Add note on sanitizing values

Closes gh-13138
pull/13429/head
Stephane Nicoll 7 years ago
parent 3118f14dbb
commit 5692b83a6f

@ -2403,6 +2403,22 @@ how to register handlers in the servlet container.
[[howto-sanitize-sensible-values]]
=== Sanitize sensible values
Information returned by the `env` and `configprops` endpoints can be somewhat sensitive
so keys matching a certain pattern are sanitized by default (i.e. their values are
replaced by `******`).
Spring Boot uses sensible defaults for such keys: for instance, any key ending with the
word "password", "secret", "key" or "token" is sanitized. It is also possible to use a
regular expression instead, such as `*credentials.*` to sanitize any key that holds the
word `credentials` as part of the key.
The patterns to use can be customized using the `endpoints.env.keys-to-sanitize` and
`endpoints.configprops.keys-to-sanitize` respectively.
[[howto-use-actuator-with-jersey]] [[howto-use-actuator-with-jersey]]
=== Actuator and Jersey === Actuator and Jersey
Actuator HTTP endpoints are only available for Spring MVC-based applications. If you want Actuator HTTP endpoints are only available for Spring MVC-based applications. If you want

Loading…
Cancel
Save