Sensitive environment properties are not sanitized in SB3
There is no key-based sanitation of environment properties as in SB2.
The default behavior has been removed and I assume it should be replaced with a SanitizingFunction. But there is no registered bean (yet?). Is there something missing or is it on purpose?
Without any registered SanitizingFunction the Sanitizer won't do anything at all.
https://github.com/spring-projects/spring-boot/commit/47effdcade47f5b0ab2cf6c7c3e2ed41e66bde08#diff-eff1d5fafbb45ff5ee51a9ebb415f157c4949d67c64cd410c981cf5a1f5a5e09L52
Comment From: philwebb
This is intentional. We found it was impossible to write a SanitizingFunction that would consistently and correctly work against everything. There's this section in the migration guide that explains things, but please let us know if you think it needs fleshing out.
Comment From: scottfrederick
Sensitive environment properties are not sanitized in SB3
All environment properties should be santized by default now, unless the property management.endpoint.env.show-values is set to something other than the default as mentioned in the migration guide. If that's not the case for you, please provide a complete minimal sample that reproduces the problem. You can share it with us by pushing it to a separate repository on GitHub or by zipping it and attaching it to this issue.