Exporting your config to share in the forum is actually pretty easy. Here’s a quick step-by-step guide on how to do it: http://forum.mikrotik.com/t/forum-rules/173010/1
I have found that my exports, even without show-sensitive, include a whole bunch of what I would call sensitive info, including:
firstname
lastname
email-address
various passwords
dynamic dns host names
wireguard keys
clientkey for dyndns.org
admin-mac (and other mac addresses)
Some of this sensitive data are in scripts, some are in the wireguard config, some are in other places.
Really? 
I wonder why one of the steps in the linked to guide by gigabyte091 reads textually (bolding is mine):
When file is opened we get our exported configuration and > now it’s time to redact sensitive information > like MAC addresses, serial numbers, software id’s, public IPs if we have one, public keys > or any other information > we found sensitive:
What the “any other information” includes is up to the reader, but I would guess that it would normally include:
firstname
lastname
email-address
various passwords
dynamic dns host names
wireguard keys
clientkey for dyndns.org
besides your mother’s maiden name, the name of your first pet, the name of the street you lived in when five, and many other pieces of info that you may have placed intentionally or accidentally in the Mikrotik device config … 
Doesn’t everyone include all of these in their ROS configs:
Date of birth
Eye color
Blood Type
Home address
Financial accounts numbers
Image of passport
Social security number
Favorite movie and flavor of ice cream
Pets names
The point being, silly goose is that Jaclaz is talking about
a. the items in the config that are not already removed by RoS ( RoS removes passwords and ipsec stuff for example )
b. the items you added or router added, NEEDED not whimsically added, to make the config work, be it public IP address, gateway IP, wireguard keys etc…
Clearly if on your own you add personal information, thats on you to remove!
There is no need really, as you can always use common terms familiar to you that have no security implication.
like Boathouse, GuestHouse, MainFactory, Outhouse, etc… except as you have stated you may in a script have entered an email address etc…
I have seeing lots of timezones in shared configs, that also may expose your location.
And of course wifi country settings.
Good point, the somali gang members probably dont want people to know they are in Sweden.,…shhhhh its a secret.
Yep, but a line must be drawn somewhere about this obsession with privacy/security, the timezone and/or country or even city is not a particularly sensitive piece of information.
That, and revealing that you are using 192.168.1.0/24 in your LAN is not something that would make a difference if “they” are after you (BTW, if “they” are after you, “they” already got you).
Now the SSID of your wifi?
“home”, “office”, “stay-off-my-wifi” are fine, “wi-fi_at_125:Wellington_Road_Stockport” may not.
And allow me to doubt that leaving MAC addresses unredacted will cause a security breach.
I agree 100% with ‘if they want you, they’ll get you.’ Head down, don’t look for trouble…
I have always wondered about the MAC address disclosure vulnerability. I just assumed that the experts here knew of a specific approach/method/explot that could take a known MAC address, somehow find it on the Internet (assuming it is an exposed interface), and exploit it.
Even if not exploit it, we are back to the first point: If someone knew my router’s WAN port’s mac address, and somehow could find it on the Internet, they could simply attack it – not necessarily ‘break in’ but certainly bring down the ability of the router to communicate with the Internet.
Let’s not write bulls–t.
If someone knows the MAC they could only “attack” you if already connected to your network, or at most it would be the ISP itself that could “attack” you.
But if a neighbor of “WAN” or the ISP wanted to attack you, the MAC they already know for sure…
What in the world did I write that was bull**it?
Did you see the word "somehow" in the phrase "somehow could find it on the Internet?" It was nothing more than hypothetical that "somehow" an attacker with my WAN port mac-address would "find it" (that is, find a path to it, or an ip address associated with it) and attack it.
More importantly, my comment was in the context of questioning whether disclosure of the mac address was indeed a security risk, as is often put forward here and that jaclaz was also questioning.
I apologize, not being fully versed in English, I still don’t understand the meaning.
My concept I think is clear about the MAC address: Anyone, if not directly connected, can’t do anything.
Then we can talk about compromised ISPs, compromised internal peripherals, etc., but they are already inside the house…
Okay, thank you.
I am glad to hear that you confirm that a mac address alone cannot be used by an attacker or hacker.
And, your English is infinitely better than my Italian, so my compliments to you (and all the other non-native-English speakers here).
If you ask me it’s any static public IP address you want to replace with some “fake” like 2.2.2.1 or whatever before posting.
And, also the serial number at top, since if you use /ip/cloud the serial number is part of the DNS name.
While the IP is “public”… having your config along with it publicly would allow someone to exploit any config errors to attack you.
We’re asking, we’re asking…
I use a lot of dynamic hostnames, so those IP address equivalents (as far as security).
I always wondered why the MT device’s serial number was a sensitive piece of data – now I know.