diff --git a/CHANGELOG b/CHANGELOG
index c243920283c7658fceee5ad2a71432aaa24f8495..84a6702907f87048ee02e53426ee8f638398935c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ v 8.13.0 (unreleased)
 
 v 8.12.4 (unreleased)
   - Set GitLab project exported file permissions to owner only
+  - Don't send Private-Token (API authentication) headers to Sentry
 
 v 8.12.2 (unreleased)
   - Fix Import/Export not recognising correctly the imported services.
diff --git a/Gemfile b/Gemfile
index 21b31e8f01db4f60f8720f67d67e15ebe5c82a03..921554286c324552525cfbea13a99c9cfa54f608 100644
--- a/Gemfile
+++ b/Gemfile
@@ -233,7 +233,7 @@ gem 'net-ssh',            '~> 3.0.1'
 gem 'base32',             '~> 0.3.0'
 
 # Sentry integration
-gem 'sentry-raven', '~> 1.1.0'
+gem 'sentry-raven', '~> 2.0.0'
 
 gem 'premailer-rails', '~> 1.9.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 1db8c9dd8c8b5bbfc1f6f5df6721fb559e8b045d..66e566de3c168818d07ee6ed6a2db7eadff3e63e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -664,8 +664,8 @@ GEM
       activesupport (>= 3.1)
     select2-rails (3.5.9.3)
       thor (~> 0.14)
-    sentry-raven (1.1.0)
-      faraday (>= 0.7.6)
+    sentry-raven (2.0.2)
+      faraday (>= 0.7.6, < 0.10.x)
     settingslogic (2.0.9)
     sexp_processor (4.7.0)
     sham_rack (1.3.6)
@@ -950,7 +950,7 @@ DEPENDENCIES
   sdoc (~> 0.3.20)
   seed-fu (~> 2.3.5)
   select2-rails (~> 3.5.9)
-  sentry-raven (~> 1.1.0)
+  sentry-raven (~> 2.0.0)
   settingslogic (~> 2.0.9)
   sham_rack (~> 1.3.6)
   shoulda-matchers (~> 2.8.0)
diff --git a/config/application.rb b/config/application.rb
index 4792f6670a817636c44692f78633ed3d2bea39bd..f5c900da8cf8deb0febf771db8573dd1c1f6d2f0 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -50,6 +50,7 @@ class Application < Rails::Application
     # - Build variables (:variables)
     # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
     # - Webhook URLs (:hook)
+    # - GitLab-shell secret token (:secret_token)
     # - Sentry DSN (:sentry_dsn)
     # - Deploy keys (:key)
     config.filter_parameters += %i(
@@ -62,6 +63,7 @@ class Application < Rails::Application
       password
       password_confirmation
       private_token
+      secret_token
       sentry_dsn
       variables
     )
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 5892c1de024190331922c7eeded4b78152acfdd7..4f30d1265c89e118f4438388295ccbd16599eed3 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -18,6 +18,8 @@
       
       # Sanitize fields based on those sanitized from Rails.
       config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
+      # Sanitize authentication headers
+      config.sanitize_http_headers = %w[Authorization Private-Token]
       config.tags = { program: Gitlab::Sentry.program_context }
     end
   end