SpringBoot Programatically Declare "keys-to-sanitize"

Problem I am looking to solve:

I am building a library that exposes configuration properties and some of these configuration properties would be seen as sensitive. So we'd want these properties to be masked on the /configprops endpoint. I would prefer for the library to be the source that declares these properties as sensitive and not push that responsibility down to each spring boot application using this library.

Current Solution

Each application using this library needs to be aware that they need to update the management.endpoint.configprops.keys-to-sanitize property to ensure sensitive information is not leaked. This results in this responsibility being managed in many places, instead of one.

Proposed Solution(s)

Below are a couple suggestions but more than welcome to suggestions.

1 .Introduce a mechanism to define additional keys-to-santize programmatically.

2 .Introduce a way to tag a field within a @ConfigurationProperties class as "should be santized"

@ConfigurationProperties(prefix = "my.sensitive")
public class SensitiveProperties {

    @Sanitize
    private String valueToSanitise;
}

More than happy to find out this functionality already exists in Spring Boot and I've just missed it.

Comment From: wilkinsona

Have you seen the support that we added for this in 2.5?

Comment From: michaelmcfadyensky

Correct me if I'm wrong but that feature still requires yml/properties to be set. I'm not sure how that could be used by a custom "starter" library to define additional keys to sanitize.

Comment From: wilkinsona

You can call keysToSanitize(String...) on the endpoint to add additional keys.

Comment From: wilkinsona

Judging by the :+1:, I think we're good here. Closing as a duplicate of #25384.

Comment From: michaelmcfadyensky

sorry, for the delay. I was just testing a few things and you're right, we're good here. Thanks for your help.