We use spring cloud config as configuration tool. We store passwords and other sensitive things in the config git repository. We encrypt the config using Spring /encrypt endpoint and put the values in config.
There is an endpoint /env which returns all the properties. The problem here is, the values which are encrypted returned as plain text. Is there a way, we make the endpoint to return encrypted value instead of plain text?
Based on the suggestion from stackoverflow, we have added the property spring.cloud.config.server.encrypt.enabled=false. But still, the /env returns the decrypted value.
The /env endpoint is an actuator endpoint added by Spring Cloud Config. You should take the usual steps to secure the actuator endpoints so as not to allow unwanted access. https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-monitoring.html#production-ready-sensitive-endpoints
/env actually comes from spring-boot (spring-cloud adds the ability to POST). You can set endpoints.configprops.keys-to-sanitize to whatever pattern you need. The default is password,secret,key,token,.*credentials.*,vcap_services # Keys that should be sanitized. Keys can be simple strings that the property ends with or regex expressions.
Most helpful comment
/envactually comes from spring-boot (spring-cloud adds the ability to POST). You can setendpoints.configprops.keys-to-sanitizeto whatever pattern you need. The default ispassword,secret,key,token,.*credentials.*,vcap_services # Keys that should be sanitized. Keys can be simple strings that the property ends with or regex expressions.