diff --git a/config/application.rb b/config/application.rb
index 24ba219cf3a97f69ef74d14cca57d6860bea4874..bd4578848c538fb6e18fd69024f18ac86251114a 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -31,7 +31,7 @@ module Gitlab
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters.push(*[:password])
+    config.filter_parameters.push(:password, :password_confirmation, :private_token)
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true