diff --git a/cinderclient/client.py b/cinderclient/client.py
index 71d2a42b0..0f1ce0f1a 100644
--- a/cinderclient/client.py
+++ b/cinderclient/client.py
@@ -23,6 +23,7 @@ from __future__ import print_function
 import logging
 
 from cinderclient import exceptions
+from cinderclient.openstack.common import strutils
 from cinderclient import utils
 
 from keystoneclient import access
@@ -235,7 +236,11 @@ class HTTPClient(CinderClientMixin):
             string_parts.append(header)
 
         if 'data' in kwargs:
-            string_parts.append(" -d '%s'" % (kwargs['data']))
+            if "password" in kwargs['data']:
+                data = strutils.mask_password(kwargs['data'])
+            else:
+                data = kwargs['data']
+            string_parts.append(" -d '%s'" % (data))
         self._logger.debug("\nREQ: %s\n" % "".join(string_parts))
 
     def http_log_resp(self, resp):
diff --git a/cinderclient/tests/test_client.py b/cinderclient/tests/test_client.py
index 47c4c6977..f81cf3dde 100644
--- a/cinderclient/tests/test_client.py
+++ b/cinderclient/tests/test_client.py
@@ -11,6 +11,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import logging
+
+import fixtures
 
 import cinderclient.client
 import cinderclient.v1.client
@@ -31,3 +34,30 @@ class ClientTest(utils.TestCase):
     def test_get_client_class_unknown(self):
         self.assertRaises(cinderclient.exceptions.UnsupportedVersion,
                           cinderclient.client.get_client_class, '0')
+
+    def test_log_req(self):
+        self.logger = self.useFixture(
+            fixtures.FakeLogger(
+                format="%(message)s",
+                level=logging.DEBUG,
+                nuke_handlers=True
+            )
+        )
+
+        kwargs = {}
+        kwargs['headers'] = {"X-Foo": "bar"}
+        kwargs['data'] = ('{"auth": {"tenantName": "fakeService",'
+                          ' "passwordCredentials": {"username": "fakeUser",'
+                          ' "password": "fakePassword"}}}')
+
+        cs = cinderclient.client.HTTPClient("user", None, None,
+                                            "http://127.0.0.1:5000")
+        cs.http_log_debug = True
+        cs.http_log_req('PUT', kwargs)
+
+        output = self.logger.output.split('\n')
+
+        print("JSBRYANT: output is", output)
+
+        self.assertNotIn("fakePassword", output[1])
+        self.assertIn("fakeUser", output[1])