Mongodb driver need connection string by spring.data.mongodb.uri and you can't set it by single properties.
When you call actuator info or env, it show all secrets data for mongodb as username,password, host,...
Exists a workaround to hide specific properties for info in this case spring.data.mongodb.uri ?
Thanks a lot.
CodePudding user response:
Yes, exposing env and info endpoints can be a costly security mistake.
You can either disable the endpoints if not needed or turn on authentication and access control for certain endpoints.
CodePudding user response:
the solution is to use
management:
endpoint:
info:
enabled: true
keys-to-sanitize: # Hide secrets data for cybersecurity
spring.data.mongodb.uri,.*password*.,.*secret.*,.*key.*,.*token.*,.*credentials.*
env:
enabled: true
keys-to-sanitize: # Hide secrets data for cybersecurity
spring.data.mongodb.uri,.*password*.,.*secret.*,.*key.*,.*token.*,.*credentials.*