diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/context/properties/ConfigurationPropertiesReportEndpointAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/context/properties/ConfigurationPropertiesReportEndpointAutoConfigurationTests.java
index 825950d5114..035abffdea2 100644
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/context/properties/ConfigurationPropertiesReportEndpointAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/context/properties/ConfigurationPropertiesReportEndpointAutoConfigurationTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 the original author or authors.
+ * Copyright 2012-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,6 +32,7 @@ import org.springframework.boot.test.context.runner.ApplicationContextRunner;
 import org.springframework.boot.test.context.runner.ContextConsumer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -75,11 +76,11 @@ class ConfigurationPropertiesReportEndpointAutoConfigurationTests {
 	}
 
 	@Test
-	void customSanitizingFunctionShouldBeApplied() {
+	void customSanitizingFunctionsAreAppliedInOrder() {
 		this.contextRunner.withUserConfiguration(Config.class, SanitizingFunctionConfiguration.class)
 				.withPropertyValues("management.endpoints.web.exposure.include=configprops",
 						"test.my-test-property=abc")
-				.run(validateTestProperties("******", "$$$"));
+				.run(validateTestProperties("$$$111$$$", "$$$222$$$"));
 	}
 
 	@Test
@@ -152,10 +153,22 @@ class ConfigurationPropertiesReportEndpointAutoConfigurationTests {
 	static class SanitizingFunctionConfiguration {
 
 		@Bean
-		SanitizingFunction testSanitizingFunction() {
+		@Order(0)
+		SanitizingFunction firstSanitizingFunction() {
 			return (data) -> {
-				if (data.getKey().contains("my")) {
-					return data.withValue("$$$");
+				if (data.getKey().contains("Password")) {
+					return data.withValue("$$$111$$$");
+				}
+				return data;
+			};
+		}
+
+		@Bean
+		@Order(1)
+		SanitizingFunction secondSanitizingFunction() {
+			return (data) -> {
+				if (data.getKey().contains("Password") || data.getKey().contains("test")) {
+					return data.withValue("$$$222$$$");
 				}
 				return data;
 			};
diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/env/EnvironmentEndpointAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/env/EnvironmentEndpointAutoConfigurationTests.java
index fcecb19dabf..1f2b93d0134 100644
--- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/env/EnvironmentEndpointAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/env/EnvironmentEndpointAutoConfigurationTests.java
@@ -32,6 +32,7 @@ import org.springframework.boot.test.context.runner.ApplicationContextRunner;
 import org.springframework.boot.test.context.runner.ContextConsumer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -72,7 +73,7 @@ class EnvironmentEndpointAutoConfigurationTests {
 	}
 
 	@Test
-	void sanitizingFunctionsCanBeConfiguredViaTheEnvironment() {
+	void customSanitizingFunctionsAreAppliedInOrder() {
 		this.contextRunner.withUserConfiguration(SanitizingFunctionConfiguration.class)
 				.withPropertyValues("management.endpoints.web.exposure.include=env")
 				.withSystemProperties("custom=123456", "password=123456").run((context) -> {
@@ -81,8 +82,8 @@ class EnvironmentEndpointAutoConfigurationTests {
 					EnvironmentDescriptor env = endpoint.environment(null);
 					Map<String, PropertyValueDescriptor> systemProperties = getSource("systemProperties", env)
 							.getProperties();
-					assertThat(systemProperties.get("custom").getValue()).isEqualTo("$$$");
-					assertThat(systemProperties.get("password").getValue()).isEqualTo("$$$");
+					assertThat(systemProperties.get("custom").getValue()).isEqualTo("$$$111$$$");
+					assertThat(systemProperties.get("password").getValue()).isEqualTo("$$$222$$$");
 				});
 	}
 
@@ -123,8 +124,25 @@ class EnvironmentEndpointAutoConfigurationTests {
 	static class SanitizingFunctionConfiguration {
 
 		@Bean
-		SanitizingFunction testSanitizingFunction() {
-			return (data) -> data.withValue("$$$");
+		@Order(0)
+		SanitizingFunction firstSanitizingFunction() {
+			return (data) -> {
+				if (data.getKey().contains("custom")) {
+					return data.withValue("$$$111$$$");
+				}
+				return data;
+			};
+		}
+
+		@Bean
+		@Order(1)
+		SanitizingFunction secondSanitizingFunction() {
+			return (data) -> {
+				if (data.getKey().contains("custom") || data.getKey().contains("password")) {
+					return data.withValue("$$$222$$$");
+				}
+				return data;
+			};
 		}
 
 	}
diff --git a/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/context/properties/ConfigurationPropertiesReportEndpointTests.java b/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/context/properties/ConfigurationPropertiesReportEndpointTests.java
index 69f533593b2..cc424053b4b 100644
--- a/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/context/properties/ConfigurationPropertiesReportEndpointTests.java
+++ b/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/context/properties/ConfigurationPropertiesReportEndpointTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 the original author or authors.
+ * Copyright 2012-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/actuator.adoc b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/actuator.adoc
index fa877888384..4ea1ab0e46b 100644
--- a/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/actuator.adoc
+++ b/spring-boot-project/spring-boot-docs/src/docs/asciidoc/howto/actuator.adoc
@@ -65,7 +65,8 @@ Alternatively, additional patterns can be configured using configprop:management
 To take more control over the santization, define a `SanitizingFunction` bean.
 The `SanitizableData` with which the function is called provides access to the key and value as well as the `PropertySource` from which they came.
 This allows you to, for example, sanitize every value that comes from a particular property source.
-Each `SanitizingFunction` is called before and in addition to the built-in key-based sanitization.
+Each `SanitizingFunction` is called in order until a function changes the value of the santizable data.
+If no function changes its value, the built-in key-based santization is performed.