diff --git a/docs/apache-airflow/security/secrets/mask-sensitive-values.rst b/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
index a7d48b20ad3ba..913fc124731ff 100644
--- a/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
+++ b/docs/apache-airflow/security/secrets/mask-sensitive-values.rst
@@ -38,7 +38,8 @@ Sensitive field names
 When masking is enabled, Airflow will always mask the password field of every Connection that is accessed by a
 task.
 
-It will also mask the value of a Variable, or the field of a Connection's extra JSON blob if the name contains
+It will also mask the value of a Variable, rendered template dictionaries, XCom dictionaries or the
+field of a Connection's extra JSON blob if the name contains
 any words in ('access_token', 'api_key', 'apikey', 'authorization', 'passphrase', 'passwd',
 'password', 'private_key', 'secret', 'token'). This list can also be extended: