After adopting the Spring Boot Admin (SBA) some colleagues astutely observed that we were "leaking" some secrets as SBA provides convenient access to the configprops and env actuator endpoints. Fortunately we can change the keys which values would get sanitized with the following two properties: management.endpoint.configprops.keys-to-sanitize and management.endpoint.env.keys-to-sanitize. However, setting these overwrites all defaults which we would like to keep (since they make a lot of sense). Our current solution is to copy all defaults and then add our own (we do this in a central place that is applied to all our applications). Consequently, we now need to make ensure that this list is kept up-to-date while also limiting configurability of our internal downstream applications. Ideally, we could keep the default configuration but add to it.

So if possible I would like to suggest a additional-keys-to-sanitize property to be introduced which would allow one to set additional keys to sanitize while keeping the defaults.

Additionally, it would be great if the Sanitizer could also apply the same special handling to url keys that it does for the keys of Sanitizer#URI_USERINFO_KEYS, as these also can contain sensitive credentials, such that we do not have to filter the entire value.

We observed this behavior on Spring Boot 2.3.8, but looking at the code of 2.4.x this behavior is still there.

Comment From: wilkinsona

@nathankooij Out of interest, what are the keys that you've added? Separate to allowing additional keys to be specified, it might be worth us changing the defaults too if they sound common.

Comment From: nathankooij

@nathankooij Out of interest, what are the keys that you've added? Separate to allowing additional keys to be specified, it might be worth us changing the defaults too if they sound common.

@wilkinsona we added url, urls, since we have some URLs with basic auth credentials inside, but the current sanitization is only applied to uri(s). We also added private.* since e.g. we had a property called privateKeyId. I don't know if that last one would hold universally, but works for our use case.

Comment From: wilkinsona

Thanks. I think it makes sense to sanitise url and urls by default. I've opened https://github.com/spring-projects/spring-boot/issues/25387. I'm not so sure about private though and my feeling at the moment is that we should leave that one.