For auditing or migration tool purposes (moving the backing secret store to Vault for example), it would be helpful to allow retrieving a list of the key names and values that have {cipher} properties.
Right now they are transparently replaced with the values which is great for runtime use but it's indistinguishable from normal properties.
The alternative of parsing all the source configuration files to search for the word {cipher}, reconstructing dotted paths from YAML, and keeping track of actually referenced values, hierarchy, and overrides is non-trivial.
I'm open to alternate methods to accomplish this as well.
Straw man proposal
Property source example
spring:
datasource:
username: dbuser
password: '{cipher}FKSAJDFGYOS8F7GLHAKERGFHLSAJ'
API endpoint
/decrypt/list
Output
spring.datasource.password=<actualpassword>
Comment From: spencergibb
Let's see if there is other interest. You can always implement this on your own