diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/input/input.yml.hbs b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/input/input.yml.hbs
index 3c3b8b5df23c2..a562a8dacdae8 100644
--- a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/input/input.yml.hbs
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/input/input.yml.hbs
@@ -1,2 +1,4 @@
 package_var_secret: {{package_var_secret}}
+package_var_non_secret: {{package_var_non_secret}}
 input_var_secret: {{input_var_secret}}
+input_var_non_secret: {{input_var_non_secret}}
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/stream/stream.yml.hbs b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/stream/stream.yml.hbs
index 81cce3223c9f4..c8a3b08abd942 100644
--- a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/stream/stream.yml.hbs
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/agent/stream/stream.yml.hbs
@@ -1,4 +1,7 @@
 config.version: "2"
 package_var_secret: {{package_var_secret}}
+package_var_non_secret: {{package_var_non_secret}}
 input_var_secret: {{input_var_secret}}
+input_var_non_secret: {{input_var_non_secret}}
 stream_var_secret: {{stream_var_secret}}
+stream_var_non_secret: {{stream_var_non_secret}}
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/manifest.yml b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/manifest.yml
index 8ecffc0e4e7d4..46504ff58a894 100644
--- a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/manifest.yml
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/data_stream/log/manifest.yml
@@ -10,3 +10,8 @@ streams:
         multi: false
         show_user: true
         secret: true
+      - name: stream_var_non_secret
+        type: text
+        title: Stream Var Non Secret
+        multi: false
+        show_user: true
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/manifest.yml b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/manifest.yml
index 9efcf03ea13ca..d577e1b930713 100644
--- a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/manifest.yml
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.0.0/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 1.0.0
 name: secrets
 title: Package with secrets
-description: This integration package has 3 secrets.
+description: This integration package has 3 secret and 3 non secret vars.
 version: 1.0.0
 categories: []
 # Options are experimental, beta, ga
@@ -32,6 +32,12 @@ vars:
     required: true
     show_user: true
     secret: true
+  - name: package_var_non_secret
+    type: text
+    title: Package Var Non Secret
+    multi: false
+    required: true
+    show_user: true
 policy_templates:
   - name: secrets
     title: This 
@@ -48,4 +54,9 @@ policy_templates:
             title: Input Var Secret
             multi: false
             show_user: true
-            secret: true
\ No newline at end of file
+            secret: true
+          - name: input_var_non_secret
+            type: text
+            title: Input Var Non Secret
+            multi: false
+            show_user: true
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/agent/input/input.yml.hbs b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/agent/input/input.yml.hbs
new file mode 100644
index 0000000000000..a562a8dacdae8
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/agent/input/input.yml.hbs
@@ -0,0 +1,4 @@
+package_var_secret: {{package_var_secret}}
+package_var_non_secret: {{package_var_non_secret}}
+input_var_secret: {{input_var_secret}}
+input_var_non_secret: {{input_var_non_secret}}
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/agent/stream/stream.yml.hbs b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/agent/stream/stream.yml.hbs
new file mode 100644
index 0000000000000..c8a3b08abd942
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/agent/stream/stream.yml.hbs
@@ -0,0 +1,7 @@
+config.version: "2"
+package_var_secret: {{package_var_secret}}
+package_var_non_secret: {{package_var_non_secret}}
+input_var_secret: {{input_var_secret}}
+input_var_non_secret: {{input_var_non_secret}}
+stream_var_secret: {{stream_var_secret}}
+stream_var_non_secret: {{stream_var_non_secret}}
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/fields/fields.yml b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/fields/fields.yml
new file mode 100644
index 0000000000000..6e003ed0ad147
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/fields/fields.yml
@@ -0,0 +1,16 @@
+- name: data_stream.type
+  type: constant_keyword
+  description: >
+    Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: >
+    Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: >
+    Data stream namespace.
+- name: '@timestamp'
+  type: date
+  description: >
+    Event timestamp.
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/manifest.yml b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/manifest.yml
new file mode 100644
index 0000000000000..ffe3c3ad44fe2
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/data_stream/log/manifest.yml
@@ -0,0 +1,18 @@
+title: Test stream
+type: logs
+streams:
+  - input: test_input
+    title: test input
+    vars:
+      - name: stream_var_secret
+        type: text
+        title: Stream Var Secret
+        multi: false
+        show_user: true
+        secret: true
+      - name: stream_var_non_secret
+        type: text
+        title: Stream Var Non Secret
+        multi: false
+        show_user: true
+        secret: true
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/docs/README.md b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/docs/README.md
new file mode 100644
index 0000000000000..d4265d37b5b63
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/docs/README.md
@@ -0,0 +1,3 @@
+# secrets
+
+This package has secrets
\ No newline at end of file
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/img/logo.svg b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/img/logo.svg
new file mode 100644
index 0000000000000..15b49bcf28aec
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/img/logo.svg
@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64" viewBox="0 0 64 64">
+  <g fill="none" fill-rule="evenodd">
+    <path fill="#F04E98" d="M29,32.0001 L15.935,9.4321 C13.48,5.1941 7,6.9351 7,11.8321 L7,52.1681 C7,57.0651 13.48,58.8061 15.935,54.5671 L29,32.0001 Z"/>
+    <path fill="#FA744E" d="M34.7773,32.0001 L33.3273,34.5051 L20.2613,57.0731 C19.8473,57.7871 19.3533,58.4271 18.8023,59.0001 L34.9273,59.0001 C38.7073,59.0001 42.2213,57.0601 44.2363,53.8611 L58.0003,32.0001 L34.7773,32.0001 Z"/>
+    <path fill="#343741" d="M44.2363,10.1392 C42.2213,6.9402 38.7073,5.0002 34.9273,5.0002 L18.8023,5.0002 C19.3533,5.5732 19.8473,6.2122 20.2613,6.9272 L33.3273,29.4942 L34.7773,32.0002 L58.0003,32.0002 L44.2363,10.1392 Z"/>
+  </g>
+</svg>
\ No newline at end of file
diff --git a/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/manifest.yml b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/manifest.yml
new file mode 100644
index 0000000000000..1f616128e2d0b
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/fixtures/test_packages/secrets/1.1.0/manifest.yml
@@ -0,0 +1,64 @@
+format_version: 1.0.0
+name: secrets
+title: Package with secrets
+description: This integration package has 3 secret and 3 non secret vars.
+version: 1.1.0
+categories: []
+# Options are experimental, beta, ga
+release: beta
+# The package type. The options for now are [integration, solution], more type might be added in the future.
+# The default type is integration and will be set if empty.
+type: integration
+license: basic
+owner:
+  github: elastic/fleet
+
+requirement:
+  elasticsearch:
+    versions: ">7.7.0"
+  kibana:
+    versions: ">7.7.0"
+
+icons:
+  - src: "/img/logo.svg"
+    size: "16x16"
+    type: "image/svg+xml"
+
+vars:
+  - name: package_var_secret
+    type: password
+    title: Package Var Secret
+    multi: false
+    required: true
+    show_user: true
+    secret: true
+  - name: package_var_non_secret
+    type: text
+    title: Package Var Non Secret
+    multi: false
+    required: true
+    show_user: true
+    secret: true
+policy_templates:
+  - name: secrets
+    title: This 
+    description: Test Package for Upgrading Package Policies
+    inputs:
+      - type: test_input
+        title: Test Input
+        description: Test Input
+        enabled: true
+        template_path: input.yml.hbs
+        vars:
+          - name: input_var_secret
+            type: text
+            title: Input Var Secret
+            multi: false
+            show_user: true
+            secret: true
+          - name: input_var_non_secret
+            type: text
+            title: Input Var Non Secret
+            multi: false
+            show_user: true
+            secret: true
diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
index 63878420084a2..3ebbe28d2dd47 100644
--- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
+++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
@@ -106,12 +106,14 @@ export default function (providerContext: FtrProviderContext) {
               enabled: true,
               vars: {
                 input_var_secret: 'input_secret_val',
+                input_var_non_secret: 'input_non_secret_val',
               },
               streams: {
                 'secrets.log': {
                   enabled: true,
                   vars: {
                     stream_var_secret: 'stream_secret_val',
+                    stream_var_non_secret: 'stream_non_secret_val',
                   },
                 },
               },
@@ -119,6 +121,7 @@ export default function (providerContext: FtrProviderContext) {
           },
           vars: {
             package_var_secret: 'package_secret_val',
+            package_var_non_secret: 'package_non_secret_val',
           },
           package: {
             name: 'secrets',
@@ -128,6 +131,12 @@ export default function (providerContext: FtrProviderContext) {
         .expect(200);
     };
 
