diff --git a/plugins/inputs/influxdb_v2_listener/README.md b/plugins/inputs/influxdb_v2_listener/README.md
index 36d2fa703..8cd16b756 100644
--- a/plugins/inputs/influxdb_v2_listener/README.md
+++ b/plugins/inputs/influxdb_v2_listener/README.md
@@ -31,6 +31,14 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
 
 [CONFIGURATION.md]: ../../../docs/CONFIGURATION.md#plugins
 
+## Secret-store support
+
+This plugin supports secrets from secret-stores for the `token` option.
+See the [secret-store documentation][SECRETSTORE] for more details on how
+to use them.
+
+[SECRETSTORE]: ../../../docs/CONFIGURATION.md#secret-store-secrets
+
 ## Configuration
 
 ```toml @sample.conf
diff --git a/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener.go b/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener.go
index f59a24fc5..92d305e22 100644
--- a/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener.go
+++ b/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener.go
@@ -58,7 +58,7 @@ type InfluxDBV2Listener struct {
 	ReadTimeout           config.Duration `toml:"read_timeout"`
 	WriteTimeout          config.Duration `toml:"write_timeout"`
 	MaxBodySize           config.Size     `toml:"max_body_size"`
-	Token                 string          `toml:"token"`
+	Token                 config.Secret   `toml:"token"`
 	BucketTag             string          `toml:"bucket_tag"`
 	ParserType            string          `toml:"parser_type"`
 
@@ -99,11 +99,18 @@ func (h *InfluxDBV2Listener) Gather(_ telegraf.Accumulator) error {
 	return nil
 }
 
-func (h *InfluxDBV2Listener) routes() {
+func (h *InfluxDBV2Listener) routes() error {
 	credentials := ""
-	if h.Token != "" {
-		credentials = "Token " + h.Token
+	if !h.Token.Empty() {
+		secBuf, err := h.Token.Get()
+		if err != nil {
+			return err
+		}
+
+		credentials = "Token " + secBuf.String()
+		secBuf.Destroy()
 	}
+
 	authHandler := internal.GenericAuthHandler(credentials,
 		func(_ http.ResponseWriter) {
 			h.authFailures.Incr(1)
@@ -113,6 +120,8 @@ func (h *InfluxDBV2Listener) routes() {
 	h.mux.Handle("/api/v2/write", authHandler(h.handleWrite()))
 	h.mux.Handle("/api/v2/ready", h.handleReady())
 	h.mux.Handle("/", authHandler(h.handleDefault()))
+
+	return nil
 }
 
 func (h *InfluxDBV2Listener) Init() error {
@@ -126,7 +135,9 @@ func (h *InfluxDBV2Listener) Init() error {
 	h.requestsRecv = selfstat.Register("influxdb_v2_listener", "requests_received", tags)
 	h.notFoundsServed = selfstat.Register("influxdb_v2_listener", "not_founds_served", tags)
 	h.authFailures = selfstat.Register("influxdb_v2_listener", "auth_failures", tags)
-	h.routes()
+	if err := h.routes(); err != nil {
+		return err
+	}
 
 	if h.MaxBodySize == 0 {
 		h.MaxBodySize = config.Size(defaultMaxBodySize)
diff --git a/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener_test.go b/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener_test.go
index 7be9de6cd..22bec8a5e 100644
--- a/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener_test.go
+++ b/plugins/inputs/influxdb_v2_listener/influxdb_v2_listener_test.go
@@ -63,7 +63,7 @@ func newTestListener() *InfluxDBV2Listener {
 
 func newTestAuthListener() *InfluxDBV2Listener {
 	listener := newTestListener()
-	listener.Token = token
+	listener.Token = config.NewSecret([]byte(token))
 	return listener
 }