diff --git a/lib/core/controlplane.rb b/lib/core/controlplane.rb
index 0b5e0227..a9f51973 100644
--- a/lib/core/controlplane.rb
+++ b/lib/core/controlplane.rb
@@ -23,9 +23,10 @@ def profile_exists?(profile)
   end
 
   def profile_create(profile, token)
+    sensitive_data_pattern = /(?<=--token )(\S+)/
     cmd = "cpln profile create #{profile} --token #{token}"
     cmd += " > /dev/null" if Shell.should_hide_output?
-    perform!(cmd)
+    perform!(cmd, sensitive_data_pattern: sensitive_data_pattern)
   end
 
   def profile_delete(profile)
@@ -346,8 +347,8 @@ def perform(cmd)
     system(cmd)
   end
 
-  def perform!(cmd)
-    Shell.debug("CMD", cmd)
+  def perform!(cmd, sensitive_data_pattern: nil)
+    Shell.debug("CMD", cmd, sensitive_data_pattern: sensitive_data_pattern)
 
     system(cmd) || exit(false)
   end
diff --git a/lib/core/shell.rb b/lib/core/shell.rb
index 9595f322..3417c3ee 100644
--- a/lib/core/shell.rb
+++ b/lib/core/shell.rb
@@ -55,11 +55,33 @@ def self.verbose_mode(verbose)
     @verbose = verbose
   end
 
-  def self.debug(prefix, message)
-    stderr.puts("\n[#{color(prefix, :red)}] #{message}") if verbose
+  def self.debug(prefix, message, sensitive_data_pattern: nil)
+    return unless verbose
+
+    filtered_message = hide_sensitive_data(message, sensitive_data_pattern)
+    stderr.puts("\n[#{color(prefix, :red)}] #{filtered_message}")
   end
 
   def self.should_hide_output?
     tmp_stderr && !verbose
   end
+
+  #
+  # Hide sensitive data based on the passed pattern
+  #
+  # @param [String] message
+  #   The message to get processed.
+  # @param [Regexp, nil] pattern
+  #   The regular expression to be used. If not provided, no filter gets applied.
+  #
+  # @return [String]
+  #   Filtered message.
+  #
+  # @example
+  #   hide_sensitive_data("--token abcd", /(?<=--token )(\S+)/)
+  def self.hide_sensitive_data(message, pattern = nil)
+    return message unless pattern.is_a?(Regexp)
+
+    message.gsub(pattern, "XXXXXXX")
+  end
 end