Make it easier to add a SanitizingFunction to mask properties with specific names

[philwebb]

See https://github.com/spring-projects/spring-boot/issues/39094#issuecomment-1899214357 for details.

We removed default sanitization in #33448 but didn't offer an easy way for those that were happy with that approach to apply it again. This means that a lot users will be copying similar code.

A couple of options that come to mind are:

• A property that contains property names that should be sanitized
• A factory method on SanitizingFunction that makes it easier to create a @Bean

[philwebb]

We're going to start by investigating option 2 and making it easy to build a SanitizingFunction with specific rules.

[guai]

Hi, is there a workaround? I want 2.7's behavior with management.endpoint.env.keys-to-sanitize in 3.2 (at least for now, while we are migrating)

[datagitlies]

Hi, is there a workaround? I want 2.7's behavior with management.endpoint.env.keys-to-sanitize in 3.2 (at least for now, while we are migrating)

@guai you can implement your own SanitizingFunction - see the comment here: https://github.com/spring-projects/spring-boot/issues/32156#issuecomment-1470804473

That said, I'm still hoping for a spring provided solution that makes it easier to create a @Bean so that I don't have to copy all that code from 2.7

[datagitlies]

We're going to start by investigating option 2 and making it easy to build a SanitizingFunction with specific rules.

@philwebb is there any update on this? If there is a branch I could look at or contribute to I'd be happy to pitch in for functionality that improves my codebase(s).

[philwebb]

@datagitlies We haven't had the chance to look at this one in any detail yet. I'm afraid we're currently heads down on the 3.3 release. If you have a proposal, feel free to submit a pull-request.