We can use Spring Boot Actuator to add endpoints to our application that can expose information about our application. For example we can request the /env
endpoint to see which Spring environment properties are available. Or use /configprops
to see the values of properties defined using @ConfigurationProperties
. Sensitive information like passwords and keys are replaced with ******
. Spring Boot Actuator has a list of properties that have sensitive information and therefore should be replaced with ******
. The default list of keys that have their value hidden is defined as password,secret,key,token,.*credentials.*,vcap_services
. A value is either what the property name ends with or a regular expression. We can define our own list of property names from which the values should be hidden or sanitized and replaced with ******
. We define the key we want to be hidden using the application properties endpoints.env.keys-to-sanatize
and endpoints.configprops.keys-to-sanatize
.
In the following example Spring application YAML configuration we define new values for keys we want to be sanitized. Properties in our Spring environment that end with username
or password
should be sanatized. For properties set via @ConfigurationProperties
we want to hide values for keys that end with port
and key
:
# File: src/main/resources/application.yml endpoints: env: # Hide properties that end with password and username: keys-to-sanitize: password,username configprops: # Also hide port and key values from the output: keys-to-sanitize: port,key --- # Extra properties will be exposed # via /env endpoint. sample: username: test password: test
When we request the /env
we see in the output that values of properties that end with username
and password
are hidden:
... "applicationConfig: [classpath:/application.yml]": { ... "sample.password": "******", "sample.username": "******" }, ...
When we request the /configprops
we see in the output that for example key
and port
properties are sanitized:
... "spring.metrics.export-org.springframework.boot.actuate.metrics.export.MetricExportProperties": { "prefix": "spring.metrics.export", "properties": { ... "redis": { "key": "******", "prefix": "spring.metrics.application.f2325e314fc8223e6bb8ee6ddebbbd79" }, "statsd": { "host": null, "port": "******", "prefix": null } } }, ...
Written with Spring Boot 1.5.2.RELEASE.