diff --git a/roles/generate-cert/tasks/main.yml b/roles/generate-cert/tasks/main.yml
index 31a1a2a..9afa09a 100644
--- a/roles/generate-cert/tasks/main.yml
+++ b/roles/generate-cert/tasks/main.yml
@@ -69,6 +69,7 @@
     dest: "/tmp/ansible_hacky_pki_ca.key"
     mode: u=rw,g=,o=
   delegate_to: localhost
+  no_log: yes
   when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
 
 - name: Sign the certificate
@@ -91,6 +92,7 @@
     owner: "{{ owner | default('root') }}"
     group: "{{ group | default('root') }}"
     mode: "{{ key_mode | default('u=rw,g=,o=') }}"
+  no_log: yes
   when: force_renewal or (not key_file.stat.exists) or (not cert_file.stat.exists) or (not validity.valid_at.renewal)
 
 - name: Send certificate to the server