diff --git a/apps/webhooks/lib/Controller/WebhooksController.php b/apps/webhooks/lib/Controller/WebhooksController.php
index f61e4584305..e3df0897bbe 100644
--- a/apps/webhooks/lib/Controller/WebhooksController.php
+++ b/apps/webhooks/lib/Controller/WebhooksController.php
@@ -98,6 +98,7 @@ class WebhooksController extends OCSController {
 		?array $eventFilter,
 		?array $headers,
 		?string $authMethod,
+		#[\SensitiveParameter]
 		?array $authData,
 	): DataResponse {
 		$appId = null;
@@ -157,6 +158,7 @@ class WebhooksController extends OCSController {
 		?array $eventFilter,
 		?array $headers,
 		?string $authMethod,
+		#[\SensitiveParameter]
 		?array $authData,
 	): DataResponse {
 		$appId = null;
diff --git a/apps/webhooks/lib/Db/WebhookListener.php b/apps/webhooks/lib/Db/WebhookListener.php
index 4781454fc1a..c4053b5ba7b 100644
--- a/apps/webhooks/lib/Db/WebhookListener.php
+++ b/apps/webhooks/lib/Db/WebhookListener.php
@@ -76,7 +76,10 @@ class WebhookListener extends Entity implements \JsonSerializable {
 		return json_decode($this->crypto->decrypt($this->getAuthData()), associative:true, flags:JSON_THROW_ON_ERROR);
 	}
 
-	public function setAuthDataClear(?array $data): void {
+	public function setAuthDataClear(
+		#[\SensitiveParameter]
+		?array $data
+	): void {
 		if ($data === null) {
 			if ($this->getAuthMethodEnum() === AuthMethod::Header) {
 				throw new \UnexpectedValueException('Header auth method needs an associative array of headers as auth data');
diff --git a/apps/webhooks/lib/Db/WebhookListenerMapper.php b/apps/webhooks/lib/Db/WebhookListenerMapper.php
index 7d7360431dc..4094b5e2679 100644
--- a/apps/webhooks/lib/Db/WebhookListenerMapper.php
+++ b/apps/webhooks/lib/Db/WebhookListenerMapper.php
@@ -79,6 +79,7 @@ class WebhookListenerMapper extends QBMapper {
 		?array $eventFilter,
 		?array $headers,
 		AuthMethod $authMethod,
+		#[\SensitiveParameter]
 		?array $authData,
 	): WebhookListener {
 		/* Remove any superfluous antislash */
@@ -116,6 +117,7 @@ class WebhookListenerMapper extends QBMapper {
 		?array $eventFilter,
 		?array $headers,
 		AuthMethod $authMethod,
+		#[\SensitiveParameter]
 		?array $authData,
 	): WebhookListener {
 		/* Remove any superfluous antislash */