diff --git a/CHANGELOG.md b/CHANGELOG.md
index e7d9477..17e8974 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+2.0.1
+* Remove logging of sensitive data
+* Update Private Key to required for certificates in this store in docs and store definition
+
 2.0.0
 * Consolidate all AWS auth types under one Store Type: `AWS-ACM`
 * Continues to provide backwards support for previous Store Types `AwsCerManO` and `AwsCerManA`
diff --git a/README.md b/README.md
index ed16110..3495285 100644
--- a/README.md
+++ b/README.md
@@ -163,7 +163,7 @@ CONFIG ELEMENT | VALUE | DESCRIPTION
 Store Path Type	| Freeform | Determines what restrictions are applied to the store path field when configuring a new store.
 Store Path Value | N/A | This is reserved for the AWS Account Id when setting up the store.
 Supports Custom Alias | Optional | Determines if an individual entry within a store can have a custom Alias.
-Private Keys | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store.
+Private Keys | Required | This determines if Keyfactor can send the private key associated with a certificate to the store.
 PFX Password Style | Default or Custom | "Default" - PFX password is randomly generated, "Custom" - PFX password may be specified when the enrollment job is created (Requires the *Allow Custom Password* application setting to be enabled.)
 
 **Custom Fields:**
diff --git a/aws-orchestrator-core/Jobs/Management.cs b/aws-orchestrator-core/Jobs/Management.cs
index 25438b2..d29ba07 100644
--- a/aws-orchestrator-core/Jobs/Management.cs
+++ b/aws-orchestrator-core/Jobs/Management.cs
@@ -100,7 +100,7 @@ internal JobResult PerformAddition(Credentials awsCredentials, ManagementJobConf
                         if (!string.IsNullOrWhiteSpace(config.JobCertificate.Alias))
                         {
                             // Alias is specified, this is a replace / renewal
-                            Logger.LogTrace($"Alias specified, validating existing cert can be renewed / replaced: {config.JobCertificate.Alias}");
+                            Logger.LogDebug($"Alias specified, validating existing cert can be renewed / replaced: {config.JobCertificate.Alias}");
                             // ARN Provided, Verify It is Not A PCA/Amazon Issued Cert
                             DescribeCertificateResponse DescribeCertificateResponse = AsyncHelpers.RunSync(() => AcmClient.DescribeCertificateAsync(config.JobCertificate.Alias));
                             Logger.LogTrace($"DescribeCertificateResponse JSON: {JsonConvert.SerializeObject(DescribeCertificateResponse)}");
@@ -152,7 +152,7 @@ internal JobResult PerformAddition(Credentials awsCredentials, ManagementJobConf
                                 pemWriter.WriteObject(keyPair.Private);
                                 streamWriter.Flush();
                                 privateKeyString = Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim().Replace("\r", "").Replace("\0", "");
-                                Logger.LogTrace($"Got Private Key String {privateKeyString}");
+                                Logger.LogTrace("Loaded private key.");
                                 memoryStream.Close();
                                 streamWriter.Close();
                             }
diff --git a/integration-manifest.json b/integration-manifest.json
index ab55b89..11db8b7 100644
--- a/integration-manifest.json
+++ b/integration-manifest.json
@@ -144,7 +144,7 @@
             "StoreRequired": false,
             "Style": "Default"
           },
-          "PrivateKeyAllowed": "Optional",
+          "PrivateKeyAllowed": "Required",
           "ServerRequired": true,
           "PowerShell": false,
           "BlueprintAllowed": true,
diff --git a/readme_source.md b/readme_source.md
index 8a13f8c..9b4f067 100644
--- a/readme_source.md
+++ b/readme_source.md
@@ -64,7 +64,7 @@ CONFIG ELEMENT | VALUE | DESCRIPTION
 Store Path Type	| Freeform | Determines what restrictions are applied to the store path field when configuring a new store.
 Store Path Value | N/A | This is reserved for the AWS Account Id when setting up the store.
 Supports Custom Alias | Optional | Determines if an individual entry within a store can have a custom Alias.
-Private Keys | Optional | This determines if Keyfactor can send the private key associated with a certificate to the store.
+Private Keys | Required | This determines if Keyfactor can send the private key associated with a certificate to the store.
 PFX Password Style | Default or Custom | "Default" - PFX password is randomly generated, "Custom" - PFX password may be specified when the enrollment job is created (Requires the *Allow Custom Password* application setting to be enabled.)
 
 **Custom Fields:**