root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Merge branch '2.5.x' into 2.6.x 

Closes gh-29959
This commit is contained in:
Madhura Bhave 2022-02-22 15:49:18 -08:00
parent 3614c8d1f8 a70fa80571
commit 880db30c67
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/actuator.adoc
View File

@ -38,7 +38,7 @@ See also the section on "`<<web#web.servlet.spring-mvc.error-handling, Error Han
=== Sanitize Sensitive Values
Information returned by the `env` and `configprops` endpoints can be somewhat sensitive so keys matching certain patterns are sanitized by default (that is their values are replaced by `+******+`).
Spring Boot uses sensible defaults for such keys: any key ending with the word "password", "secret", "key", "token", "vcap_services", "sun.java.command" is entirely sanitized.
Additionally, any key that holds the word `credentials` (configured as a regular expression, that is `+*credentials.*+`) as part of the key is also entirely sanitized.
Additionally, any key that holds the word `credentials` (configured as a regular expression, that is `+.*credentials.*+`) as part of the key is also entirely sanitized.
Furthermore, Spring Boot sanitizes the sensitive portion of URI-like values for keys with one of the following endings: