For auditing or migration tool purposes (moving the backing secret store to Vault for example), it would be helpful to allow retrieving a list of the key names and values that have {cipher} properties.

Right now they are transparently replaced with the values which is great for runtime use but it's indistinguishable from normal properties.

The alternative of parsing all the source configuration files to search for the word {cipher}, reconstructing dotted paths from YAML, and keeping track of actually referenced values, hierarchy, and overrides is non-trivial.

I'm open to alternate methods to accomplish this as well.

Straw man proposal

Property source example

spring:
  datasource:
    username: dbuser
    password: '{cipher}FKSAJDFGYOS8F7GLHAKERGFHLSAJ'

API endpoint

/decrypt/list

Output

spring.datasource.password=<actualpassword>

Comment From: spencergibb

Let's see if there is other interest. You can always implement this on your own