diff --git a/change-notes/2020-12-09-clear-text-logging-source.md b/change-notes/2020-12-09-clear-text-logging-source.md
new file mode 100644
index 00000000000..7ba2113ba79
--- /dev/null
+++ b/change-notes/2020-12-09-clear-text-logging-source.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The query "Clear-text logging of sensitive information" has been improved to recognize `SecretInterface` from `k8s.io/client-go/kubernetes/typed/core/v1` as a source of sensitive data, which may lead to more alerts.
diff --git a/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll b/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll
index 9f21fa67eb4..1a6af789aaf 100644
--- a/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll
+++ b/ql/src/semmle/go/security/CleartextLoggingCustomizations.qll
@@ -184,6 +184,10 @@ module CleartextLogging {
     override string describe() { result = "HTTP request headers" }
   }
 
+  private class KubernetesSecretInterfaceSource extends Source, K8sIoClientGo::SecretInterfaceSource {
+    override string describe() { result = "Kubernetes Secret" }
+  }
+
   /**
    * The first element of a split by ' '  or ':', often sanitizing a username/password pair
    * or the "Method value" syntax used in the HTTP Authorization header.