+    async function createPolicyWSecretVar() {
+      const { body: createResBody } = await createPolicyWithSecrets();
+      const createdPolicy = createResBody.item;
+      return createdPolicy;
+    }
+
     const createFleetServerAgent = async (
       agentPolicyId: string,
       hostname: string,
@@ -338,12 +347,14 @@ export default function (providerContext: FtrProviderContext) {
               enabled: true,
               vars: {
                 input_var_secret: 'input_secret_val',
+                input_var_non_secret: 'input_non_secret_val',
               },
               streams: {
                 'secrets.log': {
                   enabled: true,
                   vars: {
                     stream_var_secret: 'stream_secret_val',
+                    stream_var_non_secret: 'stream_non_secret_val',
                   },
                 },
               },
@@ -351,6 +362,7 @@ export default function (providerContext: FtrProviderContext) {
           },
           vars: {
             package_var_secret: 'package_secret_val',
+            package_var_non_secret: 'package_non_secret_val',
           },
           package: {
             name: 'secrets',
@@ -376,10 +388,13 @@ export default function (providerContext: FtrProviderContext) {
         ])
       ).to.eql(true);
       expectedCompiledStream = {
-        'config.version': 2,
+        'config.version': '2',
         package_var_secret: secretVar(packageVarId),
+        package_var_non_secret: 'package_non_secret_val',
         input_var_secret: secretVar(inputVarId),
+        input_var_non_secret: 'input_non_secret_val',
         stream_var_secret: secretVar(streamVarId),
+        stream_var_non_secret: 'stream_non_secret_val',
       };
       expect(createdPackagePolicy.inputs[0].streams[0].compiled_stream).to.eql(
         expectedCompiledStream
@@ -387,7 +402,9 @@ export default function (providerContext: FtrProviderContext) {
 
