diff --git a/cmd/traefik/anonymize/anonymize.go b/cmd/traefik/anonymize/anonymize.go
new file mode 100644
index 000000000..7be585ee5
--- /dev/null
+++ b/cmd/traefik/anonymize/anonymize.go
@@ -0,0 +1,136 @@
+package anonymize
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"regexp"
+
+	"github.com/mitchellh/copystructure"
+	"github.com/mvdan/xurls"
+)
+
+const (
+	maskShort = "xxxx"
+	maskLarge = maskShort + maskShort + maskShort + maskShort + maskShort + maskShort + maskShort + maskShort
+)
+
+// Do configuration.
+func Do(baseConfig interface{}, indent bool) (string, error) {
+	anomConfig, err := copystructure.Copy(baseConfig)
+	if err != nil {
+		return "", err
+	}
+
+	val := reflect.ValueOf(anomConfig)
+
+	err = doOnStruct(val)
+	if err != nil {
+		return "", err
+	}
+
+	configJSON, err := marshal(anomConfig, indent)
+	if err != nil {
+		return "", err
+	}
+
+	return doOnJSON(string(configJSON)), nil
+}
+
+func doOnJSON(input string) string {
+	mailExp := regexp.MustCompile(`\w[-._\w]*\w@\w[-._\w]*\w\.\w{2,3}"`)
+	return xurls.Relaxed.ReplaceAllString(mailExp.ReplaceAllString(input, maskLarge+"\""), maskLarge)
+}
+
+func doOnStruct(field reflect.Value) error {
+	switch field.Kind() {
+	case reflect.Ptr:
+		if !field.IsNil() {
+			if err := doOnStruct(field.Elem()); err != nil {
+				return err
+			}
+		}
+	case reflect.Struct:
+		for i := 0; i < field.NumField(); i++ {
+			fld := field.Field(i)
+			stField := field.Type().Field(i)
+			if !isExported(stField) {
+				continue
+			}
+			if stField.Tag.Get("export") == "true" {
+				if err := doOnStruct(fld); err != nil {
+					return err
+				}
+			} else {
+				if err := reset(fld, stField.Name); err != nil {
+					return err
+				}
+			}
+		}
+	case reflect.Map:
+		for _, key := range field.MapKeys() {
+			if err := doOnStruct(field.MapIndex(key)); err != nil {
+				return err
+			}
+		}
+	case reflect.Slice:
+		for j := 0; j < field.Len(); j++ {
+			if err := doOnStruct(field.Index(j)); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func reset(field reflect.Value, name string) error {
+	if !field.CanSet() {
+		return fmt.Errorf("cannot reset field %s", name)
+	}
+
+	switch field.Kind() {
+	case reflect.Ptr:
+		if !field.IsNil() {
+			field.Set(reflect.Zero(field.Type()))
+		}
+	case reflect.Struct:
+		if field.IsValid() {
+			field.Set(reflect.Zero(field.Type()))
+		}
+	case reflect.String:
+		if field.String() != "" {
+			field.Set(reflect.ValueOf(maskShort))
+		}
+	case reflect.Map:
+		if field.Len() > 0 {
+			field.Set(reflect.MakeMap(field.Type()))
+		}
+	case reflect.Slice:
+		if field.Len() > 0 {
+			field.Set(reflect.MakeSlice(field.Type(), 0, 0))
+		}
+	case reflect.Interface:
+		if !field.IsNil() {
+			return reset(field.Elem(), "")
+		}
+	default:
+		// Primitive type
+		field.Set(reflect.Zero(field.Type()))
+	}
+	return nil
+}
+
+// isExported return true is a struct field is exported, else false
+func isExported(f reflect.StructField) bool {
+	if f.PkgPath != "" && !f.Anonymous {
+		return false
+	}
+	return true
+}
+
+func marshal(anomConfig interface{}, indent bool) ([]byte, error) {
+	if indent {
+		return json.MarshalIndent(anomConfig, "", " ")
+	}
+	return json.Marshal(anomConfig)
+}
diff --git a/cmd/traefik/anonymize/anonymize_config_test.go b/cmd/traefik/anonymize/anonymize_config_test.go
new file mode 100644
index 000000000..43b0844d2
--- /dev/null
+++ b/cmd/traefik/anonymize/anonymize_config_test.go
@@ -0,0 +1,666 @@
+package anonymize
+
+import (
+	"crypto/tls"
+	"testing"
+	"time"
+
+	"github.com/containous/flaeg"
+	"github.com/containous/traefik/acme"
+	"github.com/containous/traefik/configuration"
+	"github.com/containous/traefik/middlewares"
+	"github.com/containous/traefik/provider"
