From da319e8761ed2ef017ed5e9dcbde489a99489123 Mon Sep 17 00:00:00 2001
From: craig mcclendon <XcrigX@users.noreply.github.com>
Date: Wed, 23 Mar 2022 14:12:48 -0500
Subject: [PATCH] disable springboot actuator endpoints other than 'health' for
 security reasons (#338)

Co-authored-by: Craig McClendon <craig.mcclendon@accenture.com>
---
 src/main/resources/application.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 11da8d1..b03dd76 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -1,10 +1,10 @@
-#Adds the option to go to eg. http://localhost:8080/actuator/env for seeing the running configuration
+#Adds the option to go to eg. http://localhost:8080/actuator/health for seeing the running configuration
+#see https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints
 management:
   endpoints:
     web:
       exposure:
-        include: "*"
-        exclude: "beans"
+        include: "health"
 spring:
   main:
     allow-circular-references: true