At the moment, we sanitize the output of the /env and /configprops endpoints based on an initial set of sensitive keys. While these keys can be customized using properties, it is hard to get the defaults right.

We have decided to remove the keys-based approach in favor of a role based approach, similar to the health endpoint details. Whether unsanitized values are shown or not can be configured using a property which can have the following values:

• NEVER - All values are sanitized.
• ALWAYS - All values are present in the output (sanitizing functions will apply).
• WHEN_AUTHORIZED - Values are present in the output only if a user is authorized (sanitizing functions will apply).

For JMX, users are always considered to be authorized. For HTTP, users are considered to be authorized if they are authenticated and have the specified roles.

Sanitization for the QuartzEndpoint will also be configurable in the same way.