diff --git a/lib/modules/platform/azure/util.ts b/lib/modules/platform/azure/util.ts
index 617b1e5a76bf8afd19c4a7fdf28bb4b5a1e0c7dc..d71238b423bcea843a02dc56c4be9605c8cda41b 100644
--- a/lib/modules/platform/azure/util.ts
+++ b/lib/modules/platform/azure/util.ts
@@ -142,7 +142,7 @@ export function getStorageExtraCloneOpts(config: HostRule): GitOptions {
     authType = 'bearer';
     authValue = config.token;
   }
-  addSecretForSanitizing(authValue);
+  addSecretForSanitizing(authValue, 'global');
   return {
     '-c': `http.extraheader=AUTHORIZATION: ${authType} ${authValue}`,
   };
diff --git a/lib/util/sanitize.spec.ts b/lib/util/sanitize.spec.ts
index c38c9e3574e24751baddda06cf58d6454f18ea99..39686982277f6d3a321012ff9d9ec88ee21bafee 100644
--- a/lib/util/sanitize.spec.ts
+++ b/lib/util/sanitize.spec.ts
@@ -19,7 +19,7 @@ describe('util/sanitize', () => {
     const token = '123testtoken';
     const username = 'userabc';
     const password = 'password123';
-    addSecretForSanitizing(token);
+    addSecretForSanitizing(token, 'global');
     const hashed = toBase64(`${username}:${password}`);
     addSecretForSanitizing(hashed);
     addSecretForSanitizing(password);
diff --git a/lib/util/sanitize.ts b/lib/util/sanitize.ts
index 2d830e2d7213cdf32858973ad9cbddbb21fcc3ec..724bc095bc52b1bbbf0a7d4439a4ef8e35122135 100644
--- a/lib/util/sanitize.ts
+++ b/lib/util/sanitize.ts
@@ -1,7 +1,8 @@
 import is from '@sindresorhus/is';
 import { toBase64 } from './string';
 
-const secrets = new Set<string>();
+const globalSecrets = new Set<string>();
+const repoSecrets = new Set<string>();
 
 export const redactedFields = [
   'authorization',
@@ -21,20 +22,23 @@ export function sanitize(input: string): string {
     return input;
   }
   let output: string = input;
-  secrets.forEach((secret) => {
-    while (output.includes(secret)) {
-      output = output.replace(secret, '**redacted**');
-    }
+  [globalSecrets, repoSecrets].forEach((secrets) => {
+    secrets.forEach((secret) => {
+      while (output.includes(secret)) {
+        output = output.replace(secret, '**redacted**');
+      }
+    });
   });
   return output;
 }
 
 const GITHUB_APP_TOKEN_PREFIX = 'x-access-token:';
 
-export function addSecretForSanitizing(secret: string): void {
+export function addSecretForSanitizing(secret: string, type = 'repo'): void {
   if (!is.nonEmptyString(secret)) {
     return;
   }
+  const secrets = type === 'repo' ? repoSecrets : globalSecrets;
   secrets.add(secret);
   secrets.add(toBase64(secret));
   if (secret.startsWith(GITHUB_APP_TOKEN_PREFIX)) {
@@ -44,6 +48,7 @@ export function addSecretForSanitizing(secret: string): void {
   }
 }
 
-export function clearSanitizedSecretsList(): void {
+export function clearSanitizedSecretsList(type = 'repo'): void {
+  const secrets = type === 'repo' ? repoSecrets : globalSecrets;
   secrets.clear();
 }