diff --git a/nixos/tests/kanidm-provisioning.nix b/nixos/tests/kanidm-provisioning.nix
index b45b972fe449..16e39dba729c 100644
--- a/nixos/tests/kanidm-provisioning.nix
+++ b/nixos/tests/kanidm-provisioning.nix
@@ -306,6 +306,10 @@ import ./make-test-python.nix (
             provision.succeed('${specialisations}/credentialProvision/bin/switch-to-configuration test')
             provision_login("${provisionIdmAdminPassword}")
 
+            # Make sure neither password is logged
+            provision.fail("journalctl --since -10m --unit kanidm.service --grep '${provisionAdminPassword}'")
+            provision.fail("journalctl --since -10m --unit kanidm.service --grep '${provisionIdmAdminPassword}'")
+
             # Test provisioned admin pw
             out = provision.succeed("KANIDM_PASSWORD=${provisionAdminPassword} kanidm login -D admin")
             assert_contains(out, "Login Success for admin")
diff --git a/pkgs/by-name/ka/kanidm/patches/1_3/recover-account.patch b/pkgs/by-name/ka/kanidm/patches/1_3/recover-account.patch
index a344f5a2086f..5f676bdbc103 100644
--- a/pkgs/by-name/ka/kanidm/patches/1_3/recover-account.patch
+++ b/pkgs/by-name/ka/kanidm/patches/1_3/recover-account.patch
@@ -19,7 +19,8 @@ index 40c18777f..40d553b40 100644
  
      #[instrument(
          level = "info",
-         skip(self, eventid),
+-        skip(self, eventid),
++        skip(self, password, eventid),
          fields(uuid = ?eventid)
      )]
      pub(crate) async fn handle_admin_recover_account(
diff --git a/pkgs/by-name/ka/kanidm/patches/1_4/recover-account.patch b/pkgs/by-name/ka/kanidm/patches/1_4/recover-account.patch
index 1ec61301f036..312c412809d8 100644
--- a/pkgs/by-name/ka/kanidm/patches/1_4/recover-account.patch
+++ b/pkgs/by-name/ka/kanidm/patches/1_4/recover-account.patch
@@ -19,7 +19,8 @@ index 420e72c6c..5c4353116 100644
  
      #[instrument(
          level = "info",
-         skip(self, eventid),
+-        skip(self, eventid),
++        skip(self, password, eventid),
          fields(uuid = ?eventid)
      )]
      pub(crate) async fn handle_admin_recover_account(
diff --git a/pkgs/by-name/ka/kanidm/patches/1_5/recover-account.patch b/pkgs/by-name/ka/kanidm/patches/1_5/recover-account.patch
index 1ec61301f036..312c412809d8 100644
--- a/pkgs/by-name/ka/kanidm/patches/1_5/recover-account.patch
+++ b/pkgs/by-name/ka/kanidm/patches/1_5/recover-account.patch
@@ -19,7 +19,8 @@ index 420e72c6c..5c4353116 100644
  
      #[instrument(
          level = "info",
-         skip(self, eventid),
+-        skip(self, eventid),
++        skip(self, password, eventid),
          fields(uuid = ?eventid)
      )]
      pub(crate) async fn handle_admin_recover_account(