+	"github.com/containous/traefik/provider/boltdb"
+	"github.com/containous/traefik/provider/consul"
+	"github.com/containous/traefik/provider/docker"
+	"github.com/containous/traefik/provider/dynamodb"
+	"github.com/containous/traefik/provider/ecs"
+	"github.com/containous/traefik/provider/etcd"
+	"github.com/containous/traefik/provider/eureka"
+	"github.com/containous/traefik/provider/file"
+	"github.com/containous/traefik/provider/kubernetes"
+	"github.com/containous/traefik/provider/kv"
+	"github.com/containous/traefik/provider/marathon"
+	"github.com/containous/traefik/provider/mesos"
+	"github.com/containous/traefik/provider/rancher"
+	"github.com/containous/traefik/provider/web"
+	"github.com/containous/traefik/provider/zk"
+	"github.com/containous/traefik/safe"
+	"github.com/containous/traefik/types"
+	thoas_stats "github.com/thoas/stats"
+)
+
+func TestDo_globalConfiguration(t *testing.T) {
+
+	config := &configuration.GlobalConfiguration{}
+
+	config.GraceTimeOut = flaeg.Duration(666 * time.Second)
+	config.Debug = true
+	config.CheckNewVersion = true
+	config.AccessLogsFile = "AccessLogsFile"
+	config.AccessLog = &types.AccessLog{
+		FilePath: "AccessLog FilePath",
+		Format:   "AccessLog Format",
+	}
+	config.TraefikLogsFile = "TraefikLogsFile"
+	config.LogLevel = "LogLevel"
+	config.EntryPoints = configuration.EntryPoints{
+		"foo": {
+			Network: "foo Network",
+			Address: "foo Address",
+			TLS: &configuration.TLS{
+				MinVersion:   "foo MinVersion",
+				CipherSuites: []string{"foo CipherSuites 1", "foo CipherSuites 2", "foo CipherSuites 3"},
+				Certificates: configuration.Certificates{
+					{CertFile: "CertFile 1", KeyFile: "KeyFile 1"},
+					{CertFile: "CertFile 2", KeyFile: "KeyFile 2"},
+				},
+				ClientCAFiles: []string{"foo ClientCAFiles 1", "foo ClientCAFiles 2", "foo ClientCAFiles 3"},
+			},
+			Redirect: &configuration.Redirect{
+				Replacement: "foo Replacement",
+				Regex:       "foo Regex",
+				EntryPoint:  "foo EntryPoint",
+			},
+			Auth: &types.Auth{
+				Basic: &types.Basic{
+					UsersFile: "foo Basic UsersFile",
+					Users:     types.Users{"foo Basic Users 1", "foo Basic Users 2", "foo Basic Users 3"},
+				},
+				Digest: &types.Digest{
+					UsersFile: "foo Digest UsersFile",
+					Users:     types.Users{"foo Digest Users 1", "foo Digest Users 2", "foo Digest Users 3"},
+				},
+				Forward: &types.Forward{
+					Address: "foo Address",
+					TLS: &types.ClientTLS{
+						CA:                 "foo CA",
+						Cert:               "foo Cert",
+						Key:                "foo Key",
+						InsecureSkipVerify: true,
+					},
+					TrustForwardHeader: true,
+				},
+			},
+			WhitelistSourceRange: []string{"foo WhitelistSourceRange 1", "foo WhitelistSourceRange 2", "foo WhitelistSourceRange 3"},
+			Compress:             true,
+			ProxyProtocol:        true,
+		},
+		"fii": {
+			Network: "fii Network",
+			Address: "fii Address",
+			TLS: &configuration.TLS{
+				MinVersion:   "fii MinVersion",
+				CipherSuites: []string{"fii CipherSuites 1", "fii CipherSuites 2", "fii CipherSuites 3"},
+				Certificates: configuration.Certificates{
+					{CertFile: "CertFile 1", KeyFile: "KeyFile 1"},
+					{CertFile: "CertFile 2", KeyFile: "KeyFile 2"},
+				},
+				ClientCAFiles: []string{"fii ClientCAFiles 1", "fii ClientCAFiles 2", "fii ClientCAFiles 3"},
+			},
+			Redirect: &configuration.Redirect{
+				Replacement: "fii Replacement",
+				Regex:       "fii Regex",
+				EntryPoint:  "fii EntryPoint",
+			},
+			Auth: &types.Auth{
+				Basic: &types.Basic{
+					UsersFile: "fii Basic UsersFile",
+					Users:     types.Users{"fii Basic Users 1", "fii Basic Users 2", "fii Basic Users 3"},
+				},
+				Digest: &types.Digest{
