diff --git a/internal/db/event_logs.go b/internal/db/event_logs.go
index e0caa8038fb..03db77a2ed3 100644
--- a/internal/db/event_logs.go
+++ b/internal/db/event_logs.go
@@ -12,6 +12,7 @@ import (
 	"github.com/sourcegraph/sourcegraph/cmd/frontend/types"
 	"github.com/sourcegraph/sourcegraph/internal/db/dbconn"
 	"github.com/sourcegraph/sourcegraph/internal/db/dbutil"
+	intSecrets "github.com/sourcegraph/sourcegraph/internal/secrets"
 	"github.com/sourcegraph/sourcegraph/internal/timeutil"
 	"github.com/sourcegraph/sourcegraph/internal/version"
 )
@@ -38,8 +39,12 @@ func (*eventLogs) Insert(ctx context.Context, e *Event) error {
 	if argument == nil {
 		argument = json.RawMessage([]byte(`{}`))
 	}
+	argData, err := intSecrets.CryptObject.EncryptBytesIfPossible(argument)
+	if err != nil {
+		return err
+	}
 
-	_, err := dbconn.Global.ExecContext(
+	_, err = dbconn.Global.ExecContext(
 		ctx,
 		"INSERT INTO event_logs(name, url, user_id, anonymous_user_id, source, argument, version, timestamp) VALUES($1, $2, $3, $4, $5, $6, $7, $8)",
 		e.Name,
@@ -47,7 +52,7 @@ func (*eventLogs) Insert(ctx context.Context, e *Event) error {
 		e.UserID,
 		e.AnonymousUserID,
 		e.Source,
-		argument,
+		argData,
 		version.Version(),
 		e.Timestamp.UTC(),
 	)
@@ -67,6 +72,12 @@ func (*eventLogs) getBySQL(ctx context.Context, querySuffix *sqlf.Query) ([]*typ
 	events := []*types.Event{}
 	for rows.Next() {
 		r := types.Event{}
+		args, secErr := intSecrets.CryptObject.DecryptIfPossible(r.Argument)
+		if secErr != nil {
+			return nil, err
+		}
+		r.Argument = args
+
 		err := rows.Scan(&r.ID, &r.Name, &r.URL, &r.UserID, &r.AnonymousUserID, &r.Source, &r.Argument, &r.Version, &r.Timestamp)
 		if err != nil {
 			return nil, err
diff --git a/internal/db/external_accounts.go b/internal/db/external_accounts.go
index 50475f02075..98d2555f326 100644
--- a/internal/db/external_accounts.go
+++ b/internal/db/external_accounts.go
@@ -122,7 +122,7 @@ WHERE service_type=$1 AND service_id=$2 AND client_id=$3 AND account_id=$4 AND d
 
 	// Update the external account (it exists).
 
-	authData, err := intSecrets.CryptObject.EncryptBytes(*data.AuthData)
+	authData, err := intSecrets.CryptObject.EncryptBytesIfPossible(*data.AuthData)
 	if err != nil {
 		return err
 	}