diff --git a/api/server/middleware/debug.go b/api/server/middleware/debug.go
index 2cef1d46c3..31165bf918 100644
--- a/api/server/middleware/debug.go
+++ b/api/server/middleware/debug.go
@@ -71,9 +71,22 @@ func maskSecretKeys(inp interface{}, path string) {
 	}
 
 	if form, ok := inp.(map[string]interface{}); ok {
+		scrub := []string{
+			// Note: The Data field contains the base64-encoded secret in 'secret'
+			// and 'config' create and update requests. Currently, no other POST
+			// API endpoints use a data field, so we scrub this field unconditionally.
+			// Change this handling to be conditional if a new endpoint is added
+			// in future where this field should not be scrubbed.
+			"data",
+			"jointoken",
+			"password",
+			"secret",
+			"signingcakey",
+			"unlockkey",
+		}
 	loop0:
 		for k, v := range form {
-			for _, m := range []string{"password", "secret", "jointoken", "unlockkey", "signingcakey"} {
+			for _, m := range scrub {
 				if strings.EqualFold(m, k) {
 					form[k] = "*****"
 					continue loop0
@@ -81,14 +94,5 @@ func maskSecretKeys(inp interface{}, path string) {
 			}
 			maskSecretKeys(v, path)
 		}
-
-		// Route-specific redactions
-		if strings.HasSuffix(path, "/secrets/create") {
-			for k := range form {
-				if k == "Data" {
-					form[k] = "*****"
-				}
-			}
-		}
 	}
 }
diff --git a/api/server/middleware/debug_test.go b/api/server/middleware/debug_test.go
index e19a0ced2f..361273feda 100644
--- a/api/server/middleware/debug_test.go
+++ b/api/server/middleware/debug_test.go
@@ -32,6 +32,24 @@ func TestMaskSecretKeys(t *testing.T) {
 			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
 			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
 		},
+		{
+			doc:      "secret update with API version",
+			path:     "/v1.30/secrets/mysecret/update",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+		{
+			doc:      "secret update with API version and trailing slashes",
+			path:     "/v1.30/secrets/mysecret/update//",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
+		{
+			doc:      "secret update with query parameter",
+			path:     "/secrets/mysecret/update?version=34",
+			input:    map[string]interface{}{"Data": "foo", "Name": "name", "Labels": map[string]interface{}{}},
+			expected: map[string]interface{}{"Data": "*****", "Name": "name", "Labels": map[string]interface{}{}},
+		},
 		{
 			doc:  "other paths with API version",
 			path: "/v1.30/some/other/path",