diff --git a/src/observer/virtual_table/ob_all_virtual_sys_parameter_stat.cpp b/src/observer/virtual_table/ob_all_virtual_sys_parameter_stat.cpp
index 1455190f9..150a0200c 100644
--- a/src/observer/virtual_table/ob_all_virtual_sys_parameter_stat.cpp
+++ b/src/observer/virtual_table/ob_all_virtual_sys_parameter_stat.cpp
@@ -117,7 +117,12 @@ int ObAllVirtualSysParameterStat::inner_sys_get_next_row(ObNewRow *&row)
             break;
           }
         case VALUE: {
-            cells[i].set_varchar(sys_iter_->second->str());
+            if ((!is_sys_tenant(effective_tenant_id_) || session_->is_inner()) &&
+                (0 == ObString(SSL_EXTERNAL_KMS_INFO).case_compare(sys_iter_->first.str()))) {
+              cells[i].set_varchar("");
+            } else {
+              cells[i].set_varchar(sys_iter_->second->str());
+            }
             cells[i].set_collation_type(
                 ObCharset::get_default_collation(ObCharset::get_default_charset()));
             break;
diff --git a/src/observer/virtual_table/ob_all_virtual_tenant_parameter_stat.cpp b/src/observer/virtual_table/ob_all_virtual_tenant_parameter_stat.cpp
index f3e92e323..eba8aaf20 100644
--- a/src/observer/virtual_table/ob_all_virtual_tenant_parameter_stat.cpp
+++ b/src/observer/virtual_table/ob_all_virtual_tenant_parameter_stat.cpp
@@ -276,7 +276,13 @@ int ObAllVirtualTenantParameterStat::fill_row_(common::ObNewRow *&row,
               // default value should not be used when `compatible` is not loaded yet.
               cells[i].set_varchar("0.0.0.0");
             } else {
-              cells[i].set_varchar(iter->second->str());
+              if (!is_sys_tenant(effective_tenant_id_) &&
+                  (0 == ObString(SSL_EXTERNAL_KMS_INFO).case_compare(iter->first.str()) ||
+                   0 == ObString(EXTERNAL_KMS_INFO).case_compare(iter->first.str()))) {
+                cells[i].set_varchar("");
+              } else {
+                cells[i].set_varchar(iter->second->str());
+              }
             }
             cells[i].set_collation_type(
                 ObCharset::get_default_collation(ObCharset::get_default_charset()));
diff --git a/src/observer/virtual_table/ob_iterate_private_virtual_table.cpp b/src/observer/virtual_table/ob_iterate_private_virtual_table.cpp
index a3de150cb..be0ffb813 100644
--- a/src/observer/virtual_table/ob_iterate_private_virtual_table.cpp
+++ b/src/observer/virtual_table/ob_iterate_private_virtual_table.cpp
@@ -223,6 +223,20 @@ int ObIteratePrivateVirtualTable::add_extra_condition(common::ObSqlString &sql)
   if (OB_FAIL(sql.append_fmt(" AND tenant_id = %lu", cur_tenant_id_))) {
     LOG_WARN("append sql failed", KR(ret), K_(cur_tenant_id));
   }
+
+  /*
+  * add filter for sensitive data, do not let this to influence other condition or
+  * be influenced by other
+  */
+  if (OB_SUCC(ret)) {
+    if (!is_sys_tenant(effective_tenant_id_)) {
+      if (OB_TENANT_PARAMETER_TID == base_table_id_) {
+        if (OB_FAIL(sql.append_fmt(" AND name not in ('external_kms_info')"))) {
+          LOG_WARN("append filter sql failed", KR(ret), K_(cur_tenant_id), K_(base_table_id));
+        }
+      }
+    }
+  }
   return ret;
 }
 
@@ -332,5 +346,27 @@ uint64_t ObIteratePrivateVirtualTable::get_exec_tenant_id_(const uint64_t tenant
   return exec_tenant_id;
 }
 
+static int varchar_to_empty_string(const ObObj &src, ObObj &dst, ObIAllocator &allocator)
+{
+  int ret = OB_SUCCESS;
+  dst = src;
+  dst.set_varchar("");
+  return ret;
+}
+
+int ObIteratePrivateVirtualTable::set_convert_func(convert_func_t &func,
+            const schema::ObColumnSchemaV2 &col, const schema::ObColumnSchemaV2 &base_col)
+{
+  int ret = OB_SUCCESS;
+  if (!is_sys_tenant(effective_tenant_id_)) {
+    if (OB_ALL_RECOVER_TABLE_JOB_TID == base_table_id_ ||
+        OB_ALL_RECOVER_TABLE_JOB_HISTORY_TID == base_table_id_) {
+      if (base_col.get_column_name_str() == ObString::make_string("external_kms_info")) {
+        func = varchar_to_empty_string;
+      }
+    }
+  }
+  return ret;
+}
 } // end namespace observer
 } // end namespace oceanbase
diff --git a/src/observer/virtual_table/ob_iterate_private_virtual_table.h b/src/observer/virtual_table/ob_iterate_private_virtual_table.h
index 8dcc31090..d0a9b13a1 100644
--- a/src/observer/virtual_table/ob_iterate_private_virtual_table.h
+++ b/src/observer/virtual_table/ob_iterate_private_virtual_table.h
@@ -42,7 +42,6 @@ public:
   virtual int do_open() override;
   virtual int inner_get_next_row(common::ObNewRow *&row) override;
   virtual int inner_close() override;
-
 private:
   virtual int init_non_exist_map_item(
       MapItem &item, const share::schema::ObColumnSchemaV2 &col) override;
@@ -53,6 +52,9 @@ private:
   bool check_tenant_in_range_(const uint64_t tenant_id, const common::ObNewRange &range);
   int next_tenant_();
   uint64_t get_exec_tenant_id_(const uint64_t tenant_id);
+  virtual int set_convert_func(convert_func_t &func,
+                               const share::schema::ObColumnSchemaV2 &col,
+                               const share::schema::ObColumnSchemaV2 &base_col) override;
 private:
   int64_t tenant_idx_;
   uint64_t cur_tenant_id_;