diff --git a/awx/main/credential_plugins/tss.py b/awx/main/credential_plugins/tss.py
index f6b6a8a250..f3927f6658 100644
--- a/awx/main/credential_plugins/tss.py
+++ b/awx/main/credential_plugins/tss.py
@@ -1,7 +1,7 @@
 from .plugin import CredentialPlugin
 from django.utils.translation import ugettext_lazy as _
 
-from thycotic.secrets.server import SecretServer, PasswordGrantAuthorizer
+from thycotic.secrets.server import PasswordGrantAuthorizer, SecretServer, ServerSecret
 
 tss_inputs = {
     'fields': [
@@ -32,14 +32,22 @@ tss_inputs = {
             'help_text': _('The integer ID of the secret'),
             'type': 'string',
         },
+        {
+            'id': 'secret_field',
+            'label': _('Secret Field'),
+            'help_text': _('The field to extract from the secret'),
+            'type': 'string',
+        },
     ],
-    'required': ['server_url', 'username', 'password', 'secret_id'],
+    'required': ['server_url', 'username', 'password', 'secret_id', 'secret_field'],
 }
 
 tss_plugin = CredentialPlugin(
     'Thycotic Secret Server',
     tss_inputs,
-    lambda **kwargs: SecretServer(kwargs['server_url'], PasswordGrantAuthorizer(kwargs['server_url'], kwargs['username'], kwargs['password'])).get_secret(
-        kwargs['secret_id']
-    ),
+    lambda **kwargs: ServerSecret(
+        **SecretServer(kwargs['server_url'], PasswordGrantAuthorizer(kwargs['server_url'], kwargs['username'], kwargs['password'])).get_secret(
+            kwargs['secret_id']
+        )
+    ).fields[kwargs['secret_field']],
 )