Usually any kind of authentication (for instance basic auth) in you CALL REST action shows up as ‘Authentication: (omitted)’ in the logs in case of ERROR or TRACE levels, so I wouldn't know why it would show up in INFO.
Sounds to me like you're logging the credentials yourself or if you are putting them in JSON/XML you might want to check the loglevels of the JSON and XML Export to see if they are accidentaly put on TRACE.
one option is to set the log level to "none".
If there is an issue with the application in production, having logs that capture the steps leading up to the error can be crucial for troubleshooting and debugging. If the log level is set to "none," there will be no logs available to help identify and resolve the issue.
while setting the log level to "none" may reduce resource usage and improve performance, it comes at the cost of losing valuable information that can be crucial for maintaining the health and security of a production environment. It is generally recommended to set the log level to an appropriate level that balances the need for logging with the need for performance and resource efficiency.