       expectedCompiledInput = {
         package_var_secret: secretVar(packageVarId),
+        package_var_non_secret: 'package_non_secret_val',
         input_var_secret: secretVar(inputVarId),
+        input_var_non_secret: 'input_non_secret_val',
       };
 
       expect(createdPackagePolicy.inputs[0].compiled_input).to.eql(expectedCompiledInput);
@@ -468,12 +485,17 @@ export default function (providerContext: FtrProviderContext) {
       expect(updatedPackagePolicy.inputs[0].streams[0].compiled_stream).to.eql({
         'config.version': 2,
         package_var_secret: secretVar(updatedPackageVarId),
+        package_var_non_secret: 'package_non_secret_val',
         input_var_secret: secretVar(inputVarId),
+        input_var_non_secret: 'input_non_secret_val',
         stream_var_secret: secretVar(streamVarId),
+        stream_var_non_secret: 'stream_non_secret_val',
       });
       expect(updatedPackagePolicy.inputs[0].compiled_input).to.eql({
         package_var_secret: secretVar(updatedPackageVarId),
+        package_var_non_secret: 'package_non_secret_val',
         input_var_secret: secretVar(inputVarId),
+        input_var_non_secret: 'input_non_secret_val',
       });
       expect(updatedPackagePolicy.vars.package_var_secret.value.isSecretRef).to.eql(true);
       expect(updatedPackagePolicy.vars.package_var_secret.value.id).eql(updatedPackageVarId);
@@ -594,18 +616,10 @@ export default function (providerContext: FtrProviderContext) {
       expect(createdPolicy.vars.package_var_secret.value).eql('package_secret_val');
     });
 
-    async function createPolicyWSecretVar() {
-      const { body: createResBody } = await createPolicyWithSecrets();
-      const createdPolicy = createResBody.item;
-      return createdPolicy;
-    }
-
     it('should not store secrets if there are no fleet servers', async () => {
       await clearAgents();
 
