We use spring cloud config as configuration tool. We store passwords and other sensitive things in the config git repository. We encrypt the config using Spring /encrypt endpoint and put the values in config.
There is an endpoint /env which returns all the properties. The problem here is, the values which are encrypted returned as plain text. Is there way, we make the endpoint to return encrypted value instead of plain text.
The /env endpoint is an actuator endpoint added by Spring Cloud Config. You should take the usual steps to secure the actuator endpoints so as not to allow unwanted access.
You can set endpoints.configprops.keys-to-sanitize to whatever pattern you need. The default is password,secret,key,token,.*credentials.*,vcap_services Keys can be simple strings that the property ends with or regex expressions.
Refer: this