Spring Boot Actuator hides property values in env endpoint

By default the /env endpoint will hide the value of any property with a key that, ignoring case, ends with password, secret, or key. You can customize this using the endpoints.env.keys-to-sanitize property. The value of this property should be a comma-separated list of suffixes or regexes to match against property names. For example, if you don't care about keys ending in key you could set it to:


This is what the documentation says:


Keys that should be sanitized. Keys can be simple strings that the property ends with or regex expressions.

You can do it as @Andy Wilkinson mention. But you will see "endpoints.env.keys-to-sanitize" property with value "password,secret" in the applicationConfig section of /env endpoint.

To avoid this you can set the property using code as well:

public class MyApp {
    private EnvironmentEndpoint envEndPnt;

    public void initApplication() {

So once all the initializations are done and the initApplication is called you will have the EnvironmentEndPoint to which you set the property manually.