[chef] how to prevent chef logging secrets

hi. is there any way around this? a better way to do it all together?

my cookbook sets up a mysql DB. it sets the root password by drawing the
password creds out of an encrypted data bag. that's great cuz those
secrets are kept secret. but when "assign-root-password" is executed,
chef logs at INFO level the command it's running, including the
string interpolated value of the password :\


$ knife data bag show secrets --secret-file ~/path/to/secret_key mysql-creds
id:    mysql-creds
pass:  ehMAHgawd
user:  root


recipe:

mysql_creds = Chef::EncryptedDataBagItem.load("secrets","mysql-creds")

execute "assign-root-password" do
  command "#{node['mysql']['mysqladmin_bin']} -u root password 
\"#{mysql_creds['pass']}\""
  action :run
  only_if "#{node['mysql']['mysql_bin']} -u root -e 'show databases;'"
end


logs, le meh:

[Tue, 22 May 2012 04:04:33 +0000] DEBUG: Processing 
execute[assign-root-password] on mah-host
[Tue, 22 May 2012 04:04:33 +0000] INFO: Processing 
execute[assign-root-password] action run (okta-mysql::dev-server line 38)
[Tue, 22 May 2012 04:04:33 +0000] DEBUG: sh(/usr/bin/mysql -u root -e 'show 
databases;')
[Tue, 22 May 2012 04:04:34 +0000] INFO: execute[assign-root-password] 
sh(/usr/bin/mysqladmin -u root password "ehMAHgawd")
[Tue, 22 May 2012 04:04:34 +0000] INFO: execute[assign-root-password] ran 
successfully


thanks!
kallen