diff --git a/src/auth.rs b/src/auth.rs
index 9406335..8d584a3 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -7,7 +7,7 @@ use rand::{
     distributions::{Alphanumeric, DistString},
     thread_rng,
 };
-use secrecy::{ExposeSecret, SecretVec};
+use secrecy::ExposeSecret;
 use thiserror::Error;
 use time::{macros::format_description, OffsetDateTime};
 use tokio::sync::Mutex;
@@ -15,7 +15,9 @@ use tracing::{event, instrument, Level};
 
 use crate::{
     db::{/* Database, */ Database, SqliteDatabase},
-    secrets::{Password, ServerHash, ServerPadlock, UserServerKey, UserToken},
+    secrets::{
+        PadlockGenerationSecret, Password, ServerHash, ServerPadlock, UserServerKey, UserToken,
+    },
 };
 
 #[derive(Debug, Error)]
@@ -75,7 +77,7 @@ impl UserAuthenticator {
 }
 
 pub struct ServerPadlockGenerator {
-    secret: SecretVec<u8>,
+    secret: PadlockGenerationSecret,
 }
 
 impl ServerPadlockGenerator {
diff --git a/src/secrets.rs b/src/secrets.rs
index 6db2f96..1c5aa31 100644
--- a/src/secrets.rs
+++ b/src/secrets.rs
@@ -1,4 +1,6 @@
-use secrecy::SecretString;
+use std::fmt::Debug;
+
+use secrecy::{ExposeSecret, SecretString, SecretVec};
 use serde::{Deserialize, Serialize};
 
 #[derive(Debug, Clone, Deserialize)]
@@ -35,3 +37,17 @@ impl From<String> for ServerPadlock {
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct ServerHash(pub Vec<u8>);
+
+pub struct PadlockGenerationSecret(pub SecretVec<u8>);
+impl Debug for PadlockGenerationSecret {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_tuple("PadlockGenerationSecret")
+            .field(&"[REDACTED Vec<u8>]")
+            .finish()
+    }
+}
+impl Clone for PadlockGenerationSecret {
+    fn clone(&self) -> Self {
+        PadlockGenerationSecret(self.0.expose_secret().clone().into())
+    }
+}