Looping back here as I was looking for this specific setting. It looks like this is now implemented. In this case, you would want to set spring.data.rest.detection-strategy=annotated to avoid default exposure.
All application.properties options:
# Exposes all public repository interfaces but considers @(Repository)RestResource\u2019s `exported flag.
spring.data.rest.detection-strategy=default
# Exposes all repositories independently of type visibility and annotations.
spring.data.rest.detection-strategy=all
# Only repositories annotated with @(Repository)RestResource are exposed, unless their exported flag is set to false.
spring.data.rest.detection-strategy=annotated
# Only public repositories annotated are exposed.
spring.data.rest.detection-strategy=visibility
References
- 3.5.1. Setting the Repository Detection Strategy
- Common Application Properties