-      const { body: createResBody } = await createPolicyWithSecrets();
-
-      const createdPolicy = createResBody.item;
+      const createdPolicy = await createPolicyWSecretVar();
 
       // secret should be in plain text i.e not a secret refrerence
       expect(createdPolicy.vars.package_var_secret.value).eql('package_secret_val');
@@ -645,5 +659,76 @@ export default function (providerContext: FtrProviderContext) {
 
       expect(createdPolicy.vars.package_var_secret.value.isSecretRef).eql(true);
     });
+
+    it('should store new secrets after package upgrade', async () => {
+      const createdPolicy = await createPolicyWSecretVar();
+
+      // Install newer version of secrets package
+      await supertest
+        .post('/api/fleet/epm/packages/secrets/1.1.0')
+        .set('kbn-xsrf', 'xxxx')
+        .send({ force: true })
+        .expect(200);
+
+      // Upgrade package policy
+      await supertest
+        .post(`/api/fleet/package_policies/upgrade`)
+        .set('kbn-xsrf', 'xxxx')
+        .send({
+          packagePolicyIds: [createdPolicy.id],
+        })
+        .expect(200);
+
+      // Fetch policy again
+      const res = await supertest.get(`/api/fleet/package_policies/${createdPolicy.id}`);
+      const upgradedPolicy = res.body.item;
+
+      const packageSecretVarId = upgradedPolicy.vars.package_var_secret.value.id;
+      const packageNonSecretVarId = upgradedPolicy.vars.package_var_non_secret.value.id;
+      const inputSecretVarId = upgradedPolicy.inputs[0].vars.input_var_secret.value.id;
+      const inputNonSecretVarId = upgradedPolicy.inputs[0].vars.input_var_non_secret.value.id;
+      const streamSecretVarId = upgradedPolicy.inputs[0].streams[0].vars.stream_var_secret.value.id;
+      const streamNonSecretVarId =
+        upgradedPolicy.inputs[0].streams[0].vars.stream_var_non_secret.value.id;
+
+      expect(
+        arrayIdsEqual(upgradedPolicy.secret_references, [
+          { id: packageSecretVarId },
+          { id: packageNonSecretVarId },
+          { id: inputSecretVarId },
+          { id: inputNonSecretVarId },
+          { id: streamSecretVarId },
+          { id: streamNonSecretVarId },
+        ])
+      ).to.eql(true);
+
+      expect(upgradedPolicy.inputs[0].compiled_input).to.eql({
+        package_var_secret: secretVar(packageSecretVarId),
+        package_var_non_secret: secretVar(packageNonSecretVarId),
+        input_var_secret: secretVar(inputSecretVarId),
+        input_var_non_secret: secretVar(inputNonSecretVarId),
+      });
+
+      expect(upgradedPolicy.inputs[0].streams[0].compiled_stream).to.eql({
+        'config.version': '2',
+        package_var_secret: secretVar(packageSecretVarId),
+        package_var_non_secret: secretVar(packageNonSecretVarId),
+        input_var_secret: secretVar(inputSecretVarId),
+        input_var_non_secret: secretVar(inputNonSecretVarId),
+        stream_var_secret: secretVar(streamSecretVarId),
+        stream_var_non_secret: secretVar(streamNonSecretVarId),
+      });
+
+      expect(upgradedPolicy.vars.package_var_secret.value.isSecretRef).to.eql(true);
+      expect(upgradedPolicy.vars.package_var_non_secret.value.isSecretRef).to.eql(true);
+      expect(upgradedPolicy.inputs[0].vars.input_var_secret.value.isSecretRef).to.eql(true);
+      expect(upgradedPolicy.inputs[0].vars.input_var_non_secret.value.isSecretRef).to.eql(true);
+      expect(upgradedPolicy.inputs[0].streams[0].vars.stream_var_secret.value.isSecretRef).to.eql(
+        true
+      );
+      expect(
+        upgradedPolicy.inputs[0].streams[0].vars.stream_var_non_secret.value.isSecretRef
+      ).to.eql(true);
+    });
   });
 }