diff --git a/src/phicli b/src/phicli
index c73b90b..fabed17 100755
--- a/src/phicli
+++ b/src/phicli
@@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 from pprint import pformat as pp
 from getpass import getpass
+import json
 
 from phi.config import get_config
 from phi.logging import setup_logging, get_logger
@@ -11,21 +12,36 @@ from phi.ldap.group import get_group_by_cn, get_all_groups, add_group_member
 
 log = get_logger(__name__)
 
+JSON_ENC = json.JSONEncoder()
+SHOW_PASSWORDS = False
 
-@cli.register('dispaly user fields', ['user identifier'])
+
+def sanitize(obj):
+    if isinstance(obj, list):
+        return [sanitize(el) for el in obj]
+    elif isinstance(obj, dict):
+        return dict((sanitize(k), sanitize(v)) for k, v in obj.items())
+    elif isinstance(obj, bytes):
+        return [hex(el) for el in list(obj)]
+    return obj
+
+
+@cli.register("dispaly user fields", ["user identifier"])
 def showuser(uid):
     user = get_user_by_uid(client, uid)
     if user is None:
-        print('User {} not found'.format(uid))
+        print("User {} not found".format(uid))
         return
+    if not SHOW_PASSWORDS:
+        user.pop("password")
 
-    print(pp(user))
+    print(JSON_ENC.encode(sanitize(user)))
 
 
-@cli.register('add a new user', ['user identifier'])
+@cli.register("add a new user", ["user identifier"])
 def adduser(uid):
     def ask(prompt, default):
-        full_prompt = '{} [{}] '.format(prompt, default)
+        full_prompt = "{} [{}] ".format(prompt, default)
         return input(full_prompt) or default
 
     user = get_user_by_uid(client, uid)
@@ -33,14 +49,14 @@ def adduser(uid):
         print("User {} already existing".format(uid))
         return
 
-    cn = ask('Common name:', uid)
-    sn = ask('Last name:', uid)
-    mail = ask('Mail:', '{}@localhost'.format(uid))
+    cn = ask("Common name:", uid)
+    sn = ask("Last name:", uid)
+    mail = ask("Mail:", "{}@localhost".format(uid))
 
     password = getpass()
-    pass_check = getpass('Retype password: ')
+    pass_check = getpass("Retype password: ")
     if password != pass_check:
-        print('Password not matching')
+        print("Password not matching")
         return
 
     add_user(client, uid, cn, sn, mail, password)
@@ -51,80 +67,80 @@ def adduser(uid):
     print(pp(user))
 
 
-@cli.register('delete an user', ['user identifier'])
+@cli.register("delete an user", ["user identifier"])
 def deluser(uid):
-    check = input('Are you sure? [y/N] ') or 'N'
-    if check.lower() != 'y':
-        print('Ok then')
+    check = input("Are you sure? [y/N] ") or "N"
+    if check.lower() != "y":
+        print("Ok then")
         return
 
     user = get_user_by_uid(client, uid)
     if user is not None:
         delete_user(client, user)
-        print('Done')
+        print("Done")
     else:
-        print('User {} not found'.format(uid))
+        print("User {} not found".format(uid))
 
 
-@cli.register('show a group', ['group common name'])
+@cli.register("show a group", ["group common name"])
 def showgroup(cn):
     group = get_group_by_cn(client, cn)
     if group is None:
-        print('Group {} not found'.format(gcn))
+        print("Group {} not found".format(gcn))
         return
 
     print(pp(group))
 
 
-@cli.register('list all groups')
+@cli.register("list all groups")
 def listgroups():
     groups = get_all_groups(client)
 
     for group in groups:
-        print(group['cn'])
+        print(group["cn"])
 
 
-@cli.register('add an user to a group',
-             ['user identifier', 'group common name'])
+@cli.register("add an user to a group", ["user identifier", "group common name"])
 def addtogroup(uid, gcn):
     user = get_user_by_uid(client, uid)
     group = get_group_by_cn(client, gcn)
 
     if user is None:
-        print('User {} not found'.format(uid))
+        print("User {} not found".format(uid))
         return
 
     if group is None:
-        print('Group {} not found'.format(gcn))
+        print("Group {} not found".format(gcn))
         return
 
-    if uid in group['members']:
-        print('User {} is already in group {}'.format(uid, gcn))
+    if uid in group["members"]:
+        print("User {} is already in group {}".format(uid, gcn))
         return
 
     add_group_member(client, group, user)
 
 
-if __name__ == '__main__':
-    cli.add_arg('--config', 'config.yml', 'custom configuration file')
+if __name__ == "__main__":
+    cli.add_arg("--config", "config.yml", "custom configuration file")
+    cli.add_flag("--show-passwords", "show the passwords bytes")
     args = cli.get_args()
 
-    config_file = args['config']
+    config_file = args["config"]
+    SHOW_PASSWORDS = args["show_passwords"]
 
     config_file, config = get_config(config_file)
-    setup_logging(config.get('logging', {}))
-    log.info("Using configuration at '{}':\n{}"
-             .format(config_file, pp(config)))
+    setup_logging(config.get("logging", {}))
+    log.info("Using configuration at '{}':\n{}".format(config_file, pp(config)))
 
     # TODO: check fields in config
-    client = phi.ldap.client.Client(**config['ldap'])
+    client = phi.ldap.client.Client(**config["ldap"])
 
-    log.info('Opening LDAP client')
+    log.info("Opening LDAP client")
     client.open()
 
-    log.info('Arguments: {}'.format(pp(args)))
+    log.info("Arguments: {}".format(pp(args)))
 
     cli.run(args)
 
-    log.info('Closing LDAP client')
+    log.info("Closing LDAP client")
     client.close()