diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index e428fe0b..a90ca598 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -4,6 +4,7 @@
 - Fixed import by refactoring Read method of AccessToken resource + minor refactor [#311](https://github.com/pulumi/pulumi-pulumiservice/issues/311)
 - Fixed import by refactoring Read method of AgentPool resource + minor refactor [#311](https://github.com/pulumi/pulumi-pulumiservice/issues/311)
 - Fixing noisy diff in DS OIDC object [#330](https://github.com/pulumi/pulumi-pulumiservice/issues/330)
+- Removed accessToken provider parameter defaults from schema to prevent leaks [#350](https://github.com/pulumi/pulumi-pulumiservice/issues/350)
 
 ### Miscellaneous
 - Added CHANGELOG_PENDING file to ignore-list of the `main` workflow [[#340](https://github.com/pulumi/pulumi-pulumiservice/issues/340)]
\ No newline at end of file
diff --git a/provider/cmd/pulumi-resource-pulumiservice/schema.json b/provider/cmd/pulumi-resource-pulumiservice/schema.json
index e4a2ada4..fd44f177 100644
--- a/provider/cmd/pulumi-resource-pulumiservice/schema.json
+++ b/provider/cmd/pulumi-resource-pulumiservice/schema.json
@@ -25,12 +25,7 @@
       "accessToken": {
         "description": "Access Token to authenticate with Pulumi Cloud.",
         "type": "string",
-        "default": "",
-        "defaultInfo": {
-          "environment": [
-            "PULUMI_ACCESS_TOKEN"
-          ]
-        }
+        "secret": true
       }
     }
   },
diff --git a/sdk/dotnet/Provider.cs b/sdk/dotnet/Provider.cs
index 9a7a465c..b038bfe8 100644
--- a/sdk/dotnet/Provider.cs
+++ b/sdk/dotnet/Provider.cs
@@ -39,15 +39,24 @@ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions?
 
     public sealed class ProviderArgs : global::Pulumi.ResourceArgs
     {
+        [Input("accessToken")]
+        private Input<string>? _accessToken;
+
         /// <summary>
         /// Access Token to authenticate with Pulumi Cloud.
         /// </summary>
-        [Input("accessToken")]
-        public Input<string>? AccessToken { get; set; }
+        public Input<string>? AccessToken
+        {
+            get => _accessToken;
+            set
+            {
+                var emptySecret = Output.CreateSecret(0);
+                _accessToken = Output.Tuple<Input<string>?, int>(value, emptySecret).Apply(t => t.Item1);
+            }
+        }
 
         public ProviderArgs()
         {
-            AccessToken = Utilities.GetEnv("PULUMI_ACCESS_TOKEN") ?? "";
         }
         public static new ProviderArgs Empty => new ProviderArgs();
     }
diff --git a/sdk/go/pulumiservice/provider.go b/sdk/go/pulumiservice/provider.go
index fe38f084..97c99091 100644
--- a/sdk/go/pulumiservice/provider.go
+++ b/sdk/go/pulumiservice/provider.go
@@ -22,10 +22,8 @@ func NewProvider(ctx *pulumi.Context,
 		args = &ProviderArgs{}
 	}
 
-	if args.AccessToken == nil {
-		if d := internal.GetEnvOrDefault("", nil, "PULUMI_ACCESS_TOKEN"); d != nil {
-			args.AccessToken = pulumi.StringPtr(d.(string))
-		}
+	if args.AccessToken != nil {
+		args.AccessToken = pulumi.ToSecret(args.AccessToken).(pulumi.StringPtrInput)
 	}
 	opts = internal.PkgResourceDefaultOpts(opts)
 	var resource Provider
diff --git a/sdk/java/src/main/java/com/pulumi/pulumiservice/ProviderArgs.java b/sdk/java/src/main/java/com/pulumi/pulumiservice/ProviderArgs.java
index 90edb549..27d1352c 100644
--- a/sdk/java/src/main/java/com/pulumi/pulumiservice/ProviderArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/pulumiservice/ProviderArgs.java
@@ -5,7 +5,6 @@
 
 import com.pulumi.core.Output;
 import com.pulumi.core.annotations.Import;
-import com.pulumi.core.internal.Codegen;
 import java.lang.String;
 import java.util.Objects;
 import java.util.Optional;
@@ -77,7 +76,6 @@ public Builder accessToken(String accessToken) {
         }
 
         public ProviderArgs build() {
-            $.accessToken = Codegen.stringProp("accessToken").output().arg($.accessToken).env("PULUMI_ACCESS_TOKEN").def("").getNullable();
             return $;
         }
     }
diff --git a/sdk/nodejs/provider.ts b/sdk/nodejs/provider.ts
index 0e97ef2f..2325bc98 100644
--- a/sdk/nodejs/provider.ts
+++ b/sdk/nodejs/provider.ts
@@ -31,7 +31,7 @@ export class Provider extends pulumi.ProviderResource {
         let resourceInputs: pulumi.Inputs = {};
         opts = opts || {};
         {
-            resourceInputs["accessToken"] = (args ? args.accessToken : undefined) ?? (utilities.getEnv("PULUMI_ACCESS_TOKEN") || "");
+            resourceInputs["accessToken"] = args?.accessToken ? pulumi.secret(args.accessToken) : undefined;
         }
         opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
         super(Provider.__pulumiType, name, resourceInputs, opts);
diff --git a/sdk/python/pulumi_pulumiservice/provider.py b/sdk/python/pulumi_pulumiservice/provider.py
index f451142e..4b3465d9 100644
--- a/sdk/python/pulumi_pulumiservice/provider.py
+++ b/sdk/python/pulumi_pulumiservice/provider.py
@@ -19,8 +19,6 @@ def __init__(__self__, *,
         The set of arguments for constructing a Provider resource.
         :param pulumi.Input[str] access_token: Access Token to authenticate with Pulumi Cloud.
         """
-        if access_token is None:
-            access_token = (_utilities.get_env('PULUMI_ACCESS_TOKEN') or '')
         if access_token is not None:
             pulumi.set(__self__, "access_token", access_token)
 
@@ -83,9 +81,7 @@ def _internal_init(__self__,
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = ProviderArgs.__new__(ProviderArgs)
 
-            if access_token is None:
-                access_token = (_utilities.get_env('PULUMI_ACCESS_TOKEN') or '')
-            __props__.__dict__["access_token"] = access_token
+            __props__.__dict__["access_token"] = None if access_token is None else pulumi.Output.secret(access_token)
         super(Provider, __self__).__init__(
             'pulumiservice',
             resource_name,