diff --git a/vmware_nsxlib/v3/client.py b/vmware_nsxlib/v3/client.py
index b3754cc4..3e4d7bec 100644
--- a/vmware_nsxlib/v3/client.py
+++ b/vmware_nsxlib/v3/client.py
@@ -224,7 +224,8 @@ class RESTClient(object):
         if not silent:
 
             LOG.debug("REST call: %s %s. Headers: %s. Body: %s",
-                      method, request_url, request_headers,
+                      method, request_url,
+                      utils.censor_headers(request_headers),
                       self._mask_password(body))
 
         ts = time.time()
diff --git a/vmware_nsxlib/v3/cluster.py b/vmware_nsxlib/v3/cluster.py
index a712d483..ccf904ab 100644
--- a/vmware_nsxlib/v3/cluster.py
+++ b/vmware_nsxlib/v3/cluster.py
@@ -323,7 +323,9 @@ class NSXRequestsHTTPProvider(AbstractHTTPProvider):
                             resp.headers[header_name])
                 LOG.info("Session create succeeded for endpoint %(url)s with "
                          "headers %(hdr)s",
-                         {'url': provider.url, 'hdr': session.default_headers})
+                         {'url': provider.url,
+                          'hdr':
+                          utils.censor_headers(session.default_headers)})
 
 
 class NSXHTTPAdapter(adapters.HTTPAdapter):
diff --git a/vmware_nsxlib/v3/utils.py b/vmware_nsxlib/v3/utils.py
index 62c0d55a..dfcc12e7 100644
--- a/vmware_nsxlib/v3/utils.py
+++ b/vmware_nsxlib/v3/utils.py
@@ -62,6 +62,18 @@ def set_inject_headers_callback(callback):
     INJECT_HEADERS_CALLBACK = callback
 
 
+def censor_headers(headers):
+    censored_headers = ['authorization']
+    result = {}
+    for name, value in headers.items():
+        if name.lower() in censored_headers:
+            result[name] = '--- CENSORED ---'
+        else:
+            result[name] = value
+
+    return result
+
+
 def _update_resource_length(length):
     global MAX_RESOURCE_TYPE_LEN
     MAX_RESOURCE_TYPE_LEN = length