diff --git a/backend/src/server/plugins.ts b/backend/src/server/plugins.ts
index 0bb5f9f98..ac23e948e 100644
--- a/backend/src/server/plugins.ts
+++ b/backend/src/server/plugins.ts
@@ -1,7 +1,15 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 
-import { ApolloLogPlugin } from 'apollo-log'
+import { ApolloLogPlugin, LogMutateData } from 'apollo-log'
+
+const copyInstance = (instance: any) => {
+  const data = Object.assign(
+    Object.create(Object.getPrototypeOf(instance)),
+    JSON.parse(JSON.stringify(instance)),
+  )
+  return data
+}
 
 const plugins = [
   {
@@ -21,7 +29,22 @@ const plugins = [
       }
     },
   },
-  ApolloLogPlugin(),
+  ApolloLogPlugin({
+    mutate: (data: LogMutateData) => {
+      // We need to deep clone the object in order to not modify the actual request
+      const data2 = copyInstance(data)
+
+      // mask password if part of the query
+      if (data2.context.request.variables && data2.context.request.variables.password) {
+        data2.context.request.variables.password = '***'
+      }
+
+      // mask token at all times
+      data2.context.context.token = '***'
+
+      return data2
+    },
+  }),
 ]
 
 export default plugins