diff --git a/misc/python/materialize/cli/mzcompose.py b/misc/python/materialize/cli/mzcompose.py
index 1f6b0b0c6d0a7..0e54cad23e940 100644
--- a/misc/python/materialize/cli/mzcompose.py
+++ b/misc/python/materialize/cli/mzcompose.py
@@ -49,7 +49,7 @@
 from materialize.mzcompose.services.sql_server import SqlServer
 from materialize.mzcompose.test_result import TestResult
 from materialize.ui import UIError
-from materialize.util import filter_cmd
+from materialize.util import redact_secrets
 
 RECOMMENDED_MIN_MEM = 7 * 1024**3  # 7GiB
 RECOMMENDED_MIN_CPUS = 2
@@ -945,7 +945,7 @@ def write_junit_report_to_file(self, junit_suite: junit_xml.TestSuite) -> Path:
             for obj in test_case.errors + test_case.failures + test_case.skipped:
                 for typ in ("message", "output"):
                     if obj[typ]:
-                        obj[typ] = " ".join(filter_cmd(obj[typ].split(" ")))
+                        obj[typ] = redact_secrets(obj[typ])
         junit_report = ci_util.junit_report_filename("mzcompose")
         with junit_report.open("w") as f:
             junit_xml.to_xml_report_file(f, [junit_suite])
diff --git a/misc/python/materialize/util.py b/misc/python/materialize/util.py
index 3b169f693fef9..c6a112cf61e5d 100644
--- a/misc/python/materialize/util.py
+++ b/misc/python/materialize/util.py
@@ -16,6 +16,7 @@
 import os
 import pathlib
 import random
+import re
 import subprocess
 from collections.abc import Iterator
 from dataclasses import dataclass
@@ -237,3 +238,16 @@ def filter_cmd(args: list[str]) -> list[str]:
         )
         for arg in args
     ]
+
+
+def redact_secrets(text: str) -> str:
+    text = re.sub(
+        r"-----BEGIN [A-Z ]+-----.*?-----END [A-Z ]+-----",
+        "[REDACTED]",
+        text,
+        flags=re.DOTALL,
+    )
+    for secret in FILTERED_ARGS:
+        if secret in text:
+            text = re.sub(re.escape(secret) + r"\S*", "[REDACTED]", text)
+    return text