From 30f7f9c9c4db53073cd86418dfc46c71f17c87d2 Mon Sep 17 00:00:00 2001
From: Juzer Ali <juzerali@live.com>
Date: Thu, 13 Feb 2020 23:19:18 +0530
Subject: [PATCH 1/2] Document sanitized keys and uri sanitization behavior

See gh-20169
---
 .../spring-boot-docs/src/main/asciidoc/howto.adoc              | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
index 2abd6be15b1..5bdd4b76a02 100644
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
@@ -2211,11 +2211,12 @@ See also the section on "`<<spring-boot-features.adoc#boot-features-error-handli
 === Sanitize sensible values
 Information returned by the `env` and `configprops` endpoints can be somewhat sensitive so keys matching a certain pattern are sanitized by default (i.e. their values are replaced by `+******+`).
 
-Spring Boot uses sensible defaults for such keys: for instance, any key ending with the word "password", "secret", "key" or "token" is sanitized.
+Spring Boot uses sensible defaults for such keys: for instance, any key ending with the word "password", "secret", "key", " "token", vcap_services", "sun.java.command", "uri", "uris", "address" or "addresses" is sanitized.
 It is also possible to use a regular expression instead, such as `+*credentials.*+` to sanitize any key that holds the word `credentials` as part of the key.
 
 The patterns to use can be customized using the `management.endpoint.env.keys-to-sanitize` and `management.endpoint.configprops.keys-to-sanitize` respectively.
 
+If any of the keys to sanitize are URI format `<scheme>://<username>:<password>@<host>:<port>/`, only the password part is sanitized.
 
 
 [[howto-security]]

From 40d1727cc53f1498c5e902d4e7cc76033a8c9a14 Mon Sep 17 00:00:00 2001
From: Stephane Nicoll <snicoll@pivotal.io>
Date: Fri, 14 Feb 2020 15:27:34 +0100
Subject: [PATCH 2/2] Polish "Document sanitized keys and uri sanitization
 behavior"

See gh-20169
---
 .../spring-boot-docs/src/main/asciidoc/howto.adoc        | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
index 5bdd4b76a02..abce6c6cb49 100644
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
@@ -2211,12 +2211,13 @@ See also the section on "`<<spring-boot-features.adoc#boot-features-error-handli
 === Sanitize sensible values
 Information returned by the `env` and `configprops` endpoints can be somewhat sensitive so keys matching a certain pattern are sanitized by default (i.e. their values are replaced by `+******+`).
 
-Spring Boot uses sensible defaults for such keys: for instance, any key ending with the word "password", "secret", "key", " "token", vcap_services", "sun.java.command", "uri", "uris", "address" or "addresses" is sanitized.
-It is also possible to use a regular expression instead, such as `+*credentials.*+` to sanitize any key that holds the word `credentials` as part of the key.
-
 The patterns to use can be customized using the `management.endpoint.env.keys-to-sanitize` and `management.endpoint.configprops.keys-to-sanitize` respectively.
 
-If any of the keys to sanitize are URI format `<scheme>://<username>:<password>@<host>:<port>/`, only the password part is sanitized.
+Spring Boot uses sensible defaults for such keys: any key ending with the word "password", "secret", "key", "token", "vcap_services", "sun.java.command", "uri", "uris", "address" or "addresses" is sanitized.
+Additionally, any key that holds the word `credentials` as part of the key is sanitized (configured as a regular expression, i.e. `+*credentials.*+`).
+
+If any of the keys to sanitize are URI format (i.e. `<scheme>://<username>:<password>@<host>:<port>/`), only the password part is sanitized.
+
 
 
 [[howto-security]]