Environment variables / System properties / App properties are partially or fully masked

In some cases, the values we get back from Actuator are intentionally masked and get sent back as ******. This is caused by configuration on the service end.

Spring Boot 2.X

Spring Boot 2.X masks keys with the following patterns by default:

  • password

  • secret

  • key

  • token

  • .*credentials.*

  • vcap_services

These patterns can be set using the following properties (Reference):

  • endpoints.configprops.keys-to-sanitize=comma,delimited,list

  • endpoints.env.keys-to-sanitize=comma,delimited,list

Spring Boot 3.X

In Spring Boot 3.X, all values are masked by default. If this behavior is not desired, it can be controlled using by setting the following properties to either always (Not recommended) or when-authorized and setting Ostara to authenticate with your application (Reference):

  • management.endpoint.configprops.show-values={always|when-authorized|never}

  • management.endpoint.env.show-values={always|when-authorized|never}

Last updated