit-username = "immugwauditor"
+# password can be plaintext or base64
+audit-password = ""`)
diff --git a/configs/immugw.toml.dist b/configs/immugw.toml.dist
index 8f91a2a67f..f11673449d 100644
--- a/configs/immugw.toml.dist
+++ b/configs/immugw.toml.dist
@@ -12,6 +12,8 @@ pkey = "./tools/mtls/4_client/private/localhost.key.pem"
 certificate = "./tools/mtls/4_client/certs/localhost.cert.pem"
 clientcas = "./tools/mtls/2_intermediate/certs/ca-chain.cert.pem"
 audit = false
-audit-interval = "5m" # suffixes: "s", "m", "h", examples: 10s, 5m 1h
+# valid suffixes: "s", "m", "h", examples: 10s, 5m 1h
+audit-interval = "5m"
 audit-username = "immugwauditor"
+# password can be plaintext or base64
 audit-password = ""
diff --git a/pkg/client/auditor/auditor.go b/pkg/client/auditor/auditor.go
index 1305c9b320..44883870e2 100644
--- a/pkg/client/auditor/auditor.go
+++ b/pkg/client/auditor/auditor.go
@@ -18,6 +18,7 @@ package auditor
 
 import (
 	"context"
+	"encoding/base64"
 	"io"
 	"os"
 	"regexp"
@@ -57,10 +58,18 @@ func DefaultAuditor(
 	serverAddress string,
 	dialOptions *[]grpc.DialOption,
 	username string,
-	password string,
+	passwordBase64 string,
 	history cache.HistoryCache,
 	updateMetrics func(string, string, bool, bool, bool, *schema.Root, *schema.Root),
 	logoutput io.Writer) (Auditor, error) {
+
+	password := strings.TrimSpace(passwordBase64)
+	if password != "" {
+		passwordBytes, err := base64.StdEncoding.DecodeString(passwordBase64)
+		if err == nil {
+			password = string(passwordBytes)
+		}
+	}
 	if logoutput == nil {
 		logoutput = os.Stderr
 	}