Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify actuator security documentation #30065

Closed
wants to merge 3 commits into from
Closed

Clarify actuator security documentation #30065

wants to merge 3 commits into from

Conversation

cmabdullah
Copy link
Contributor

No description provided.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 4, 2022
wilkinsona
wilkinsona requested changes Mar 4, 2022
View reviewed changes
Copy link
Member

@wilkinsona wilkinsona left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request, @cmabdullah. I've left a couple of comments for your consideration.

spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc Outdated
@@ -316,8 +316,18 @@ TIP: If you want to implement your own strategy for when endpoints are exposed,

[[actuator.endpoints.security]]
=== Security
For security purposes, all actuators other than `/health` are disabled by default.
You can use the configprop:management.endpoints.web.exposure.include[] property to enable the actuators.
For security purposes, all actuator's endpoints that are exposed over HTTP are secret by default except `/health` endpoint.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal here is to consistently use the term "expose" but this change uses "secret". I think this sentence would be better if it was something like the following:

For security purposes, only the /health endpoint is exposed over HTTP by default.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated according to your suggestions, thanks for your concern.

spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc Outdated Show resolved Hide resolved
@wilkinsona wilkinsona self-assigned this Mar 4, 2022
@wilkinsona wilkinsona mentioned this pull request Mar 4, 2022
Closed
wilkinsona pushed a commit that referenced this pull request Mar 4, 2022
@cmabdullah @wilkinsona
Clarify actuator security documentation
5b7c21e 
See gh-30065
wilkinsona added a commit that referenced this pull request Mar 4, 2022
@wilkinsona
Polish "Clarify actuator security documentation"
c872539 
See gh-30065
@wilkinsona wilkinsona closed this in 52c49cc Mar 4, 2022
@wilkinsona wilkinsona added type: documentation A documentation update and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 4, 2022
@wilkinsona wilkinsona added this to the 2.6.5 milestone Mar 4, 2022
@wilkinsona wilkinsona mentioned this pull request Mar 4, 2022
Closed
@wilkinsona
Copy link
Member

@cmabdullah Thank you for making your first contribution to Spring Boot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wilkinsona wilkinsona wilkinsona requested changes

Assignees

@wilkinsona wilkinsona

Labels
type: documentation A documentation update
Projects
None yet
Milestone
2.6.5
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cmabdullah @wilkinsona @spring-projects-issues