diff --git a/monasca_persister/persister.py b/monasca_persister/persister.py
index c7348028..90123249 100644
--- a/monasca_persister/persister.py
+++ b/monasca_persister/persister.py
@@ -1,4 +1,4 @@
-# (C) Copyright 2014-2016 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2014-2017 Hewlett Packard Enterprise Development LP
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -100,7 +100,9 @@ def clean_exit(signum, frame=None):
             if process.is_alive():
                 process.terminate()  # Sends sigterm which any processes after a notification is sent attempt to handle
                 wait_for_exit = True
-        except Exception:
+        except Exception:  # nosec
+            # There is really nothing to do if the kill fails, so just go on.
+            # The # nosec keeps bandit from reporting this as a security issue
             pass
 
     # wait for a couple seconds to give the subprocesses a chance to shut down correctly.
@@ -112,7 +114,9 @@ def clean_exit(signum, frame=None):
         LOG.debug('Killing pid %s' % child.pid)
         try:
             os.kill(child.pid, signal.SIGKILL)
-        except Exception:
+        except Exception:  # nosec
+            # There is really nothing to do if the kill fails, so just go on.
+            # The # nosec keeps bandit from reporting this as a security issue
             pass
 
     if signum == signal.SIGTERM:
diff --git a/monasca_persister/repositories/influxdb/__init__.py b/monasca_persister/repositories/influxdb/__init__.py
index fc03740b..e0f773a3 100644
--- a/monasca_persister/repositories/influxdb/__init__.py
+++ b/monasca_persister/repositories/influxdb/__init__.py
@@ -1,4 +1,4 @@
-# (C) Copyright 2016 Hewlett Packard Enterprise Development Company LP
+# (C) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@ influxdb_opts = [cfg.StrOpt('database_name'),
                  cfg.StrOpt('ip_address'),
                  cfg.StrOpt('port'),
                  cfg.StrOpt('user'),
-                 cfg.StrOpt('password')]
+                 cfg.StrOpt('password', secret=True)]
 
 influxdb_group = cfg.OptGroup(name='influxdb', title='influxdb')
 cfg.CONF.register_group(influxdb_group)
diff --git a/test-requirements.txt b/test-requirements.txt
index def565af..d5b64cde 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,6 +1,7 @@
 # The order of packages is significant, because pip processes them in the order
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.
+bandit>=1.1.0  # Apache-2.0
 flake8<2.6.0,>=2.5.4 # MIT
 hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
 coverage>=4.0 # Apache-2.0
diff --git a/tox.ini b/tox.ini
index 763a13f3..37413927 100644
--- a/tox.ini
+++ b/tox.ini
@@ -50,11 +50,19 @@ commands =
   oslo_debug_helper -t monasca_persister/tests {posargs}
 
 [testenv:pep8]
-commands = flake8
+deps =
+  {[testenv]deps}
+commands =
+  {[testenv:flake8]commands}
+  {[bandit]commands}
 
 [testenv:venv]
 commands = {posargs}
 
+[testenv:flake8]
+commands =
+    flake8 monasca_persister
+
 [flake8]
 max-line-length = 120
 # TODO: ignored checks should be enabled in the future
@@ -62,3 +70,7 @@ max-line-length = 120
 # H904  Wrap long lines in parentheses instead of a backslash
 ignore = F821,H405,H904,E126,E125,H306,E302,E122
 exclude=.venv,.git,.tox,dist,*egg,build
+
+[bandit]
+commands =
+  bandit -r monasca_persister -n5 -x monasca_persister/tests