From bec84959ed9fcd659f93b1e0f6192cbdbf541f58 Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Wed, 17 Jan 2024 10:19:40 -0800 Subject: [PATCH] Improve "Sanitize Sensitive Values" section in reference documentation Closes gh-39094 --- .../src/docs/asciidoc/actuator/endpoints.adoc | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc index 92989a7bdd9..4787fd22214 100644 --- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc +++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc @@ -282,19 +282,27 @@ NOTE: The `management.endpoint.` prefix uniquely identifies the endpoint t [[actuator.endpoints.sanitization]] === Sanitize Sensitive Values -Information returned by the `/env`, `/configprops` and `/quartz` endpoints can be somewhat sensitive. -All values are sanitized by default (that is replaced by `+******+`). -Viewing original values in the unsanitized form can be configured per endpoint using the `showValues` property for that endpoint. -This property can be configured to have the following values: +Information returned by the `/env`, `/configprops` and `/quartz` endpoints can be sensitive, so by default values are always fully sanitized (replaced by `+******+`). -- `ALWAYS` - all values are shown in their unsanitized form to all users -- `NEVER` - all values are always sanitized (that is replaced by `+******+`) -- `WHEN_AUTHORIZED` - all values are shown in their unsanitized form to authorized users +Values can only be viewed in an unsanitized form when: + +- The `show-values` property has been set to something other than `NEVER` +- No custom `<>` beans apply + +The `show-values` property can be configured for sanitizable endpoints to one of the following values: + +- `NEVER` - values are always fully sanitized (replaced by `+******+`) +- `ALWAYS` - values are shown to all users (as long as no `SanitizingFunction` bean applies) +- `WHEN_AUTHORIZED` - values are shown only to authorized users (as long as no `SanitizingFunction` bean applies) For HTTP endpoints, a user is considered to be authorized if they have authenticated and have the roles configured by the endpoint's roles property. By default, any authenticated user is authorized. + For JMX endpoints, all users are always authorized. +The following example allows all users with the `admin` role to view values from the `/env` endpoint in their original form. +Unuthorized users, or users without the `admin` role, will see only sanitized values. + [source,yaml,indent=0,subs="verbatim",configprops,configblocks] ---- management: @@ -304,9 +312,7 @@ For JMX endpoints, all users are always authorized. roles: "admin" ---- -The configuration above enables the ability for all users with the `admin` role to view all values in their original form from the `/env` endpoint. - -NOTE: When `show-values` is set to `ALWAYS` or `WHEN_AUTHORIZED` any sanitization applied by a `<>` will still be applied. +NOTE: This example assumes that no `<>` beans have been defined.