System stored procedure and command passwords can be replaced with asterisks in audit records.
When auditing is configured and enabled, and the sp_audit option 'cmdtext' is set, system stored procedure and command password parameters are replaced with a fixed length string of asterisks in the audit records contained in the audit logs.
For example, execute:
sp_password 'oldpassword', 'newpassword'
When auditing is enabled and sp_audit cmdtext is set, the results in output are similar to:
sp_password '******', '******'
This protects passwords from being seen by other with access to the audit log.