diff --git a/src/api.rs b/src/api.rs
index 960e96d..4141780 100644
--- a/src/api.rs
+++ b/src/api.rs
@@ -10,7 +10,7 @@ use crate::certs::{load_cert_by_id, read_certs, read_pubkey, store_cert};
 use crate::env_key;
 use anyhow::Context;
 use axum::body;
-use axum::extract::{Path, Query, State};
+use axum::extract::{Query, State};
 
 use axum::{http::StatusCode, response::IntoResponse, Json, Router};
 use axum_extra::routing::{
@@ -27,7 +27,7 @@ use ssh_key::{certificate, Certificate, PrivateKey, PublicKey};
 use tokio::sync::Mutex;
 use tower::ServiceBuilder;
 use tower_http::{trace::TraceLayer, ServiceBuilderExt};
-use tracing::{debug, trace};
+use tracing::{debug, info, trace};
 
 use self::extract::{CertificateBody, SignatureBody};
 
@@ -248,16 +248,38 @@ pub struct GetCertInfo {
     pub identifier: String,
 }
 
+#[cfg(feature = "info")]
+#[derive(Debug, Serialize)]
+struct CertInfo {
+    principals: Vec<String>,
+    ca: PublicKey,
+    identity: PublicKey,
+    key_id: String,
+    expiry: SystemTime,
+}
+
+impl From<&Certificate> for CertInfo {
+    fn from(cert: &Certificate) -> Self {
+        CertInfo {
+            principals: cert.valid_principals().to_vec(),
+            ca: cert.signature_key().clone().into(),
+            identity: cert.public_key().clone().into(),
+            key_id: cert.key_id().to_string(),
+            expiry: cert.valid_before_time(),
+        }
+    }
+}
+
 #[cfg(feature = "info")]
 async fn get_cert_info(
     GetCertInfo { identifier }: GetCertInfo,
     State(ApiState { certs, .. }): State<ApiState>,
-) -> ApiResult<Json<Certificate>> {
+) -> ApiResult<Json<CertInfo>> {
     let certs = certs.lock().await;
     let cert = certs
         .get(&identifier)
         .ok_or(ApiError::CertificateNotFound)?;
-    Ok(Json(cert.clone()))
+    Ok(Json(cert.into()))
 }
 
 #[cfg(not(feature = "info"))]
@@ -357,6 +379,9 @@ async fn put_cert_update(
         }
     }
     store_cert(&cert_dir, &ca, &cert).await?;
+    let principals = cert.valid_principals();
+    let identity = cert.key_id();
+    info!(%identity, ?principals, "updating certificate");
     certs.lock().await.insert(cert.key_id().to_string(), cert);
     Ok(format!("{} -> {}", prev_serial, serial))
 }
@@ -365,7 +390,7 @@ async fn put_cert_update(
 mod tests {
     use std::env::temp_dir;
 
-    use ssh_key::SshSig;
+    
 
     use super::*;