diff --git a/lib/DBSQLClient.ts b/lib/DBSQLClient.ts
index ead39d9e..85888d16 100644
--- a/lib/DBSQLClient.ts
+++ b/lib/DBSQLClient.ts
@@ -160,6 +160,17 @@ export default class DBSQLClient extends EventEmitter implements IDBSQLClient, I
    * const session = client.connect({host, path, token});
    */
   public async connect(options: ConnectionOptions, authProvider?: IAuthentication): Promise<IDBSQLClient> {
+    const deprecatedClientId = (options as any).clientId;
+    if (deprecatedClientId !== undefined) {
+      this.logger.log(
+        LogLevel.warn,
+        'Warning: The "clientId" option is deprecated. Please use "userAgentEntry" instead.',
+      );
+      if (!options.userAgentEntry) {
+        options.userAgentEntry = deprecatedClientId;
+      }
+    }
+
     this.authProvider = this.createAuthProvider(options, authProvider);
 
     this.connectionProvider = this.createConnectionProvider(options);
diff --git a/lib/utils/buildUserAgentString.ts b/lib/utils/buildUserAgentString.ts
index 1cbbf177..cd021e93 100644
--- a/lib/utils/buildUserAgentString.ts
+++ b/lib/utils/buildUserAgentString.ts
@@ -11,7 +11,21 @@ function getOperatingSystemVersion(): string {
   return `${os.type()} ${os.release()}`;
 }
 
+function redactInternalToken(userAgentEntry: string): string {
+  const internalTokenPrefixes = ['dkea', 'dskea', 'dapi', 'dsapi', 'dose'];
+  for (const prefix of internalTokenPrefixes) {
+    if (userAgentEntry.startsWith(prefix)) {
+      return '<REDACTED>';
+    }
+  }
+  return userAgentEntry;
+}
+
 export default function buildUserAgentString(userAgentEntry?: string): string {
+  if (userAgentEntry) {
+    userAgentEntry = redactInternalToken(userAgentEntry);
+  }
+
   const extra = [userAgentEntry, getNodeVersion(), getOperatingSystemVersion()].filter(Boolean);
   return `${productName}/${packageVersion} (${extra.join('; ')})`;
 }
diff --git a/tests/unit/DBSQLClient.test.ts b/tests/unit/DBSQLClient.test.ts
index 5caf8420..f4ac593f 100644
--- a/tests/unit/DBSQLClient.test.ts
+++ b/tests/unit/DBSQLClient.test.ts
@@ -79,6 +79,25 @@ describe('DBSQLClient.connect', () => {
 
     expect(thriftConnectionStub.on.called).to.be.true;
   });
+
+  it('should log a warning when deprecated clientId is passed', async () => {
+    const client = new DBSQLClient();
+    const logSpy = sinon.spy((client as any).logger, 'log');
+
+    const optionsWithDeprecated = {
+      ...connectOptions,
+      clientId: 'clientId',
+    };
+
+    await client.connect(optionsWithDeprecated as any);
+
+    const warningRegex = /Warning: The "clientId" option is deprecated\. Please use "userAgentEntry" instead\./;
+    const callFound = logSpy.getCalls().some((call) => warningRegex.test(call.args[1]));
+
+    expect(callFound).to.be.true;
+
+    logSpy.restore();
+  });
 });
 
 describe('DBSQLClient.openSession', () => {
diff --git a/tests/unit/utils/utils.test.ts b/tests/unit/utils/utils.test.ts
index 6f0369b2..ed96326e 100644
--- a/tests/unit/utils/utils.test.ts
+++ b/tests/unit/utils/utils.test.ts
@@ -56,6 +56,12 @@ describe('buildUserAgentString', () => {
     const ua = buildUserAgentString();
     checkUserAgentString(ua);
   });
+
+  it('should redact internal token in userAgentEntry', () => {
+    const userAgentEntry = 'dkea-internal-token';
+    const userAgentString = buildUserAgentString(userAgentEntry);
+    expect(userAgentString).to.include('<REDACTED>');
+  });
 });
 
 describe('formatProgress', () => {