diff --git a/roles/kubernetes/control-plane/templates/apiserver-audit-policy.yaml.j2 b/roles/kubernetes/control-plane/templates/apiserver-audit-policy.yaml.j2
index 41fc07c4879db16b6ba83a3ed885e12d20359026..ca7bcf80616887219ac677960f979b6e37b55225 100644
--- a/roles/kubernetes/control-plane/templates/apiserver-audit-policy.yaml.j2
+++ b/roles/kubernetes/control-plane/templates/apiserver-audit-policy.yaml.j2
@@ -67,12 +67,12 @@ rules:
     resources:
       - group: "" # core
         resources: ["events"]
-  # Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
+  # Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,
   # so only log at the Metadata level.
   - level: Metadata
     resources:
       - group: "" # core
-        resources: ["secrets", "configmaps"]
+        resources: ["secrets", "configmaps", "serviceaccounts/token"]
       - group: authentication.k8s.io
         resources: ["tokenreviews"]
     omitStages: