diff --git a/app/models/plugin_setting.rb b/app/models/plugin_setting.rb
index 9d3a6e892a3..4c5e9b01aa7 100644
--- a/app/models/plugin_setting.rb
+++ b/app/models/plugin_setting.rb
@@ -46,6 +46,7 @@ class PluginSetting < ActiveRecord::Base
   def validate_posted_settings
     if @posted_settings
       plugin = Canvas::Plugin.find(name.to_s)
+      @posted_settings.transform_values(&:strip!)
       result = plugin.validate_settings(self, @posted_settings)
       throw :abort if result == false
     end
diff --git a/spec/controllers/plugins_controller_spec.rb b/spec/controllers/plugins_controller_spec.rb
index 77db55fd0c6..897809f4661 100644
--- a/spec/controllers/plugins_controller_spec.rb
+++ b/spec/controllers/plugins_controller_spec.rb
@@ -32,6 +32,21 @@ describe PluginsController do
       expect(ps).to be_enabled
     end
 
+    it 'it trims posted params' do
+      ps = PluginSetting.new(name: 'big_blue_button')
+      ps.settings = { }.with_indifferent_access
+      ps.disabled = false
+      ps.save!
+
+      allow(controller).to receive(:require_setting_site_admin).and_return(true)
+      # The 'all' parameter is necessary for this test to pass when the
+      # multiple root acoounts plugin is installed
+      put 'update', params: {id: 'big_blue_button', settings: { domain: ' abc ', secret: 'secret', recording_enabled: '0' }, all: 1}
+      expect(response).to be_redirect
+      ps.reload
+      expect(ps.settings[:domain]).to eq 'abc'
+    end
+
     context "account_reports" do
       it 'can disable reports' do
         ps = PluginSetting.new(name: 'account_reports')