search

spring-cloud / spring-cloud-vault

Configuration Integration with HashiCorp Vault
http://cloud.spring.io/spring-cloud-vault/
Apache License 2.0
270 stars 151 forks source link

Vault properties are printed in plain text Spring management endpoint #633

Closed turaleck closed 2 years ago

turaleck commented 2 years ago

Describe the bug I have an application that bootstraps its using Vault properties. When I hit the management endpoint, I see the vault properties printed in plain text.

Sample In Vault, I have the following:

Path: kv/secret/password

Value at this path:

 user.password: value1
 user.password.previous: value2

In my application I have the following:

@Configuration
@VaultPropertySource("kv/secret/password")
public class VaultPropertySourceConfiguration {
}

@ConfigurationProperties(prefix = "user")
public class UserProperties {
    public String password;
}

When I run this application, field password gets populated properly. However, when I hit the Spring management endpoint, I see that user.password is masked. However, user.password.previous is not; it's in plan text.

spring boot version: 2.4.13 spring framework version: 5.3.15 spring cloud version: 2020.0.5

mp911de commented 2 years ago

The actuator endpoint is provided by Spring Boot. There's nothing we can do here.