diff --git a/pylxd/models/certificate.py b/pylxd/models/certificate.py
index eb616cf3..1ad9d239 100644
--- a/pylxd/models/certificate.py
+++ b/pylxd/models/certificate.py
@@ -53,12 +53,13 @@ def all(cls, client):
     def create(
         cls,
         client,
-        secret,
+        password,
         cert_data,
         cert_type="client",
         name="",
         projects=None,
         restricted=False,
+        secret="",
     ):
         """Create a new certificate."""
         cert = x509.load_pem_x509_certificate(cert_data, default_backend())
@@ -68,14 +69,17 @@ def create(
         data = {
             "type": cert_type,
             "certificate": base64_cert,
+            "password": password,
             "name": name,
             "restricted": restricted,
             "projects": projects,
         }
-        if client.has_api_extension("explicit_trust_token"):
+
+        # secret/trust_token are safer than password
+        if client.has_api_extension("explicit_trust_token") and secret:
             data["trust_token"] = secret
-        else:
-            data["password"] = secret
+            del(data["password"])
+
         response = client.api.certificates.post(json=data)
         location = response.headers["Location"]
         fingerprint = location.split("/")[-1]