diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 224c88435479..7ea8945bf371 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -543,6 +543,7 @@
 /pkg/proto/datadog/workloadmeta         @DataDog/container-platform
 /pkg/remoteconfig/                      @DataDog/remote-config
 /pkg/runtime/                           @DataDog/agent-runtimes
+/pkg/redact/                            @DataDog/kubernetes-experiences
 /pkg/system-probe/                      @DataDog/ebpf-platform
 /pkg/system-probe/api/client/client_windows.go      @DataDog/windows-products
 /pkg/system-probe/api/server/listener_windows.go    @DataDog/windows-products
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrole.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrole.go
index 2da1830e14dc..b5c03c5363bf 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrole.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrole.go
@@ -9,11 +9,12 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrolebinding.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrolebinding.go
index eb07d7965ced..e3ad91aec62c 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrolebinding.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/clusterrolebinding.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cr.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cr.go
index 518a1f1031dd..595a5ba2a48c 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cr.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cr.go
@@ -13,9 +13,10 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 )
 
 // CRHandlers implements the Handlers interface for Kubernetes CronJobs.
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/crd.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/crd.go
index 3d7e0d881aaa..4759e4bca42d 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/crd.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/crd.go
@@ -12,9 +12,10 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	"k8s.io/apimachinery/pkg/types"
 )
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1.go
index 25d149951388..e30dc8c030de 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1.go
@@ -9,11 +9,12 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	batchv1 "k8s.io/api/batch/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1beta1.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1beta1.go
index e620ecb2fdad..8bc1e22eed3c 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1beta1.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/cronjob_v1beta1.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	batchv1beta1 "k8s.io/api/batch/v1beta1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/daemonset.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/daemonset.go
index d2752304f23c..a3e94d1c0f66 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/daemonset.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/daemonset.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/deployment.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/deployment.go
index aa2954152054..ac06c5b3e648 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/deployment.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/deployment.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/horizontalpodautoscaler.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/horizontalpodautoscaler.go
index 1558d7c0623f..c647778df4f7 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/horizontalpodautoscaler.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/horizontalpodautoscaler.go
@@ -12,11 +12,12 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 )
 
 // HorizontalPodAutoscalerHandlers implements the Handlers interface for Kuberenetes HPAs
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/ingress.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/ingress.go
index ee6a541a4901..15223964714b 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/ingress.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/ingress.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	netv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/job.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/job.go
index 2b6b79762306..8372f54d2e79 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/job.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/job.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	batchv1 "k8s.io/api/batch/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/limitrange.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/limitrange.go
index c207b94b69bb..65278c22999d 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/limitrange.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/limitrange.go
@@ -11,12 +11,13 @@ import (
 	corev1 "k8s.io/api/core/v1"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	"k8s.io/apimachinery/pkg/types"
 )
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/namespace.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/namespace.go
index 2c2891169655..1c194eba1ab3 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/namespace.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/namespace.go
@@ -11,12 +11,13 @@ import (
 	corev1 "k8s.io/api/core/v1"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	"k8s.io/apimachinery/pkg/types"
 )
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/networkpolicy.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/networkpolicy.go
index b6ea178dceb0..593c5f1db3de 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/networkpolicy.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/networkpolicy.go
@@ -12,11 +12,12 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 )
 
