diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index bd17ff1126..5d9d9c6a7f 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -40,7 +40,7 @@ from polymorphic.models import PolymorphicModel
 # AWX
 from awx.main.constants import SCHEDULEABLE_PROVIDERS, ANSI_SGR_PATTERN
 from awx.main.models import * # noqa
-from awx.main.constants import ACTIVE_STATES
+from awx.main.constants import ACTIVE_STATES, TOKEN_CENSOR
 from awx.main.models.base import NEW_JOB_TYPE_CHOICES
 from awx.main.access import get_user_capabilities
 from awx.main.fields import ImplicitRoleField
@@ -999,7 +999,7 @@ class UserAuthorizedTokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return obj.token
             else:
-                return '*************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''    
         
@@ -1009,7 +1009,7 @@ class UserAuthorizedTokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return getattr(obj.refresh_token, 'token', '')
             else:
-                return '**************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''
 
@@ -1075,7 +1075,7 @@ class OAuth2ApplicationSerializer(BaseSerializer):
         return ret
 
     def _summary_field_tokens(self, obj):
-        token_list = [{'id': x.pk, 'token': '**************', 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]]
+        token_list = [{'id': x.pk, 'token': TOKEN_CENSOR, 'scope': x.scope} for x in obj.oauth2accesstoken_set.all()[:10]]
         if has_model_field_prefetched(obj, 'oauth2accesstoken_set'):
             token_count = len(obj.oauth2accesstoken_set.all())
         else:
@@ -1133,7 +1133,7 @@ class OAuth2TokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return obj.token
             else:
-                return '*************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''
 
@@ -1143,7 +1143,7 @@ class OAuth2TokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return getattr(obj.refresh_token, 'token', '')
             else:
-                return '**************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''
 
@@ -1214,7 +1214,7 @@ class OAuth2AuthorizedTokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return obj.token
             else:
-                return '*************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''    
         
@@ -1224,7 +1224,7 @@ class OAuth2AuthorizedTokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return getattr(obj.refresh_token, 'token', '')
             else:
-                return '**************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''
             
@@ -1289,7 +1289,7 @@ class OAuth2PersonalTokenSerializer(BaseSerializer):
             if request.method == 'POST':
                 return obj.token
             else:
-                return '*************'
+                return TOKEN_CENSOR
         except ObjectDoesNotExist:
             return ''
 
diff --git a/awx/main/constants.py b/awx/main/constants.py
index 447fed5ae6..edd00569ea 100644
--- a/awx/main/constants.py
+++ b/awx/main/constants.py
@@ -19,3 +19,4 @@ PRIVILEGE_ESCALATION_METHODS = [
 ANSI_SGR_PATTERN = re.compile(r'\x1b\[[0-9;]*m')
 CAN_CANCEL = ('new', 'pending', 'waiting', 'running')
 ACTIVE_STATES = CAN_CANCEL
+TOKEN_CENSOR = '************'
diff --git a/awx/main/tests/functional/api/test_oauth.py b/awx/main/tests/functional/api/test_oauth.py
index 3666165c6b..4110701e6a 100644
--- a/awx/main/tests/functional/api/test_oauth.py
+++ b/awx/main/tests/functional/api/test_oauth.py
@@ -115,7 +115,7 @@ def test_oauth_token_create(oauth_application, get, post, admin):
     )
     assert response.data['summary_fields']['tokens']['count'] == 1
     assert response.data['summary_fields']['tokens']['results'][0] == {
-        'id': token.pk, 'scope': token.scope, 'token': '**************'
+        'id': token.pk, 'scope': token.scope, 'token': '************'
     }
 
 
diff --git a/docs/auth/oauth.md b/docs/auth/oauth.md
index 30cece59cb..e6f0fc6dad 100644
--- a/docs/auth/oauth.md
+++ b/docs/auth/oauth.md
@@ -41,7 +41,7 @@ Individual applications will be accessible via their primary keys:
             "results": [
                 {
                     "scope": "read",
-                    "token": "**************",
+                    "token": "*************",
                     "id": 2
                 }
             ]
@@ -114,7 +114,7 @@ Individual tokens will be accessible via their primary keys:
     "description": "App Token Test",
     "user": 1,
     "token": "*************",
-    "refresh_token": "**************",
+    "refresh_token": "*************",
     "application": 1,
     "expires": "2018-02-24T00:39:32.618279Z",
     "scope": "read"