Spring Cloud Config Server: GitLab credentials get exposed

Question

I am new to using spring cloud config server. I have set up a server via Spring Initlzr as Spring Boot Maven project. I want to use a private repository on a self-hosted GitLab server.

TL;DR

The configured GitLab repository uri containing the deploy token (credentials) is returned in any response. How can I prevent this? I do not want to use ssh keys.

Environment

Component       Version
Spring Boot     2.4.0
Spring Cloud    2020.0.0-M5
GitLab CE       13.5.3
Java VM         openjdk 11

Long Version

GitLab allows to read (pull) repositories with deploy or access tokens. I could not find any documents on explaining how to configure this in a spring cloud config server. According to the official documentation on spring.io, the server uses JGit to communicate with remote git repositories.

So I have looked up JGit documentation and found an explanation on how to use deploy tokens with GitLab. You specify a GitLab repository uri with basic http authentication and additionally specify a username and password separately. https://www.codeaffine.com/2014/12/09/jgit-authentication/ (Authentication @ GitLab)

I adopted this for the spring cloud config server and it works, but the credentials configured in the GitLab repository uri are exposed as well when content is served. when I remove either the credentials in the uri or the username/password properties, the server fails to connect to the repository.

application.properties:

spring.cloud.config.server.git.uri=https://<deploy-token-name>:<token>@gitlab.home.local/spring-cloud-config
spring.cloud.config.server.git.username=<deploy-token-name>
spring.cloud.config.server.git.password=<token>
spring.cloud.config.server.git.clone-on-start=true
server.port=8888

Reading properties for a service returns a response like this:
GET https://cloud-config.home.local:8888/some-service/development
Response:

{
  "name": "some-service",
  "profiles": [
    "development"
  ],
  "label": null,
  "version": "b87f905c28cc911b056c5ecf6aef6724bfbbbe58",
  "state": null,
  "propertySources": [
    {
      "name": "https://<deploy-token-name>:<token>@gitlab.home.local/spring-cloud-config.git/some-service/application-development.properties",
      "source": {
        "my.property": "Hello from development",
      }
    },
    {
      "name": "https://<deploy-token-name>:<token>@gitlab.home.local/spring-cloud-config.git/application.properties",
      "source": {
        "my.property": "Hello from default"
      }
    }
  ]
}

Best regards,
David

Update

According to the GitLab documentation you can read repositories with a private access token too. See link: https://docs.gitlab.com/ee/api/README.html#personalproject-access-tokens

I have created a private access token on the GitLab server and tried to configure it inside the spring cloud config server. When I add the ?private-token=<token> parameter, the server won't start because JGit seems to append a path to the configured uri which leads to an invalid url.
Caused by: org.apache.http.client.CircularRedirectException: Circular redirect to 'https://gitlab.home.local/spring-cloud-config.git?private_token=<token>/info/refs&service=git-upload-pack'

I also tried to add the token as a header field in the application.properties. But the property seems to be ignored or at least not evaluated at this point.
spring.cloud.config.headers.PRIVATE-TOKEN=<token> or
spring.cloud.config.headers.Authorization=Bearer <token>