diff --git a/lib/puppet/provider/mysql_login_path/sensitive.rb b/lib/puppet/provider/mysql_login_path/sensitive.rb
index 1c026ac9a..f8755fd30 100644
--- a/lib/puppet/provider/mysql_login_path/sensitive.rb
+++ b/lib/puppet/provider/mysql_login_path/sensitive.rb
@@ -6,4 +6,9 @@ class Puppet::Provider::MysqlLoginPath::Sensitive < Puppet::Pops::Types::PSensit
   def ==(other)
     return true if other.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive) && unwrap == other.unwrap
   end
+
+  def encode_with(coder)
+    coder.tag = nil
+    coder.scalar = 'Puppet::Provider::MysqlLoginPath::Sensitive <<encrypted>>'
+  end
 end
diff --git a/spec/unit/puppet/provider/mysql_login_path/sensitive_spec.rb b/spec/unit/puppet/provider/mysql_login_path/sensitive_spec.rb
new file mode 100644
index 000000000..c5d0972b8
--- /dev/null
+++ b/spec/unit/puppet/provider/mysql_login_path/sensitive_spec.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+ensure_module_defined('Puppet::Provider::MysqlLoginPath')
+require 'puppet/provider/mysql_login_path/sensitive'
+require 'psych'
+
+RSpec.describe Puppet::Provider::MysqlLoginPath::Sensitive do
+  subject(:sensitive) { described_class.new('secret') }
+
+  describe 'Puppet::Provider::MysqlLoginPath::Sensitive' do
+    it 'encodes its value correctly into transactionstore.yaml' do
+      psych_encoded = Psych.load(Psych.dump(sensitive))
+      expect(psych_encoded).to eq 'Puppet::Provider::MysqlLoginPath::Sensitive <<encrypted>>'
+    end
+  end
+end