I am unable to sanitize a password in the request body.

--2a688459-C-- {"username":"someuser","password":"somepassword"}

What i've tried:
SecAction "phase:2,id:131,nolog,pass,sanitiseArg:password"
SecAction "phase:5,id:131,nolog,pass,sanitiseArg:password"
SecRule ARGS_NAMES password nolog,pass,id:132,sanitiseMatched

Any suggestions?