diff --git a/manifests/proxy/tempauth_account.pp b/manifests/proxy/tempauth_account.pp
index 1f48b4f1..f80cc41a 100644
--- a/manifests/proxy/tempauth_account.pp
+++ b/manifests/proxy/tempauth_account.pp
@@ -19,7 +19,7 @@ define swift::proxy::tempauth_account() {
   $account_data = strip(split($title,','))
   if $account_data[0] != '' {
     swift_proxy_config {
-      "filter:tempauth/${account_data[0]}": value => $account_data[1];
+      "filter:tempauth/${account_data[0]}": value => $account_data[1], secret => true;
     }
   }
 }
diff --git a/spec/classes/swift_proxy_tempauth_spec.rb b/spec/classes/swift_proxy_tempauth_spec.rb
index ccf1eadf..04e3e321 100644
--- a/spec/classes/swift_proxy_tempauth_spec.rb
+++ b/spec/classes/swift_proxy_tempauth_spec.rb
@@ -7,7 +7,7 @@ describe 'swift::proxy::tempauth' do
         {
           'user'    => 'admin',
           'account' => 'admin',
-          'key'     => 'admin',
+          'key'     => 'adminpass',
           'groups'  => [ 'admin', 'reseller_admin' ],
         },
       ]
@@ -17,7 +17,7 @@ describe 'swift::proxy::tempauth' do
     let :params do default_params end
 
     it { is_expected.to contain_swift_proxy_config('filter:tempauth/use').with_value('egg:swift#tempauth') }
-    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
+    it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
 
     it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/reseller_prefix').with_value('') }
     it { is_expected.to_not contain_swift_proxy_config('filter:tempauth/token_life').with_value('') }
@@ -30,7 +30,7 @@ describe 'swift::proxy::tempauth' do
           {
             'user'    => 'admin',
             'account' => 'admin',
-            'key'     => 'admin',
+            'key'     => 'adminpass',
             'groups'  => [ 'admin', 'reseller_admin' ],
           },
           {
@@ -42,8 +42,8 @@ describe 'swift::proxy::tempauth' do
         ]
       } end
 
-      it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
-      it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin') }
+      it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
+      it { is_expected.to contain_swift_proxy_config('filter:tempauth/user_bar_foo').with_value('pass .reseller_admin').with_secret(true) }
     end
 
     context 'when group is empty' do
diff --git a/spec/defines/swift_proxy_tempauth_account_spec.rb b/spec/defines/swift_proxy_tempauth_account_spec.rb
index 8c2ce68c..4a6ec384 100644
--- a/spec/defines/swift_proxy_tempauth_account_spec.rb
+++ b/spec/defines/swift_proxy_tempauth_account_spec.rb
@@ -3,11 +3,11 @@ require 'spec_helper'
 describe 'swift::proxy::tempauth_account' do
   shared_examples 'swift::proxy::tempauth_account' do
     let :title do
-      '    user_admin_admin,    admin .admin .reseller_admin'
+      '    user_admin_admin,    adminpass .admin .reseller_admin'
     end
 
     describe 'when passing in a string containing "user_<account>_<user>, <key> .<group1> .<groupx>"' do
-      it { should contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('admin .admin .reseller_admin') }
+      it { should contain_swift_proxy_config('filter:tempauth/user_admin_admin').with_value('adminpass .admin .reseller_admin').with_secret(true) }
     end
   end