Skip to content

Spring Boot Actuator challenge hiding an api key in the audit events #815

Description

@commjoen

This challenge is about how to not use the spring boot actuator, by hiding an API key in the audit events:

  • Add an AuditEventRepository
  • Add an APIkey received event at AuditEventRepository which is randomly generated
  • enable management.endpoints.web.exposure.include=auditevents in application.properties
  • Create a challenge using the secret at this endpoint and explain why you need to be careful with Actuator configurations

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions