diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryConnection.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryConnection.java
index 2792991b871f..416261983e70 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryConnection.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryConnection.java
@@ -152,6 +152,24 @@ public class BigQueryConnection extends BigQueryNoOpsConnection {
     this.connectionId = UUID.randomUUID().toString();
     try (BigQueryJdbcMdc.MdcCloseable mdc = BigQueryJdbcMdc.registerInstance(this.connectionId)) {
       this.connectionUrl = url;
+      if (LOG.isLoggable(java.util.logging.Level.CONFIG)) {
+        Properties connectionProps = ds.createProperties();
+        Properties maskedProps = new Properties();
+        for (String name : connectionProps.stringPropertyNames()) {
+          String value = connectionProps.getProperty(name);
+          String lowerName = name.toLowerCase();
+          if ((lowerName.contains("key")
+                  || lowerName.contains("token")
+                  || lowerName.contains("password")
+                  || lowerName.contains("pwd")
+                  || lowerName.contains("secret"))
+              && !lowerName.equals("partnertoken")) {
+            value = "*****";
+          }
+          maskedProps.setProperty(name, value);
+        }
+        LOG.config("Connection properties: %s", maskedProps.toString());
+      }
       this.openStatements = ConcurrentHashMap.newKeySet();
       this.autoCommit = true;
       this.sqlWarnings = new ArrayList<>();
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/DataSource.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/DataSource.java
index 82c14a41fbdb..4ad4e094338c 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/DataSource.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/DataSource.java
@@ -392,7 +392,7 @@ public Connection getConnection() throws SQLException {
     return DriverManager.getConnection(getURL(), createProperties());
   }
 
-  private Properties createProperties() {
+  Properties createProperties() {
     Properties connectionProperties = new Properties();
     if (this.projectId != null) {
       connectionProperties.setProperty(
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryConnectionTest.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryConnectionTest.java
index dd6ceb0deceb..a05747d7c8bf 100644
--- a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryConnectionTest.java
+++ b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryConnectionTest.java
@@ -456,4 +456,55 @@ public void testIsReadOnlyTokenProvided(String readonlyProp, boolean expectedIsR
       assertEquals(expectedIsReadOnly, connection.isReadOnlyTokenUsed());
     }
   }
+
+  @Test
+  public void testConnectionPropertiesLoggingAndMasking() throws IOException, SQLException {
+    java.util.logging.Logger rootLogger = BigQueryJdbcRootLogger.getRootLogger();
+    java.util.logging.Level originalLevel = rootLogger.getLevel();
+    rootLogger.setLevel(java.util.logging.Level.INFO);
+
+    java.util.List<java.util.logging.LogRecord> records = new java.util.ArrayList<>();
+    java.util.logging.Handler handler =
+        new java.util.logging.Handler() {
+          @Override
+          public void publish(java.util.logging.LogRecord record) {
+            records.add(record);
+          }
+
+          @Override
+          public void flush() {}
+
+          @Override
+          public void close() throws SecurityException {}
+        };
+    rootLogger.addHandler(handler);
+
+    try {
+      String url =
+          "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;"
+              + "OAuthType=2;ProjectId=MyTestProjectId;"
+              + "OAuthAccessToken=secretAccessToken;Location=US;"
+              + "PartnerToken=GPN:secretPartnerToken;";
+      try (BigQueryConnection connection = new BigQueryConnection(url)) {
+        // Just trigger the constructor
+      }
+
+      boolean foundLog = false;
+      for (java.util.logging.LogRecord record : records) {
+        if (record.getMessage().contains("Connection properties:")) {
+          foundLog = true;
+          String logMessage = record.getMessage();
+          assertTrue(logMessage.contains("ProjectId=MyTestProjectId"));
+          assertTrue(logMessage.contains("Location=US"));
+          assertTrue(logMessage.contains("OAuthAccessToken=*****"));
+          assertTrue(logMessage.contains("PartnerToken= (GPN:secretPartnerToken)"));
+          assertFalse(logMessage.contains("secretAccessToken"));
+        }
+      }
+      assertTrue(foundLog, "Log message about Connection properties was not found");
+    } finally {
+      rootLogger.removeHandler(handler);
+      rootLogger.setLevel(originalLevel);
+    }
+  }
 }