diff --git a/pkg/cmd/openshift-tests/run-upgrade/options.go b/pkg/cmd/openshift-tests/run-upgrade/options.go
index 34f30c4db519..2d72aeebc037 100644
--- a/pkg/cmd/openshift-tests/run-upgrade/options.go
+++ b/pkg/cmd/openshift-tests/run-upgrade/options.go
@@ -72,7 +72,10 @@ func (o *RunUpgradeSuiteOptions) UpgradeTestPreSuite() error {
 	if err := clusterdiscovery.InitializeTestFramework(exutil.TestContext, config, o.GinkgoRunSuiteOptions.DryRun); err != nil {
 		return err
 	}
-	klog.V(4).Infof("Loaded test configuration: %#v", exutil.TestContext)
+	// Redact the bearer token exposure
+	testContextString := fmt.Sprintf("%#v", exutil.TestContext)
+	redactedTestContext := exutil.RedactBearerToken(testContextString)
+	klog.V(4).Infof("Loaded test configuration: %s", redactedTestContext)
 
 	return nil
 }
diff --git a/pkg/test/extensions/binary.go b/pkg/test/extensions/binary.go
index ec1a668b99cb..a13aaa10824e 100644
--- a/pkg/test/extensions/binary.go
+++ b/pkg/test/extensions/binary.go
@@ -105,7 +105,10 @@ func InitializeOpenShiftTestsExtensionFramework() (*extension.Registry, *extensi
 		if err := clusterdiscovery.InitializeTestFramework(exutil.TestContext, config, false); err != nil {
 			panic(err)
 		}
-		klog.V(4).Infof("Loaded test configuration: %#v", exutil.TestContext)
+		// Redact the bearer token exposure
+		testContextString := fmt.Sprintf("%#v", exutil.TestContext)
+		redactedTestContext := exutil.RedactBearerToken(testContextString)
+		klog.V(4).Infof("Loaded test configuration: %s", redactedTestContext)
 
 		exutil.TestContext.ReportDir = os.Getenv("TEST_JUNIT_DIR")
 
diff --git a/test/extended/util/client.go b/test/extended/util/client.go
index 5e034dd6261e..eaafeda8bf78 100644
--- a/test/extended/util/client.go
+++ b/test/extended/util/client.go
@@ -1040,13 +1040,10 @@ func (c *CLI) start(stdOutBuff, stdErrBuff *bytes.Buffer) (*exec.Cmd, error) {
 	return cmd, err
 }
 
+var reToken = regexp.MustCompile(`(?i)(Authorization:\s*Bearer\s+)[^\s"]+|((BearerToken:\s*")[^"]+)`)
+
 func RedactBearerToken(args string) string {
-	if strings.Contains(args, "Authorization: Bearer") {
-		// redact bearer token
-		re := regexp.MustCompile(`Authorization:\s+Bearer.*\s+`)
-		args = re.ReplaceAllString(args, "Authorization: Bearer <redacted> ")
-	}
-	return args
+	return reToken.ReplaceAllString(args, `${1}${3}<redacted>`)
 }
 
 // getStartingIndexForLastN calculates a byte offset in a byte slice such that when using