Merge branch '3.1.x'

Closes gh-38080

spring-boot-project/spring-boot-actuator-autoconfigure/src/docs/asciidoc/endpoints/env.adoc

@@ -14,6 +14,7 @@ The resulting response is similar to the following:
 
 include::{snippets}/env/all/http-response.adoc[]
 
+NOTE: Sanitization of sensitive values has been switched off for this example.
 
 
 [[env.entire.response-structure]]
@@ -37,7 +38,7 @@ The resulting response is similar to the following:
 
 include::{snippets}/env/single/http-response.adoc[]
 
-
+NOTE: Sanitization of sensitive values has been switched off for this example.
 
 [[env.single-property.response-structure]]
 === Response Structure

spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc

@@ -33,9 +33,11 @@ The following technology-agnostic endpoints are available:
 
 | `configprops`
 | Displays a collated list of all `@ConfigurationProperties`.
+Subject to <<actuator#actuator.endpoints.sanitization, sanitization>>.
 
 | `env`
 | Exposes properties from Spring's `ConfigurableEnvironment`.
+Subject to <<actuator#actuator.endpoints.sanitization, sanitization>>.
 
 | `flyway`
 | Shows any Flyway database migrations that have been applied.
@@ -70,6 +72,7 @@ The following technology-agnostic endpoints are available:
 
 |`quartz`
 |Shows information about Quartz Scheduler jobs.
+Subject to <<actuator#actuator.endpoints.sanitization, sanitization>>.
 
 | `scheduledtasks`
 | Displays the scheduled tasks in your application.
@@ -277,6 +280,36 @@ NOTE: The `management.endpoint.<name>` prefix uniquely identifies the endpoint t
 
 
 
+[[actuator.endpoints.sanitization]]
+=== Sanitize Sensitive Values
+Information returned by the `/env`, `/configprops` and `/quartz` endpoints can be somewhat sensitive.
+All values are sanitized by default (that is replaced by `+******+`).
+Viewing original values in the unsanitized form can be configured per endpoint using the `showValues` property for that endpoint.
+This property can be configured to have the following values:
+
+- `ALWAYS` - all values are shown in their unsanitized form to all users
+- `NEVER`  - all values are always sanitized (that is replaced by `+******+`)
+- `WHEN_AUTHORIZED` - all values are shown in their unsanitized form to authorized users
+
+For HTTP endpoints, a user is considered to be authorized if they have authenticated and have the roles configured by the endpoint's roles property.
+By default, any authenticated user is authorized.
+For JMX endpoints, all users are always authorized.
+
+[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
+----
+	management:
+	  endpoint:
+	    env:
+	      show-values: WHEN_AUTHORIZED
+	      roles: "admin"
+----
+
+The configuration above enables the ability for all users with the `admin` role to view all values in their original form from the `/env` endpoint.
+
+NOTE: When `show-values` is set to `ALWAYS` or `WHEN_AUTHORIZED` any sanitization applied by a `<<howto#howto.actuator.customizing-sanitization, SanitizingFunction>>` will still be applied.
+
+
+
 [[actuator.endpoints.hypermedia]]
 === Hypermedia for Actuator Web Endpoints
 A "`discovery page`" is added with links to all the endpoints.

spring-boot-project/spring-boot-docs/src/docs/asciidoc/anchor-rewrite.properties

@@ -1022,3 +1022,7 @@ container-images.efficient-images.unpacking=deployment.efficient.unpacking
 
 # Spring Boot 3.1 - 3.2 migrations
 io.rest-client.resttemplate.http-client=io.rest-client.clienthttprequestfactory
+
+# gh-35917
+howto.actuator.sanitize-sensitive-values=actuator.endpoints.sanitization
+howto.actuator.sanitize-sensitive-values.customizing-sanitization=howto.actuator.customizing-sanitization

spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/actuator.adoc

@@ -34,38 +34,8 @@ See also the section on "`<<web#web.servlet.spring-mvc.error-handling, Error Han
 
 
 
-[[howto.actuator.sanitize-sensitive-values]]
-=== Sanitize Sensitive Values
-Information returned by the `/env`, `/configprops` and `/quartz` endpoints can be somewhat sensitive.
-All values are sanitized by default (that is replaced by `+******+`).
-Viewing original values in the unsanitized form can be configured per endpoint using the `showValues` property for that endpoint.
-This property can be configured to have the following values:
-
-- `ALWAYS` - all values are shown in their unsanitized form to all users
-- `NEVER`  - all values are always sanitized (that is replaced by `+******+`)
-- `WHEN_AUTHORIZED` - all values are shown in their unsanitized form to authorized users
-
-For HTTP endpoints, a user is considered to be authorized if they have authenticated and have the roles configured by the endpoint's roles property.
-By default, any authenticated user is authorized.
-For JMX endpoints, all users are always authorized.
-
-[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
-----
-	management:
-	  endpoint:
-	    env:
-	      show-values: WHEN_AUTHORIZED
-	      roles: "admin"
-----
-
-The configuration above enables the ability for all users with the `admin` role to view all values in their original form from the `/env` endpoint.
-
-NOTE: When `show-values` is set to `ALWAYS` or `WHEN_AUTHORIZED` any sanitization applied by a `<<howto#howto.actuator.sanitize-sensitive-values.customizing-sanitization, SanitizingFunction>>` will still be applied.
-
-
-
-[[howto.actuator.sanitize-sensitive-values.customizing-sanitization]]
-==== Customizing Sanitization
+[[howto.actuator.customizing-sanitization]]
+=== Customizing Sanitization
 To take control over the sanitization, define a `SanitizingFunction` bean.
 The `SanitizableData` with which the function is called provides access to the key and value as well as the `PropertySource` from which they came.
 This allows you to, for example, sanitize every value that comes from a particular property source.