Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify actuator security documentation #30025

Closed
scottfrederick opened this issue Mar 1, 2022 · 6 comments
Closed

Clarify actuator security documentation #30025

scottfrederick opened this issue Mar 1, 2022 · 6 comments
Assignees
@cmabdullah
Labels
status: superseded An issue that has been superseded by another type: documentation A documentation update

Comments

@scottfrederick
Copy link
Contributor

The Security section of the actuators documentation says:

For security purposes, all actuators other than /health are disabled by default. You can use the management.endpoints.web.exposure.include property to enable the actuators.

This should state that only the /health endpoint is exposed over HTTP rather than enabled.
@scottfrederick scottfrederick added this to the 2.6.x milestone Mar 1, 2022
@scottfrederick scottfrederick added the type: documentation A documentation update label Mar 1, 2022
@pashabhai
Copy link

pashabhai commented Mar 2, 2022
edited

For security purposes, by default only /health endpoint is exposed over HTTP.
If we want to enable others actuators from the available list of endpoints, use the management.endpoints.web.exposure.include property to enable the actuators.

@cmabdullah
Copy link
Contributor

It'll be easier to update documentation, @scottfrederick I'd like to work on it.

@wilkinsona
Copy link
Member

Thanks, @cmabdullah. It’s all yours. Please let us know if you have any questions.

@cmabdullah
Copy link
Contributor

@wilkinsona, Thanks for your support, I am working on this task, if any query comes to my mind, I will let you know for sure.

@pashabhai
Copy link

@cmabdullah @scottfrederick

if its ok, we can start from below draft.

For security purposes, by default only /health endpoint is exposed over HTTP.
If we want to enable remaining actuators from the available list of endpoints, use the management.endpoints.web.exposure.include property to enable the actuators.

@wilkinsona
Copy link
Member

Closing in favor of #30065.

@wilkinsona wilkinsona removed this from the 2.6.x milestone Mar 4, 2022
@wilkinsona wilkinsona added the status: superseded An issue that has been superseded by another label Mar 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmabdullah cmabdullah

Labels
status: superseded An issue that has been superseded by another type: documentation A documentation update
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@scottfrederick @pashabhai @wilkinsona @cmabdullah