diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index 214a937e75..7639a0a1c7 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -27,6 +27,7 @@
 use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
 use OCA\Richdocuments\AppConfig;
 use OCA\Richdocuments\Capabilities;
+use OCA\Richdocuments\Db\WopiMapper;
 use OCA\Richdocuments\Listener\BeforeFetchPreviewListener;
 use OCA\Richdocuments\Listener\CSPListener;
 use OCA\Richdocuments\Listener\FileCreatedFromTemplateListener;
@@ -78,6 +79,10 @@ public function register(IRegistrationContext $context): void {
 		$context->registerEventListener(BeforePreviewFetchedEvent::class, BeforeFetchPreviewListener::class);
 		$context->registerEventListener(RenderReferenceEvent::class, ReferenceListener::class);
 		$context->registerReferenceProvider(OfficeTargetReferenceProvider::class);
+		$context->registerSensitiveMethods(WopiMapper::class, [
+			'getPathForToken',
+			'getWopiForToken',
+		]);
 	}
 
 	public function boot(IBootContext $context): void {
diff --git a/lib/Db/WopiMapper.php b/lib/Db/WopiMapper.php
index 1a5638e495..581a355588 100644
--- a/lib/Db/WopiMapper.php
+++ b/lib/Db/WopiMapper.php
@@ -122,7 +122,10 @@ public function generateInitiatorToken($uid, $remoteServer) {
 	 * @throws ExpiredTokenException
 	 * @throws UnknownTokenException
 	 */
-	public function getPathForToken($token) {
+	public function getPathForToken(
+		#[\SensitiveParameter]
+		$token
+	): Wopi {
 		return $this->getWopiForToken($token);
 	}
 
@@ -136,7 +139,10 @@ public function getPathForToken($token) {
 	 * @throws UnknownTokenException
 	 * @throws ExpiredTokenException
 	 */
-	public function getWopiForToken($token) {
+	public function getWopiForToken(
+		#[\SensitiveParameter]
+		string $token
+	): Wopi {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
 			->from('richdocuments_wopi')
diff --git a/tests/stub.phpstub b/tests/stub.phpstub
index 5dad761d00..3335120e2f 100644
--- a/tests/stub.phpstub
+++ b/tests/stub.phpstub
@@ -89,3 +89,7 @@ namespace Symfony\Component\HttpFoundation {
 		public static function checkIp(?string $requestIp, $ips) {}
 	}
 }
+
+#[\Attribute(Attribute::TARGET_PARAMETER)]
+class SensitiveParameter {
+}