diff --git a/changelogs/fragments/9621-keycloak_client-sanitize-saml-encryption-key.yml b/changelogs/fragments/9621-keycloak_client-sanitize-saml-encryption-key.yml
new file mode 100644
index 0000000000..5d3401e430
--- /dev/null
+++ b/changelogs/fragments/9621-keycloak_client-sanitize-saml-encryption-key.yml
@@ -0,0 +1,2 @@
+security_fixes:
+  - keycloak_client - Sanitize ``saml.encryption.private.key`` so it does not show in the logs (https://github.com/ansible-collections/community.general/pull/9621).
\ No newline at end of file
diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py
index 68696fd404..c7514ba4c8 100644
--- a/plugins/modules/keycloak_client.py
+++ b/plugins/modules/keycloak_client.py
@@ -775,8 +775,11 @@ def sanitize_cr(clientrep):
         result['secret'] = 'no_log'
     if 'attributes' in result:
         attributes = result['attributes']
-        if isinstance(attributes, dict) and 'saml.signing.private.key' in attributes:
-            attributes['saml.signing.private.key'] = 'no_log'
+        if isinstance(attributes, dict):
+            if 'saml.signing.private.key' in attributes:
+                attributes['saml.signing.private.key'] = 'no_log'
+            if 'saml.encryption.private.key' in attributes:
+                attributes['saml.encryption.private.key'] = 'no_log'
     return normalise_cr(result)