diff --git a/lib/avatax/connection.rb b/lib/avatax/connection.rb
index 500e014..5d7a306 100644
--- a/lib/avatax/connection.rb
+++ b/lib/avatax/connection.rb
@@ -4,7 +4,8 @@ module AvaTax
 
   module Connection
     private
-    AUTHORIZATION_FILTER_REGEX = /(Authorization\:\ \"Basic\ )(\w+)\=/
+
+    AUTHORIZATION_FILTER_REGEX = /(Authorization:\ "Basic\ )(\w+)/
     REMOVED_LABEL = '\1[REMOVED]'
 
     def connection
diff --git a/spec/avatax/request_spec.rb b/spec/avatax/request_spec.rb
index 055deba..9cf5f84 100644
--- a/spec/avatax/request_spec.rb
+++ b/spec/avatax/request_spec.rb
@@ -1,4 +1,5 @@
 require File.expand_path('../../spec_helper', __FILE__)
+require 'logger'
 
 describe AvaTax::Request do
 
@@ -22,4 +23,22 @@
       expect(response.env.request['timeout']).to eq(10)
     end
   end
+
+  describe 'filter credentials from logs' do
+    let(:string_io) { StringIO.new }
+    let(:logger) { Logger.new(string_io) }
+
+    it 'replaces credentials with a label' do
+      # Make 'name:pass' string length a multiple of three so the base64
+      # encoded string will not have padding characters '=' at the end.
+      @client.username = 'name'
+      @client.password = 'pass'
+
+      @client.custom_logger = logger
+      response = @client.request(:get, 'path', 'model')
+
+      expect(response.env.request_headers).to include('Authorization' => 'Basic bmFtZTpwYXNz')
+      expect(string_io.string).to match(/Authorization: "Basic \[REMOVED\]"/)
+    end
+  end
 end