 // NetworkPolicyHandlers implements the Handlers interface for Kubernetes NetworkPolicy.
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/node.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/node.go
index 894e5831d650..77ee62a33421 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/node.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/node.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolume.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolume.go
index aadf913dcf2a..469ca28554ac 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolume.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolume.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolumeclaim.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolumeclaim.go
index d3acf52e9a28..796f9c2253e7 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolumeclaim.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/persistentvolumeclaim.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/pod.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/pod.go
index 1880a2e223ef..3e92d7ffda6d 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/pod.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/pod.go
@@ -12,6 +12,7 @@ import (
 	"strings"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/comp/core/config"
@@ -25,7 +26,7 @@ import (
 	podtagprovider "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/pod_tag_provider"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/orchestrator"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 
 	corev1 "k8s.io/api/core/v1"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/poddisruptionbudget.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/poddisruptionbudget.go
index 4fb543d1d297..1a5672942e38 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/poddisruptionbudget.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/poddisruptionbudget.go
@@ -9,11 +9,12 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	policyv1 "k8s.io/api/policy/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/replicaset.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/replicaset.go
index 9e4b93c34c51..cbe89c587ded 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/replicaset.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/replicaset.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/role.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/role.go
index be10b7fbf51e..391d01b1b312 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/role.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/role.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/rolebinding.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/rolebinding.go
index a8fc96da1fea..d92cf9d05811 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/rolebinding.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/rolebinding.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/service.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/service.go
index 173241da9323..fecbb11bc78f 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/service.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/service.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/serviceaccount.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/serviceaccount.go
index 5f37dcdceb4f..cdd44f82a5cf 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/serviceaccount.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/serviceaccount.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/statefulset.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/statefulset.go
index 14adcc790141..b7320a1e39b8 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/statefulset.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/statefulset.go
@@ -9,12 +9,13 @@ package k8s
 
 import (
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/types"
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/storageclass.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/storageclass.go
index 3e4443159816..3b6cfab4e04c 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/storageclass.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/storageclass.go
@@ -11,12 +11,13 @@ import (
 	storagev1 "k8s.io/api/storage/v1"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
 
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 
 	"k8s.io/apimachinery/pkg/types"
 )
diff --git a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/verticalpodautoscaler.go b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/verticalpodautoscaler.go
index 720bd7a56d41..aeb7a64e5745 100644
--- a/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/verticalpodautoscaler.go
+++ b/pkg/collector/corechecks/cluster/orchestrator/processors/k8s/verticalpodautoscaler.go
@@ -12,11 +12,12 @@ import (
 	v1 "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/apis/autoscaling.k8s.io/v1"
 
 	model "github.com/DataDog/agent-payload/v5/process"
+
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/processors/common"
 	k8sTransformers "github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/transformers/k8s"
 	"github.com/DataDog/datadog-agent/pkg/collector/corechecks/cluster/orchestrator/util"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 )
 
 // VerticalPodAutoscalerHandlers implements the Handlers interface for Kuberenetes VPAs
diff --git a/pkg/flare/archive_k8s.go b/pkg/flare/archive_k8s.go
index bad6f50c0b6d..ec4b04dfa290 100644
--- a/pkg/flare/archive_k8s.go
+++ b/pkg/flare/archive_k8s.go
@@ -3,14 +3,19 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2024-present Datadog, Inc.
 
-//go:build kubelet
+//go:build kubelet && orchestrator
 
 package flare
 
 import (
 	"context"
+	"encoding/json"
 	"time"
 
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/DataDog/datadog-agent/pkg/redact"
 	"github.com/DataDog/datadog-agent/pkg/util/kubernetes/kubelet"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 )
@@ -41,6 +46,35 @@ func getKubeletPods() (data []byte, err error) {
 		log.Debugf("Could not get kubelet client: %v", err)
 		return nil, nil
 	}
-	data, _, err = ku.QueryKubelet(ctx, "/pods")
+
+	// Get the raw local pod list from the kubelet
+	pods, err := ku.GetRawLocalPodList(ctx)
+	if err != nil {
+		log.Debugf("Could not get raw local pod list: %v", err)
+		return nil, err
+	}
+
+	scrubber := redact.NewDefaultDataScrubber()
+	for _, pod := range pods {
+		redact.ScrubPod(pod, scrubber)
+	}
+
+	// Create a new pod list with the scrubbed pods
+	podList := &v1.PodList{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "PodList",
+			APIVersion: "v1",
+		},
+		Items: make([]v1.Pod, len(pods)),
+	}
+	for i, pod := range pods {
+		podList.Items[i] = *pod
+	}
+
+	data, err = json.Marshal(podList)
+	if err != nil {
+		log.Debugf("Could not marshal pod list: %v", err)
+		return nil, err
+	}
 	return
 }
diff --git a/pkg/flare/archive_nok8s.go b/pkg/flare/archive_nok8s.go
index b1f71f13883c..e03cb8440556 100644
--- a/pkg/flare/archive_nok8s.go
+++ b/pkg/flare/archive_nok8s.go
@@ -3,7 +3,7 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2024-present Datadog, Inc.
 
