Make properties to sanitize configurable in EnvironmentEndpoint.

Add "key" to default keys that will be sanitized. fixes #1027

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpoint.java

@@ -66,7 +66,7 @@ public class ConfigurationPropertiesReportEndpoint extends
 
 	private static final String CGLIB_FILTER_ID = "cglibFilter";
 
-	private String[] keysToSanitize = new String[] { "password", "secret" };
+	private String[] keysToSanitize = new String[] { "password", "secret", "key" };
 
 	private ApplicationContext context;
 
@@ -76,10 +76,6 @@ public class ConfigurationPropertiesReportEndpoint extends
 		super("configprops");
 	}
 
-	public String[] getKeysToSanitize() {
-		return this.keysToSanitize;
-	}
-
 	@Override
 	public void setApplicationContext(ApplicationContext context) throws BeansException {
 		this.context = context;

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/EnvironmentEndpoint.java

@@ -26,12 +26,14 @@ import org.springframework.core.env.EnumerablePropertySource;
 import org.springframework.core.env.Environment;
 import org.springframework.core.env.PropertySource;
 import org.springframework.core.env.StandardEnvironment;
+import org.springframework.util.Assert;
 
 /**
  * {@link Endpoint} to expose {@link ConfigurableEnvironment environment} information.
  * 
  * @author Dave Syer
  * @author Phillip Webb
+ * @author Christian Dupuis
  */
 @ConfigurationProperties(prefix = "endpoints.env", ignoreUnknownFields = false)
 public class EnvironmentEndpoint extends AbstractEndpoint<Map<String, Object>> implements
@@ -39,6 +41,8 @@ public class EnvironmentEndpoint extends AbstractEndpoint<Map<String, Object>> i
 
 	private Environment environment;
 
+	private String[] keysToSanitize = new String[] { "password", "secret", "key" };
+
 	/**
 	 * Create a new {@link EnvironmentEndpoint} instance.
 	 */
@@ -46,6 +50,11 @@ public class EnvironmentEndpoint extends AbstractEndpoint<Map<String, Object>> i
 		super("env");
 	}
 
+	public void setKeysToSanitize(String... keysToSanitize) {
+		Assert.notNull(keysToSanitize, "KeysToSanitize must not be null");
+		this.keysToSanitize = keysToSanitize;
+	}
+
 	@Override
 	public Map<String, Object> invoke() {
 		Map<String, Object> result = new LinkedHashMap<String, Object>();
@@ -71,10 +80,11 @@ public class EnvironmentEndpoint extends AbstractEndpoint<Map<String, Object>> i
 		return new StandardEnvironment().getPropertySources();
 	}
 
-	public static Object sanitize(String name, Object object) {
-		if (name.toLowerCase().endsWith("password")
-				|| name.toLowerCase().endsWith("secret")) {
-			return object == null ? null : "******";
+	public Object sanitize(String name, Object object) {
+		for (String keyToSanitize : this.keysToSanitize) {
+			if (name.toLowerCase().endsWith(keyToSanitize)) {
+				return (object == null ? null : "******");
+			}
 		}
 		return object;
 	}

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpoint.java

@@ -30,6 +30,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
  * Adapter to expose {@link EnvironmentEndpoint} as an {@link MvcEndpoint}.
  * 
  * @author Dave Syer
+ * @author Christian Dupuis
  */
 public class EnvironmentMvcEndpoint extends EndpointMvcAdapter implements
 		EnvironmentAware {
@@ -47,7 +48,7 @@ public class EnvironmentMvcEndpoint extends EndpointMvcAdapter implements
 		if (result == null) {
 			throw new NoSuchPropertyException("No such property: " + name);
 		}
-		return EnvironmentEndpoint.sanitize(name, result);
+		return ((EnvironmentEndpoint) getDelegate()).sanitize(name, result);
 	}
 
 	@Override

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/EnvironmentEndpointTests.java

 /*
- * Copyright 2012-2013 the original author or authors.
+ * Copyright 2012-2014 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,18 +16,22 @@
 
 package org.springframework.boot.actuate.endpoint;
 
+import java.util.Map;
+
 import org.junit.Test;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 import static org.hamcrest.Matchers.greaterThan;
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;
 
 /**
  * Tests for {@link EnvironmentEndpoint}.
  * 
  * @author Phillip Webb
+ * @author Christian Dupuis
  */
 public class EnvironmentEndpointTests extends AbstractEndpointTests<EnvironmentEndpoint> {
 
@@ -40,6 +44,19 @@ public class EnvironmentEndpointTests extends AbstractEndpointTests<EnvironmentE
 		assertThat(getEndpointBean().invoke().size(), greaterThan(0));
 	}
 
+	@SuppressWarnings("unchecked")
+	@Test
+	public void testKeySanitization() throws Exception {
+		System.setProperty("dbPassword", "123456");
+		System.setProperty("apiKey", "123456");
+		EnvironmentEndpoint report = getEndpointBean();
+		Map<String, Object> env = report.invoke();
+		assertEquals("******",
+				((Map<String, Object>) env.get("systemProperties")).get("dbPassword"));
+		assertEquals("******",
+				((Map<String, Object>) env.get("systemProperties")).get("apiKey"));
+	}
+
 	@Configuration
 	@EnableConfigurationProperties
 	public static class Config {