diff --git a/cmd/argocd-util/main.go b/cmd/argocd-util/main.go
index 8303bb6af2..1d5c4b13f5 100644
--- a/cmd/argocd-util/main.go
+++ b/cmd/argocd-util/main.go
@@ -8,7 +8,6 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
-	"regexp"
 	"syscall"
 
 	"github.com/ghodss/yaml"
@@ -561,9 +560,36 @@ func NewClusterConfig() *cobra.Command {
 	return command
 }
 
+func iterateStringFields(obj interface{}, callback func(name string, val string) string) {
+	if mapField, ok := obj.(map[string]interface{}); ok {
+		for field, val := range mapField {
+			if strVal, ok := val.(string); ok {
+				mapField[field] = callback(field, strVal)
+			} else {
+				iterateStringFields(val, callback)
+			}
+		}
+	} else if arrayField, ok := obj.([]interface{}); ok {
+		for i := range arrayField {
+			iterateStringFields(arrayField[i], callback)
+		}
+	}
+}
+
 func redactor(dirtyString string) string {
-	dirtyString = regexp.MustCompile("(clientSecret: )[^ \n]*").ReplaceAllString(dirtyString, "$1********")
-	return regexp.MustCompile("(secret: )[^ \n]*").ReplaceAllString(dirtyString, "$1********")
+	config := make(map[string]interface{})
+	err := yaml.Unmarshal([]byte(dirtyString), &config)
+	errors.CheckError(err)
+	iterateStringFields(config, func(name string, val string) string {
+		if name == "clientSecret" || name == "secret" {
+			return "********"
+		} else {
+			return val
+		}
+	})
+	data, err := yaml.Marshal(config)
+	errors.CheckError(err)
+	return string(data)
 }
 
 func main() {
diff --git a/cmd/argocd-util/main_test.go b/cmd/argocd-util/main_test.go
index dc7801ecf3..155bf2c383 100644
--- a/cmd/argocd-util/main_test.go
+++ b/cmd/argocd-util/main_test.go
@@ -7,9 +7,11 @@ import (
 )
 
 var textToRedact = `
+connectors:
 - config:
     clientID: aabbccddeeff00112233
-    clientSecret: $dex.github.clientSecret
+    clientSecret: |
+      theSecret
     orgs:
     - name: your-github-org
     redirectURI: https://argocd.example.com/api/dex/callback
@@ -37,10 +39,10 @@ storage:
 web:
   http: 0.0.0.0:5556`
 
-var expectedRedaction = `
+var expectedRedaction = `connectors:
 - config:
     clientID: aabbccddeeff00112233
-    clientSecret: ********
+    clientSecret: '********'
     orgs:
     - name: your-github-org
     redirectURI: https://argocd.example.com/api/dex/callback
@@ -57,7 +59,7 @@ staticClients:
   name: Argo CD
   redirectURIs:
   - https://argocd.example.com/auth/callback
-  secret: ********
+  secret: '********'
 - id: argo-cd-cli
   name: Argo CD CLI
   public: true
@@ -66,7 +68,8 @@ staticClients:
 storage:
   type: memory
 web:
-  http: 0.0.0.0:5556`
+  http: 0.0.0.0:5556
+`
 
 func TestSecretsRedactor(t *testing.T) {
 	assert.Equal(t, expectedRedaction, redactor(textToRedact))