Clarify in docs if a snapshot is sensitive data

[ahupp]

It's unclear from the docs; can a snapshot be turned back into a usable biscuit? I'm wondering about the contexts it would be safe to log it, and whether I need to attenuate with check if false; or something before doing so?

[divarvel]

Snapshots don’t contain sensitive cryptographic material, as they are built after signature verification. The only cryptographic material they contain is public keys from trusting annotations.

As such you cannot turn an authorizer into a usable biscuit without the signing private key.

As for logging, you still need to care about PII that might be contained in the biscuit or the authorizer, but that’s a separate concern.

[divarvel]

Stating this clearly in documentation would be a good idea indeed.