diff --git a/changelogs/unreleased/sfang-do-not-show-token-name.yml b/changelogs/unreleased/sfang-do-not-show-token-name.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d4c337a87041b472d11903bacc906fcfd4e063fa
--- /dev/null
+++ b/changelogs/unreleased/sfang-do-not-show-token-name.yml
@@ -0,0 +1,5 @@
+---
+title: Do not expose user name if user is project bot
+merge_request: 54022
+author:
+type: changed
diff --git a/lib/api/entities/user_safe.rb b/lib/api/entities/user_safe.rb
index feb01767fd6cf5be8bac1647b9b55441729062e4..2b7c14cba6e26c32a64c235d22d4fdd41bf4aca5 100644
--- a/lib/api/entities/user_safe.rb
+++ b/lib/api/entities/user_safe.rb
@@ -3,7 +3,8 @@
 module API
   module Entities
     class UserSafe < Grape::Entity
-      expose :id, :name, :username
+      expose :id, :username
+      expose :name, unless: ->(user) { user.project_bot? && !options[:current_user].admin?}
     end
   end
 end
diff --git a/spec/features/projects/members/list_spec.rb b/spec/features/projects/members/list_spec.rb
index f1fc3927b0374097d899b6a4f2ad495bd1139dc9..3cc3c763e29c6865e90a414c5b196a4bbe7dd285 100644
--- a/spec/features/projects/members/list_spec.rb
+++ b/spec/features/projects/members/list_spec.rb
@@ -127,7 +127,7 @@
       it 'does not show form used to change roles and "Expiration date" or the remove user button' do
         visit_members_page
 
-        page.within find_member_row(project_bot) do
+        page.within find_username_row(project_bot) do
           expect(page).not_to have_button('Maintainer')
           expect(page).to have_field('Expiration date', disabled: true)
           expect(page).not_to have_button('Remove member')
diff --git a/spec/lib/api/entities/user_spec.rb b/spec/lib/api/entities/user_spec.rb
index e35deeb6263feb4b16ce2a92f6313d3d34ca0359..0deaf47697707efbce42f94d75dacf67cf00456a 100644
--- a/spec/lib/api/entities/user_spec.rb
+++ b/spec/lib/api/entities/user_spec.rb
@@ -35,4 +35,22 @@
       expect(subject[:bot]).to eq(true)
     end
   end
+
+  context 'with project bot user' do
+    let(:user) { create(:user, :project_bot) }
+
+    context 'when the requester is not an admin' do
+      it 'does not expose project bot user name' do
+        expect(subject).not_to include(:name)
+      end
+    end
+
+    context 'when the requester is an admin' do
+      let(:current_user) { create(:user, :admin) }
+
+      it 'exposes project bot user name' do
+        expect(subject).to include(:name)
+      end
+    end
+  end
 end
diff --git a/spec/support/helpers/features/members_table_helpers.rb b/spec/support/helpers/features/members_table_helpers.rb
index 4a0e218ed3e0f6b43aaf8d7f15a0ac810371f7ae..80fd4bcf07acb7d9cda33082372f0bbad0d74523 100644
--- a/spec/support/helpers/features/members_table_helpers.rb
+++ b/spec/support/helpers/features/members_table_helpers.rb
@@ -41,6 +41,10 @@ def find_member_row(user)
             find_row(user.name)
           end
 
+          def find_username_row(user)
+            find_row(user.username)
+          end
+
           def find_invited_member_row(email)
             find_row(email)
           end