Merge branch '2.0.x'

2018-05-30 15:28:15 +02:00 · 2018-05-30 15:28:15 +02:00 · bb69339a82
parent bd9299dbf9 b47a72731f
commit bb69339a82
1 changed files with 16 additions and 0 deletions
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
@ -2358,6 +2358,22 @@ of how to register handlers in the servlet container.



+[[howto-sanitize-sensible-values]]
+=== Sanitize sensible values
+Information returned by the `env` and `configprops` endpoints can be somewhat sensitive
+so keys matching a certain pattern are sanitized by default (i.e. their values are
+replaced by `******`).
+
+Spring Boot uses sensible defaults for such keys: for instance, any key ending with the
+word "password", "secret", "key" or "token" is sanitized. It is also possible to use a
+regular expression instead, such as `*credentials.*` to sanitize any key that holds the
+word `credentials` as part of the key.
+
+The patterns to use can be customized using the `management.endpoint.env.keys-to-sanitize`
+and `management.endpoint.configprops.keys-to-sanitize` respectively.
+
+
+
 [[howto-security]]
 == Security