diff --git a/crates/store/src/auth/toml_user_store.rs b/crates/store/src/auth/toml_user_store.rs
index db954f4..413941b 100644
--- a/crates/store/src/auth/toml_user_store.rs
+++ b/crates/store/src/auth/toml_user_store.rs
@@ -89,7 +89,7 @@ impl AuthenticationProvider for TomlPrincipalStore {
             None => return Ok(None),
         };
 
-        if password_auth::verify_password(password_input, password).is_ok() {
+        if password_auth::verify_password(password_input, password.as_ref()).is_ok() {
             return Ok(Some(user));
         }
         Ok(None)
@@ -102,7 +102,7 @@ impl AuthenticationProvider for TomlPrincipalStore {
         };
 
         for app_token in &user.app_tokens {
-            if password_auth::verify_password(token, &app_token.token).is_ok() {
+            if password_auth::verify_password(token, app_token.token.as_ref()).is_ok() {
                 return Ok(Some(user));
             }
         }
@@ -135,7 +135,7 @@ impl AuthenticationProvider for TomlPrincipalStore {
                 .to_string();
             principal.app_tokens.push(AppToken {
                 name,
-                token: token_hash,
+                token: token_hash.into(),
                 created_at: Some(chrono::Utc::now()),
                 id: id.clone(),
             });
diff --git a/crates/store/src/auth/user.rs b/crates/store/src/auth/user.rs
index 7c34bdc..42ef42a 100644
--- a/crates/store/src/auth/user.rs
+++ b/crates/store/src/auth/user.rs
@@ -9,6 +9,8 @@ use rustical_xml::ValueSerialize;
 use serde::{Deserialize, Serialize};
 use std::future::{Ready, ready};
 
+use crate::Secret;
+
 /// https://datatracker.ietf.org/doc/html/rfc5545#section-3.2.3
 #[derive(Debug, Clone, Deserialize, Serialize, Default, PartialEq)]
 #[serde(rename_all = "lowercase")]
@@ -39,7 +41,7 @@ impl ValueSerialize for PrincipalType {
 pub struct AppToken {
     pub id: String,
     pub name: String,
-    pub token: String,
+    pub token: Secret<String>,
     pub created_at: Option<DateTime<Utc>>,
 }
 
@@ -51,7 +53,7 @@ pub struct User {
     pub displayname: Option<String>,
     #[serde(default)]
     pub principal_type: PrincipalType,
-    pub password: Option<String>,
+    pub password: Option<Secret<String>>,
     #[serde(default)]
     pub app_tokens: Vec<AppToken>,
     #[serde(default)]
diff --git a/crates/store/src/lib.rs b/crates/store/src/lib.rs
index 081caea..fa64f0e 100644
--- a/crates/store/src/lib.rs
+++ b/crates/store/src/lib.rs
@@ -6,12 +6,14 @@ pub use error::Error;
 pub mod auth;
 pub mod calendar;
 mod contact_birthday_store;
+mod secret;
 mod subscription_store;
 pub mod synctoken;
 
 pub use addressbook_store::AddressbookStore;
 pub use calendar_store::CalendarStore;
 pub use contact_birthday_store::ContactBirthdayStore;
+pub use secret::Secret;
 pub use subscription_store::*;
 
 pub use addressbook::{AddressObject, Addressbook};
diff --git a/crates/store/src/secret.rs b/crates/store/src/secret.rs
new file mode 100644
index 0000000..e82679d
--- /dev/null
+++ b/crates/store/src/secret.rs
@@ -0,0 +1,12 @@
+use derive_more::{AsRef, From};
+use serde::{Deserialize, Serialize};
+
+/// Wrapper type to prevent secrets from accidentally getting leaked into traces
+#[derive(From, Clone, Deserialize, Serialize, AsRef)]
+pub struct Secret<T>(pub T);
+
+impl<T> std::fmt::Debug for Secret<T> {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str("Secret")
+    }
+}