diff --git a/pkg/api/openshiftcluster.go b/pkg/api/openshiftcluster.go
index 0826520d0bb..0dfe0d874fe 100644
--- a/pkg/api/openshiftcluster.go
+++ b/pkg/api/openshiftcluster.go
@@ -258,12 +258,13 @@ type OIDCIssuer string
 type ClusterProfile struct {
 	MissingFields
 
-	PullSecret           SecureString         `json:"pullSecret,omitempty"`
-	Domain               string               `json:"domain,omitempty"`
-	Version              string               `json:"version,omitempty"`
-	ResourceGroupID      string               `json:"resourceGroupId,omitempty"`
-	FipsValidatedModules FipsValidatedModules `json:"fipsValidatedModules,omitempty"`
-	OIDCIssuer           OIDCIssuer           `json:"oidcIssuer,omitempty"`
+	PullSecret                    SecureString         `json:"pullSecret,omitempty"`
+	Domain                        string               `json:"domain,omitempty"`
+	Version                       string               `json:"version,omitempty"`
+	ResourceGroupID               string               `json:"resourceGroupId,omitempty"`
+	FipsValidatedModules          FipsValidatedModules `json:"fipsValidatedModules,omitempty"`
+	OIDCIssuer                    OIDCIssuer           `json:"oidcIssuer,omitempty"`
+	BoundServiceAccountSigningKey SecureString         `json:"boundServiceAccountSigningKey,omitempty"`
 }
 
 // FeatureProfile represents a feature profile.
diff --git a/pkg/frontend/asyncoperationresult_get.go b/pkg/frontend/asyncoperationresult_get.go
index 550673d8127..2aa2d0589d6 100644
--- a/pkg/frontend/asyncoperationresult_get.go
+++ b/pkg/frontend/asyncoperationresult_get.go
@@ -67,6 +67,7 @@ func (f *frontend) _getAsyncOperationResult(ctx context.Context, r *http.Request
 	if asyncdoc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil {
 		asyncdoc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = ""
 	}
+	asyncdoc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = ""
 
 	return json.MarshalIndent(converter.ToExternal(asyncdoc.OpenShiftCluster), "", "    ")
 }
diff --git a/pkg/frontend/openshiftcluster_get.go b/pkg/frontend/openshiftcluster_get.go
index df3b74b75a4..5f0b110efba 100644
--- a/pkg/frontend/openshiftcluster_get.go
+++ b/pkg/frontend/openshiftcluster_get.go
@@ -48,6 +48,7 @@ func (f *frontend) _getOpenShiftCluster(ctx context.Context, log *logrus.Entry,
 	if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil {
 		doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = ""
 	}
+	doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = ""
 
 	return json.MarshalIndent(converter.ToExternal(doc.OpenShiftCluster), "", "    ")
 }
diff --git a/pkg/frontend/openshiftcluster_list.go b/pkg/frontend/openshiftcluster_list.go
index cf3db432f3f..2d2aaa7f35a 100644
--- a/pkg/frontend/openshiftcluster_list.go
+++ b/pkg/frontend/openshiftcluster_list.go
@@ -70,6 +70,7 @@ func (f *frontend) _getOpenShiftClusters(ctx context.Context, log *logrus.Entry,
 		if ocs[i].Properties.ServicePrincipalProfile != nil {
 			ocs[i].Properties.ServicePrincipalProfile.ClientSecret = ""
 		}
+		ocs[i].Properties.ClusterProfile.BoundServiceAccountSigningKey = ""
 	}
 
 	nextLink, err := f.buildNextLink(r.Header.Get("Referer"), i.Continuation())
diff --git a/pkg/frontend/openshiftcluster_putorpatch.go b/pkg/frontend/openshiftcluster_putorpatch.go
index 1fa6f26fdca..bf0e9c3d456 100644
--- a/pkg/frontend/openshiftcluster_putorpatch.go
+++ b/pkg/frontend/openshiftcluster_putorpatch.go
@@ -247,6 +247,7 @@ func (f *frontend) _putOrPatchOpenShiftCluster(ctx context.Context, log *logrus.
 	if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil {
 		doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = ""
 	}
+	doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = ""
 
 	// We don't return enriched worker profile data on PUT/PATCH operations
 	doc.OpenShiftCluster.Properties.WorkerProfilesStatus = nil
diff --git a/pkg/frontend/openshiftclustercredentials_post.go b/pkg/frontend/openshiftclustercredentials_post.go
index 904e0a97641..bc13d571df5 100644
--- a/pkg/frontend/openshiftclustercredentials_post.go
+++ b/pkg/frontend/openshiftclustercredentials_post.go
@@ -70,6 +70,7 @@ func (f *frontend) _postOpenShiftClusterCredentials(ctx context.Context, r *http
 	if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil {
 		doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = ""
 	}
+	doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = ""
 
 	return json.MarshalIndent(converter.ToExternal(doc.OpenShiftCluster), "", "    ")
 }
diff --git a/pkg/frontend/openshiftclusterkubeconfigcredentials_post.go b/pkg/frontend/openshiftclusterkubeconfigcredentials_post.go
index 9af4e7e4eca..0dee9249413 100644
--- a/pkg/frontend/openshiftclusterkubeconfigcredentials_post.go
+++ b/pkg/frontend/openshiftclusterkubeconfigcredentials_post.go
@@ -73,6 +73,7 @@ func (f *frontend) _postOpenShiftClusterKubeConfigCredentials(ctx context.Contex
 	if doc.OpenShiftCluster.Properties.ServicePrincipalProfile != nil {
 		doc.OpenShiftCluster.Properties.ServicePrincipalProfile.ClientSecret = ""
 	}
+	doc.OpenShiftCluster.Properties.ClusterProfile.BoundServiceAccountSigningKey = ""
 
 	return json.MarshalIndent(converter.ToExternal(doc.OpenShiftCluster), "", "    ")
 }