diff --git a/source/Calamari/Kubernetes/Scripts/KubectlBashContext.sh b/source/Calamari/Kubernetes/Scripts/KubectlBashContext.sh
index 63aaebb9e..5d227e4d3 100644
--- a/source/Calamari/Kubernetes/Scripts/KubectlBashContext.sh
+++ b/source/Calamari/Kubernetes/Scripts/KubectlBashContext.sh
@@ -75,6 +75,8 @@ function setup_context {
 	Octopus_K8S_Client_Cert_Pem_Encoded=$(echo "$Octopus_K8S_Client_Cert_Pem" | base64 -w0)
 	Octopus_K8S_Client_Cert_Key_Encoded=$(echo "$Octopus_K8S_Client_Cert_Key" | base64 -w0)
 
+	set_octopusvariable "${Octopus_K8S_Client_Cert}.PrivateKeyPemBase64" $Octopus_K8S_Client_Cert_Key_Encoded -sensitive
+
 	kubectl config set users.octouser.client-certificate-data "$Octopus_K8S_Client_Cert_Pem_Encoded"
 	kubectl config set users.octouser.client-key-data "$Octopus_K8S_Client_Cert_Key_Encoded"
   fi
@@ -157,8 +159,8 @@ get_kubectl
 configure_kubectl_path
 setup_context
 create_namespace
-echo $KUBECONFIG
 echo "##octopus[stdout-verbose]"
+cat $KUBECONFIG
 echo "Invoking target script \"$(get_octopusvariable "OctopusKubernetesTargetScript")\" with $(get_octopusvariable "OctopusKubernetesTargetScriptParameters") parameters"
 echo "##octopus[stdout-default]"
 
diff --git a/source/Calamari/Kubernetes/Scripts/KubectlPowershellContext.ps1 b/source/Calamari/Kubernetes/Scripts/KubectlPowershellContext.ps1
index 122cb20a8..016d417e3 100644
--- a/source/Calamari/Kubernetes/Scripts/KubectlPowershellContext.ps1
+++ b/source/Calamari/Kubernetes/Scripts/KubectlPowershellContext.ps1
@@ -78,8 +78,14 @@ function SetupContext {
 				Exit 1
 			}
 
-			& $Kubectl_Exe config set users.octouser.client-certificate-data $([Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($K8S_Client_Cert_Pem)))
-			& $Kubectl_Exe config set users.octouser.client-key-data $([Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($K8S_Client_Cert_Key)))
+			$K8S_Client_Cert_Key_Encoded = $([Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($K8S_Client_Cert_Key)))
+			$K8S_Client_Cert_Pem_Encoded = $([Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($K8S_Client_Cert_Pem)))
+
+			# Don't leak the private key in the logs
+			Set-OctopusVariable -name "$($K8S_Client_Cert).PrivateKeyPemBase64" -value $K8S_Client_Cert_Key_Encoded -sensitive
+
+			& $Kubectl_Exe config set users.octouser.client-certificate-data $K8S_Client_Cert_Pem_Encoded
+			& $Kubectl_Exe config set users.octouser.client-key-data $K8S_Client_Cert_Key_Encoded
 		}
 
 		if(-not [string]::IsNullOrEmpty($K8S_Server_Cert)) {
@@ -177,8 +183,9 @@ Write-Host "##octopus[stdout-verbose]"
 ConfigureKubeCtlPath
 SetupContext
 CreateNamespace
-Write-Host "##octopus[stdout-default]"
-
+echo "##octopus[stdout-verbose]"
+Get-Content $env:KUBECONFIG
 Write-Verbose "Invoking target script $OctopusKubernetesTargetScript with $OctopusKubernetesTargetScriptParameters parameters"
+echo "##octopus[stdout-default]"
 
 Invoke-Expression ". `"$OctopusKubernetesTargetScript`" $OctopusKubernetesTargetScriptParameters"
\ No newline at end of file