diff --git a/.github/workflows/test-and-deploy.yml b/.github/workflows/test-and-deploy.yml
index cd48290..4eba1f8 100644
--- a/.github/workflows/test-and-deploy.yml
+++ b/.github/workflows/test-and-deploy.yml
@@ -2,6 +2,9 @@ name: Test and Deploy
 
 on:
   push:
+    branches: ["**"]
+    paths-ignore:
+    - 'terraform/**'
 
 env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/Makefile b/Makefile
index 6b25ae1..afc2b9e 100644
--- a/Makefile
+++ b/Makefile
@@ -2,7 +2,7 @@ dev-server:
 	node development/server
 
 dynamodb:
-	docker-compose up -d dynamodb
+	docker compose up -d dynamodb
 
 dynamodb-tables: dynamodb
 	./development/create-tables.sh
@@ -11,10 +11,10 @@ list-dev-api-keys:
 	./development/list-api-keys.sh
 
 do-full-recovery:
-	docker-compose run --rm do-full-recovery
+	docker compose run --rm do-full-recovery
 
 test:
-	docker-compose run --rm dev bash -c "npm ci && npm test"
+	docker compose run --rm dev bash -c "npm ci && npm test"
 
 update:
-	docker-compose run --rm dev bash -c "npm update"
+	docker compose run --rm dev bash -c "npm update"
diff --git a/README.md b/README.md
index 636ff53..9570762 100644
--- a/README.md
+++ b/README.md
@@ -300,7 +300,7 @@ To run this locally (such as for development)...
 To start a local container for development of Serverless configuration:
 
 ```
-docker-compose run --rm dev bash
+docker compose run --rm dev bash
 ```
 
 ## Credential Rotation
diff --git a/docker-compose.yml b/docker-compose.yml
index 24106ef..5a878dc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: "3"
-
 services:
   do-full-recovery:
     build: recovery
diff --git a/models/api-key.js b/models/api-key.js
index d544bab..8d3e3a7 100644
--- a/models/api-key.js
+++ b/models/api-key.js
@@ -182,6 +182,8 @@ const isValidApiSecret = (apiKeyRecord, apiSecret = '') => {
   const isValid = password.compare(apiSecret, apiKeyRecord.hashedApiSecret);
   if (isValid !== true) {
     console.log('The given API Secret is NOT valid for the given API Key record.');
+    const redactedApiSecret = apiSecret.substring(0, 3) + '...[snip]...' + apiSecret.substring(apiSecret.length - 3);
+    console.log(redactedApiSecret);
     return false;
   }
   
diff --git a/serverless.yml b/serverless.yml
index 27ecb17..546dc7f 100644
--- a/serverless.yml
+++ b/serverless.yml
@@ -175,50 +175,50 @@ resources:
     ApiKeyActivateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     ApiKeyCreateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     TotpCreateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     TotpDeleteLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     TotpValidateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fCreateAuthenticationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fCreateRegistrationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fDeleteLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fValidateAuthenticationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
     U2fValidateRegistrationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
-        RetentionInDays: "30"
+        RetentionInDays: "60"
         Tags: ${self:custom.resourceTags}
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 7d54a1b..d9f7c65 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -5,6 +5,7 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
   version     = "3.35.0"
   constraints = ">= 2.0.0, < 4.0.0"
   hashes = [
+    "h1:SFvdgX5bTGhOTMhywgjSOWlkET2el7STxdUSzxjz2pc=",
     "h1:pn9uUSAuIE8XgqJuZ9fOs98bRN9qw4o0JHFgmwtbMyI=",
     "zh:13aabc00fee823422831bcc870227650cc765fc4c9622074d24d6d62a4ac0e37",
     "zh:1544405f0ea6b388dad7eb25c434427b2682417396da9186e1b33551e6b4adff",
diff --git a/terraform/main.tf b/terraform/main.tf
index f9d6a7e..3daeb67 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -10,10 +10,9 @@ locals {
 module "serverless_user" {
   count   = var.app_environment == "staging" ? 1 : 0
   source  = "silinternational/serverless-user/aws"
-  version = "0.3.2"
+  version = "0.4.2"
 
   app_name           = var.app_name
-  aws_region         = var.aws_region
   aws_region_policy  = "*"
   enable_api_gateway = true