Since Spring Boot is using logback for logging, you can overwrite the default logback pattern by your own patternLayout, masking your password properties. This approach also applies to any other log output (e.g. toString methods) according to defined RegEx pattern.

see https://www.baeldung.com/logback-mask-sensitive-data for example.