Skip to content

Clarify actuator security documentation#30065

Closed
cmabdullah wants to merge 3 commits intospring-projects:2.6.xfrom
cmabdullah:actuator-security-documentation
Closed

Clarify actuator security documentation#30065
cmabdullah wants to merge 3 commits intospring-projects:2.6.xfrom
cmabdullah:actuator-security-documentation

Conversation

@cmabdullah
Copy link
Copy Markdown
Contributor

@cmabdullah cmabdullah commented Mar 4, 2022

No description provided.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 4, 2022
wilkinsona
wilkinsona requested changes Mar 4, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@wilkinsona wilkinsona left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request, @cmabdullah. I've left a couple of comments for your consideration.

Comment thread spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc Outdated
=== Security
For security purposes, all actuators other than `/health` are disabled by default.
You can use the configprop:management.endpoints.web.exposure.include[] property to enable the actuators.
For security purposes, all actuator's endpoints that are exposed over HTTP are secret by default except `/health` endpoint.
Copy link
Copy Markdown
Member

@wilkinsona wilkinsona Mar 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal here is to consistently use the term "expose" but this change uses "secret". I think this sentence would be better if it was something like the following:

For security purposes, only the /health endpoint is exposed over HTTP by default.

Copy link
Copy Markdown
Contributor Author

@cmabdullah cmabdullah Mar 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated according to your suggestions, thanks for your concern.

Comment thread spring-boot-project/spring-boot-docs/src/docs/asciidoc/actuator/endpoints.adoc Outdated
@wilkinsona wilkinsona self-assigned this Mar 4, 2022
@wilkinsona wilkinsona mentioned this pull request Mar 4, 2022
Closed
wilkinsona pushed a commit that referenced this pull request Mar 4, 2022
@cmabdullah @wilkinsona
Clarify actuator security documentation
5b7c21e 
See gh-30065
wilkinsona added a commit that referenced this pull request Mar 4, 2022
@wilkinsona
Polish "Clarify actuator security documentation"
c872539 
See gh-30065
@wilkinsona wilkinsona closed this in 52c49cc Mar 4, 2022
@wilkinsona wilkinsona added type: documentation A documentation update and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 4, 2022
@wilkinsona wilkinsona added this to the 2.6.5 milestone Mar 4, 2022
@wilkinsona wilkinsona mentioned this pull request Mar 4, 2022
Closed
@wilkinsona
Copy link
Copy Markdown
Member

wilkinsona commented Mar 4, 2022

@cmabdullah Thank you for making your first contribution to Spring Boot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wilkinsona wilkinsona wilkinsona requested changes

Assignees

@wilkinsona wilkinsona

Labels

type: documentation A documentation update

Projects

None yet

Milestone

2.6.5

Development

Successfully merging this pull request may close these issues.

3 participants

@cmabdullah @wilkinsona @spring-projects-issues