diff --git a/changelogs/fragments/gcp_fixes.yml b/changelogs/fragments/gcp_fixes.yml
new file mode 100644
index 00000000000..3cc57c98786
--- /dev/null
+++ b/changelogs/fragments/gcp_fixes.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - Add no_log to credentials field to avoid disclosures, also switch type to jsonarg to avoid having users responsible for transformations.
diff --git a/lib/ansible/module_utils/gcp_utils.py b/lib/ansible/module_utils/gcp_utils.py
index ec8c73e6ed6..1ef97c46f7b 100644
--- a/lib/ansible/module_utils/gcp_utils.py
+++ b/lib/ansible/module_utils/gcp_utils.py
@@ -214,7 +214,8 @@ class GcpModule(AnsibleModule):
                 service_account_contents=dict(
                     required=False,
                     fallback=(env_fallback, ['GCP_SERVICE_ACCOUNT_CONTENTS']),
-                    type='str'),
+                    no_log=True,
+                    type='jsonarg'),
                 scopes=dict(
                     required=False,
                     fallback=(env_fallback, ['GCP_SCOPES']),
diff --git a/lib/ansible/plugins/doc_fragments/gcp.py b/lib/ansible/plugins/doc_fragments/gcp.py
index 60a98d054b5..a73389921b4 100644
--- a/lib/ansible/plugins/doc_fragments/gcp.py
+++ b/lib/ansible/plugins/doc_fragments/gcp.py
@@ -20,10 +20,8 @@ options:
         choices: [ application, machineaccount, serviceaccount ]
     service_account_contents:
         description:
-            - A string representing the contents of a Service Account JSON file.
-            - This should not be passed in as a dictionary, but a string
-              that has the exact contents of a service account json file (valid JSON)
-        type: str
+            - The contents of a Service Account JSON file, either in a dictionary or as a JSON string that represents it.
+        type: jsonarg
     service_account_file:
         description:
             - The path of a Service Account JSON file if serviceaccount is selected as type.