+					UsersFile: "fii Digest UsersFile",
+					Users:     types.Users{"fii Digest Users 1", "fii Digest Users 2", "fii Digest Users 3"},
+				},
+				Forward: &types.Forward{
+					Address: "fii Address",
+					TLS: &types.ClientTLS{
+						CA:                 "fii CA",
+						Cert:               "fii Cert",
+						Key:                "fii Key",
+						InsecureSkipVerify: true,
+					},
+					TrustForwardHeader: true,
+				},
+			},
+			WhitelistSourceRange: []string{"fii WhitelistSourceRange 1", "fii WhitelistSourceRange 2", "fii WhitelistSourceRange 3"},
+			Compress:             true,
+			ProxyProtocol:        true,
+		},
+	}
+	config.Cluster = &types.Cluster{
+		Node: "Cluster Node",
+		Store: &types.Store{
+			Prefix: "Cluster Store Prefix",
+			// ...
+		},
+	}
+	config.Constraints = types.Constraints{
+		{
+			Key:       "Constraints Key 1",
+			Regex:     "Constraints Regex 2",
+			MustMatch: true,
+		},
+		{
+			Key:       "Constraints Key 1",
+			Regex:     "Constraints Regex 2",
+			MustMatch: true,
+		},
+	}
+	config.ACME = &acme.ACME{
+		Email: "acme Email",
+		Domains: []acme.Domain{
+			{
+				Main: "Domains Main",
+				SANs: []string{"Domains acme SANs 1", "Domains acme SANs 2", "Domains acme SANs 3"},
+			},
+		},
+		Storage:           "Storage",
+		StorageFile:       "StorageFile",
+		OnDemand:          true,
+		OnHostRule:        true,
+		CAServer:          "CAServer",
+		EntryPoint:        "EntryPoint",
+		DNSProvider:       "DNSProvider",
+		DelayDontCheckDNS: 666,
+		ACMELogging:       true,
+		TLSConfig: &tls.Config{
+			InsecureSkipVerify: true,
+			// ...
+		},
+	}
+	config.DefaultEntryPoints = configuration.DefaultEntryPoints{"DefaultEntryPoints 1", "DefaultEntryPoints 2", "DefaultEntryPoints 3"}
+	config.ProvidersThrottleDuration = flaeg.Duration(666 * time.Second)
+	config.MaxIdleConnsPerHost = 666
+	config.IdleTimeout = flaeg.Duration(666 * time.Second)
+	config.InsecureSkipVerify = true
+	config.RootCAs = configuration.RootCAs{"RootCAs 1", "RootCAs 2", "RootCAs 3"}
+	config.Retry = &configuration.Retry{
+		Attempts: 666,
+	}
+	config.HealthCheck = &configuration.HealthCheckConfig{
+		Interval: flaeg.Duration(666 * time.Second),
+	}
+	config.RespondingTimeouts = &configuration.RespondingTimeouts{
+		ReadTimeout:  flaeg.Duration(666 * time.Second),
+		WriteTimeout: flaeg.Duration(666 * time.Second),
+		IdleTimeout:  flaeg.Duration(666 * time.Second),
+	}
+	config.ForwardingTimeouts = &configuration.ForwardingTimeouts{
+		DialTimeout:           flaeg.Duration(666 * time.Second),
+		ResponseHeaderTimeout: flaeg.Duration(666 * time.Second),
+	}
+	config.Docker = &docker.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "docker Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "docker Constraints Key 1",
+					Regex:     "docker Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "docker Constraints Key 1",
+					Regex:     "docker Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Endpoint: "docker Endpoint",
+		Domain:   "docker Domain",
+		TLS: &types.ClientTLS{
+			CA:                 "docker CA",
+			Cert:               "docker Cert",
+			Key:                "docker Key",
+			InsecureSkipVerify: true,
+		},
+		ExposedByDefault: true,
+		UseBindPortIP:    true,
+		SwarmMode:        true,
+	}
+	config.File = &file.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "file Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "file Constraints Key 1",
+					Regex:     "file Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "file Constraints Key 1",
+					Regex:     "file Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Directory: "file Directory",
+	}
+	config.Web = &web.Provider{
+		Address:  "web Address",
+		CertFile: "web CertFile",
