diff --git a/openstack/common/rpc/common.py b/openstack/common/rpc/common.py
index 937ada849..d20afb72a 100644
--- a/openstack/common/rpc/common.py
+++ b/openstack/common/rpc/common.py
@@ -269,6 +269,10 @@ def _safe_log(log_func, msg, msg_data):
                 d[k] = '<SANITIZED>'
             elif k.lower() in SANITIZE:
                 d[k] = '<SANITIZED>'
+            elif isinstance(d[k], list):
+                for e in d[k]:
+                    if isinstance(e, dict):
+                        _fix_passwords(e)
             elif isinstance(d[k], dict):
                 _fix_passwords(d[k])
         return d
diff --git a/tests/unit/rpc/test_common.py b/tests/unit/rpc/test_common.py
index 582bd8a57..9e7f4e54f 100644
--- a/tests/unit/rpc/test_common.py
+++ b/tests/unit/rpc/test_common.py
@@ -367,6 +367,17 @@ class RpcCommonTestCase(test.BaseTestCase):
                          'dest_cell_name': 'cell!0001'}}
         rpc_common._safe_log(logger_method, 'foo', data)
 
+    def test_safe_log_sanitizes_any_password_in_list_of_dicts(self):
+        def logger_method(msg, data):
+            self.assertEqual('<SANITIZED>', data['users'][0]['_password'])
+            self.assertEqual('<SANITIZED>', data['users'][1]['_password'])
+
+        users = [{'_host': '%', '_password': 'passw0rd', '_name': 'mydb'},
+                 {'_host': '%', '_password': 'secret', '_name': 'newdb'}]
+        data = {'_request_id': 'req-44adf4ac-12bb-44c5-be3d-da2cc73b2e05',
+                'users': users}
+        rpc_common._safe_log(logger_method, 'foo', data)
+
     def test_version_is_compatible_same(self):
         self.assertTrue(rpc_common.version_is_compatible('1.23', '1.23'))