Skip to content

Commit 7a11499

Browse files
committed
Merge pull request #20169 from juzerali
* pr/20169: Polish "Document sanitized keys and uri sanitization behavior" Document sanitized keys and uri sanitization behavior Closes gh-20169
2 parents fc410f0 + 40d1727 commit 7a11499

File tree

1 file changed

+5
-3
lines changed
  • spring-boot-project/spring-boot-docs/src/main/asciidoc

1 file changed

+5
-3
lines changed

spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2211,11 +2211,13 @@ See also the section on "`<<spring-boot-features.adoc#boot-features-error-handli
22112211
=== Sanitize sensible values
22122212
Information returned by the `env` and `configprops` endpoints can be somewhat sensitive so keys matching a certain pattern are sanitized by default (i.e. their values are replaced by `+******+`).
22132213

2214-
Spring Boot uses sensible defaults for such keys: for instance, any key ending with the word "password", "secret", "key" or "token" is sanitized.
2215-
It is also possible to use a regular expression instead, such as `+*credentials.*+` to sanitize any key that holds the word `credentials` as part of the key.
2216-
22172214
The patterns to use can be customized using the `management.endpoint.env.keys-to-sanitize` and `management.endpoint.configprops.keys-to-sanitize` respectively.
22182215

2216+
Spring Boot uses sensible defaults for such keys: any key ending with the word "password", "secret", "key", "token", "vcap_services", "sun.java.command", "uri", "uris", "address" or "addresses" is sanitized.
2217+
Additionally, any key that holds the word `credentials` as part of the key is sanitized (configured as a regular expression, i.e. `+*credentials.*+`).
2218+
2219+
If any of the keys to sanitize are URI format (i.e. `<scheme>://<username>:<password>@<host>:<port>/`), only the password part is sanitized.
2220+
22192221

22202222

22212223
[[howto-security]]

0 commit comments

Comments
 (0)