-//go:build !kubelet
+//go:build !kubelet || !orchestrator
 
 package flare
 
diff --git a/pkg/orchestrator/config/config.go b/pkg/orchestrator/config/config.go
index 089a0e946618..88cf70e437e2 100644
--- a/pkg/orchestrator/config/config.go
+++ b/pkg/orchestrator/config/config.go
@@ -3,6 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
+//go:build orchestrator
+
 //nolint:revive // TODO(CAPP) Fix revive linter
 package config
 
@@ -16,8 +18,8 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/config/env"
 	pkgconfigsetup "github.com/DataDog/datadog-agent/pkg/config/setup"
 	"github.com/DataDog/datadog-agent/pkg/config/utils"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
 	apicfg "github.com/DataDog/datadog-agent/pkg/process/util/api/config"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 	"github.com/DataDog/datadog-agent/pkg/util/hostname"
 	"github.com/DataDog/datadog-agent/pkg/util/kubernetes/clustername"
 	pkglog "github.com/DataDog/datadog-agent/pkg/util/log"
diff --git a/pkg/orchestrator/config/config_test.go b/pkg/orchestrator/config/config_test.go
index 526936f04325..d9c0180bd640 100644
--- a/pkg/orchestrator/config/config_test.go
+++ b/pkg/orchestrator/config/config_test.go
@@ -17,9 +17,9 @@ import (
 	"github.com/stretchr/testify/suite"
 
 	configmock "github.com/DataDog/datadog-agent/pkg/config/mock"
-	"github.com/DataDog/datadog-agent/pkg/config/model"
-	"github.com/DataDog/datadog-agent/pkg/orchestrator/redact"
+	model "github.com/DataDog/datadog-agent/pkg/config/model"
 	apicfg "github.com/DataDog/datadog-agent/pkg/process/util/api/config"
+	"github.com/DataDog/datadog-agent/pkg/redact"
 )
 
 type YamlConfigTestSuite struct {
diff --git a/pkg/orchestrator/redact/cr.go b/pkg/redact/cr.go
similarity index 100%
rename from pkg/orchestrator/redact/cr.go
rename to pkg/redact/cr.go
diff --git a/pkg/orchestrator/redact/cr_test.go b/pkg/redact/cr_test.go
similarity index 100%
rename from pkg/orchestrator/redact/cr_test.go
rename to pkg/redact/cr_test.go
diff --git a/pkg/orchestrator/redact/data_scrubber.go b/pkg/redact/data_scrubber.go
similarity index 98%
rename from pkg/orchestrator/redact/data_scrubber.go
rename to pkg/redact/data_scrubber.go
index f84d8827518b..397814c35d03 100644
--- a/pkg/orchestrator/redact/data_scrubber.go
+++ b/pkg/redact/data_scrubber.go
@@ -30,6 +30,10 @@ var (
 		"access_token", "auth_token",
 		"api_key", "apikey", "pwd",
 		"secret", "credentials", "stripetoken"}
+
+	knownSafeEnvVars = map[string]struct{}{
+		"DD_AUTH_TOKEN_FILE_PATH": {},
+	}
 )
 
 // DataScrubber allows the agent to block cmdline arguments that match
@@ -70,6 +74,9 @@ func (ds *DataScrubber) setupAnnotationRegexps(words []string) {
 func (ds *DataScrubber) ContainsSensitiveWord(s string) bool {
 	for _, pattern := range ds.LiteralSensitivePatterns {
 		if strings.Contains(strings.ToLower(s), pattern) {
+			if _, ok := knownSafeEnvVars[s]; ok {
+				return false
+			}
 			return true
 		}
 	}
diff --git a/pkg/orchestrator/redact/data_scrubber_test.go b/pkg/redact/data_scrubber_test.go
similarity index 98%
rename from pkg/orchestrator/redact/data_scrubber_test.go
rename to pkg/redact/data_scrubber_test.go
index 7458c0cad2b1..37eb2449d46a 100644
--- a/pkg/orchestrator/redact/data_scrubber_test.go
+++ b/pkg/redact/data_scrubber_test.go
@@ -50,6 +50,12 @@ func TestMatchNoMatchCommand(t *testing.T) {
 	}
 }
 
