diff --git a/keystone/api/credentials.py b/keystone/api/credentials.py
index 8e3c7a07f..2b81000e0 100644
--- a/keystone/api/credentials.py
+++ b/keystone/api/credentials.py
@@ -194,7 +194,7 @@ class CredentialResource(ks_flask.ResourceBase):
         self._validate_blob_update_keys(current.copy(), credential.copy())
         self._require_matching_id(credential)
         # Check that the user hasn't illegally modified the owner or scope
-        target = {'credential': credential}
+        target = {'credential': dict(current, **credential)}
         ENFORCER.enforce_call(
             action='identity:update_credential', target_attr=target
         )