Skip to content

Is logging the token identifier (slot, serial, or label) considered a security concern? #25

New issue
New issue
Open
Open
Is logging the token identifier (slot, serial, or label) considered a security concern?#25
Labels
apiRelated to the API application service which is at `/cmds/api`.questionFurther information is requested
@agcom

Description

@agcom
agcom
opened on Aug 23, 2025

The current implementation logs the identifier used to identify the token in the HSM (an slot number, serial number, or a label); if those identifiers are meant to be secret, then avoid logging them; are they considered secrets?

Metadata

Metadata

Assignees

No one assigned

    Labels

    apiRelated to the API application service which is at `/cmds/api`.questionFurther information is requested

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions