Enhancement request: Exposing only specific property sources in actuator end points. Baseline: Currently using spring-cloud-dependencies, version: Hoxton.SR3 and Greenwich.SR1 on another.

Details: I see that /actuator/env when called displays all the environment properties. Is it possible to only return specific type of environment properties.

In our use case, we only want the /env to return the applicationConfig: [classpath:/application.properties] (which is basically the key values in the app.properties) and not the other variables.

This could be extended to restriction on POST call for allowing updating of only specific properties to enable complete encapsulation

Comment From: wilkinsona

The POST support is part of Spring Cloud so it would have to be addressed there.

@anudeep-mj Why do you only want to show what's in application.properties found on the classpath?

Comment From: anudeep-mj

@wilkinsona

I guess without going too much into the app details, the microservice being built as per the business requirement is a single service which is a security related service which will be used by multiple teams across the Org. This MS after deployment might be tuned as per need by different teams on prod.

So basis on this, when we expose the /env endpoint, as per the review with our security team, it came as a potential hotspot since it was revealing all the system information data which was not allowed without proper clearance. My goal is basically to be able to only restrict changing of specific set of parameters in the App.properties but I felt for now atleast exposing "only" the app.properties is a good start.

Comment From: philwebb

We've discussed this today on our call and we'd prefer not to limit the items returned by /actuator/env. We feel like it will be confusing if this endpoint returns an incomplete view.

We already provide the Sanitizer class which hides sensitive properties.

The feature request does make more sense with POST operations, I can see that it would be quite useful to restrict the values that can be updated. Since this is a Spring Cloud feature, you'd need to open an issue here to discuss things with that team.