diff --git a/src/core/lib/security/credentials/jwt/jwt_credentials.c b/src/core/lib/security/credentials/jwt/jwt_credentials.c
index 01c349cd7586fbdc98adacdc838d33038bac89de..3daf0f4ef704115898f317ac214754e0bce5ca3a 100644
--- a/src/core/lib/security/credentials/jwt/jwt_credentials.c
+++ b/src/core/lib/security/credentials/jwt/jwt_credentials.c
@@ -145,31 +145,25 @@ grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
 }
 
 static char *redact_private_key(const char *json_key) {
-  const char *json_key_end = json_key + strlen(json_key);
-  const char *begin_cue = "BEGIN PRIVATE KEY";
-  const char *end_cue = "END PRIVATE KEY";
-  const char *redacted = " <redacted> ";
-  const char *begin_redact = strstr(json_key, begin_cue);
-  const char *end_redact = strstr(json_key, end_cue);
-  if (!begin_redact) {
-    begin_redact = json_key;
-  } else {
-    begin_redact += strlen(begin_cue);
+  char *json_copy = gpr_strdup(json_key);
+  grpc_json *json = grpc_json_parse_string(json_copy);
+  if (!json) {
+    gpr_free(json_copy);
+    return gpr_strdup("<Json failed to parse.>");
   }
-  if (!end_redact) {
-    end_redact = json_key_end;
+  const char *redacted = "<redacted>";
+  grpc_json *current = json->child;
+  while (current) {
+    if (current->type == GRPC_JSON_STRING &&
+        strcmp(current->key, "private_key") == 0) {
+      current->value = (char *)redacted;
+      break;
+    }
+    current = current->next;
   }
-  GPR_ASSERT(end_redact - begin_redact >= 0);
-  size_t result_length =
-      strlen(json_key) - (size_t)(end_redact - begin_redact) + strlen(redacted);
-  char *clean_json = (char *)gpr_malloc(result_length + 1);
-  clean_json[result_length] = 0;
-  char *current = clean_json;
-  memcpy(current, json_key, (size_t)(begin_redact - json_key));
-  current += (begin_redact - json_key);
-  memcpy(current, redacted, strlen(redacted));
-  current += strlen(redacted);
-  memcpy(current, end_redact, (size_t)(json_key_end - end_redact));
+  char *clean_json = grpc_json_dump_to_string(json, 2);
+  gpr_free(json_copy);
+  grpc_json_destroy(json);
   return clean_json;
 }