+func TestKnownSafeEnvVars(t *testing.T) {
+	scrubber := NewDefaultDataScrubber()
+	assert.False(t, scrubber.ContainsSensitiveWord("DD_AUTH_TOKEN_FILE_PATH"))
+	assert.True(t, scrubber.ContainsSensitiveWord("AUTH_TOKEN_FILE_PATH"))
+}
+
 func TestMatchSimpleCommandScrubRegex(t *testing.T) {
 	cases := setupCmdlinesWithWildCards()
 	customSensitiveWords := []string{"passwd"}
diff --git a/pkg/orchestrator/redact/metadata.go b/pkg/redact/metadata.go
similarity index 98%
rename from pkg/orchestrator/redact/metadata.go
rename to pkg/redact/metadata.go
index 412e5a313f52..255efb1bc93a 100644
--- a/pkg/orchestrator/redact/metadata.go
+++ b/pkg/redact/metadata.go
@@ -3,6 +3,8 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
+//go:build orchestrator
+
 package redact
 
 import "sync"
diff --git a/pkg/orchestrator/redact/pod.go b/pkg/redact/pod.go
similarity index 94%
rename from pkg/orchestrator/redact/pod.go
rename to pkg/redact/pod.go
index 6e3e24e34f88..3984798d2da1 100644
--- a/pkg/orchestrator/redact/pod.go
+++ b/pkg/redact/pod.go
@@ -81,7 +81,10 @@ func scrubContainer(c *v1.Container, scrubber *DataScrubber) {
 	// scrub env vars
 	for e := 0; e < len(c.Env); e++ {
 		if scrubber.ContainsSensitiveWord(c.Env[e].Name) {
-			c.Env[e].Value = redactedSecret
+			// It's possible the env var is set using a ValueFrom field, in which case we don't want to scrub the value field
+			if c.Env[e].Value != "" {
+				c.Env[e].Value = redactedSecret
+			}
 		}
 	}
 
diff --git a/pkg/orchestrator/redact/pod_test.go b/pkg/redact/pod_test.go
similarity index 97%
rename from pkg/orchestrator/redact/pod_test.go
rename to pkg/redact/pod_test.go
index b6a5daaf4ea5..0f19c27f1d00 100644
--- a/pkg/orchestrator/redact/pod_test.go
+++ b/pkg/redact/pod_test.go
@@ -606,6 +606,30 @@ func getScrubCases() map[string]struct {
 				Env: []v1.EnvVar{{Name: "password", Value: "********"}},
 			},
 		},
+		"sensitive env var set via ValueFrom": {
+			input: v1.Container{
+				Env: []v1.EnvVar{{
+					Name: "password",
+					ValueFrom: &v1.EnvVarSource{
+						SecretKeyRef: &v1.SecretKeySelector{
+							LocalObjectReference: v1.LocalObjectReference{Name: "my-secret"},
+							Key:                  "password",
+						},
+					},
+				}},
+			},
+			expected: v1.Container{
+				Env: []v1.EnvVar{{
+					Name: "password",
+					ValueFrom: &v1.EnvVarSource{
+						SecretKeyRef: &v1.SecretKeySelector{
+							LocalObjectReference: v1.LocalObjectReference{Name: "my-secret"},
+							Key:                  "password",
+						},
+					},
+				}},
+			},
+		},
 		"command with sensitive arg": {
 			input: v1.Container{
 				Command: []string{"mysql"},
diff --git a/releasenotes/notes/Apply-the-scrubber-to-K8s-pods-in-flares-36094b4a1da77709.yaml b/releasenotes/notes/Apply-the-scrubber-to-K8s-pods-in-flares-36094b4a1da77709.yaml
new file mode 100644
index 000000000000..b76dc7d0e037
--- /dev/null
+++ b/releasenotes/notes/Apply-the-scrubber-to-K8s-pods-in-flares-36094b4a1da77709.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Properly scrub sensitive information from Kubernetes pod specifications in agent flares.
+    Environment variables with sensitive names are now redacted.