+		KeyFile:  "web KeyFile",
+		ReadOnly: true,
+		Statistics: &types.Statistics{
+			RecentErrors: 666,
+		},
+		Metrics: &types.Metrics{
+			Prometheus: &types.Prometheus{
+				Buckets: types.Buckets{6.5, 6.6, 6.7},
+			},
+			Datadog: &types.Datadog{
+				Address:      "Datadog Address",
+				PushInterval: "Datadog PushInterval",
+			},
+			StatsD: &types.Statsd{
+				Address:      "StatsD Address",
+				PushInterval: "StatsD PushInterval",
+			},
+		},
+		Path: "web Path",
+		Auth: &types.Auth{
+			Basic: &types.Basic{
+				UsersFile: "web Basic UsersFile",
+				Users:     types.Users{"web Basic Users 1", "web Basic Users 2", "web Basic Users 3"},
+			},
+			Digest: &types.Digest{
+				UsersFile: "web Digest UsersFile",
+				Users:     types.Users{"web Digest Users 1", "web Digest Users 2", "web Digest Users 3"},
+			},
+			Forward: &types.Forward{
+				Address: "web Address",
+				TLS: &types.ClientTLS{
+					CA:                 "web CA",
+					Cert:               "web Cert",
+					Key:                "web Key",
+					InsecureSkipVerify: true,
+				},
+				TrustForwardHeader: true,
+			},
+		},
+		Debug: true,
+		CurrentConfigurations: &safe.Safe{},
+		Stats: &thoas_stats.Stats{
+			Uptime:              time.Now(),
+			Pid:                 666,
+			ResponseCounts:      map[string]int{"foo": 1, "fii": 2, "fuu": 3},
+			TotalResponseCounts: map[string]int{"foo": 1, "fii": 2, "fuu": 3},
+			TotalResponseTime:   time.Now(),
+		},
+		StatsRecorder: &middlewares.StatsRecorder{},
+	}
+	config.Marathon = &marathon.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "marathon Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "marathon Constraints Key 1",
+					Regex:     "marathon Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "marathon Constraints Key 1",
+					Regex:     "marathon Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Endpoint:                "",
+		Domain:                  "",
+		ExposedByDefault:        true,
+		GroupsAsSubDomains:      true,
+		DCOSToken:               "",
+		MarathonLBCompatibility: true,
+		TLS: &types.ClientTLS{
+			CA:                 "marathon CA",
+			Cert:               "marathon Cert",
+			Key:                "marathon Key",
+			InsecureSkipVerify: true,
+		},
+		DialerTimeout:     flaeg.Duration(666 * time.Second),
+		KeepAlive:         flaeg.Duration(666 * time.Second),
+		ForceTaskHostname: true,
+		Basic: &marathon.Basic{
+			HTTPBasicAuthUser: "marathon HTTPBasicAuthUser",
+			HTTPBasicPassword: "marathon HTTPBasicPassword",
+		},
+		RespectReadinessChecks: true,
+	}
+	config.ConsulCatalog = &consul.CatalogProvider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "ConsulCatalog Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "ConsulCatalog Constraints Key 1",
+					Regex:     "ConsulCatalog Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "ConsulCatalog Constraints Key 1",
+					Regex:     "ConsulCatalog Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Endpoint:         "ConsulCatalog Endpoint",
+		Domain:           "ConsulCatalog Domain",
+		ExposedByDefault: true,
+		Prefix:           "ConsulCatalog Prefix",
+		FrontEndRule:     "ConsulCatalog FrontEndRule",
+	}
+	config.Kubernetes = &kubernetes.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "k8s Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "k8s Constraints Key 1",
+					Regex:     "k8s Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "k8s Constraints Key 1",
+					Regex:     "k8s Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Endpoint:               "k8s Endpoint",
+		Token:                  "k8s Token",
+		CertAuthFilePath:       "k8s CertAuthFilePath",
+		DisablePassHostHeaders: true,
+		Namespaces:             kubernetes.Namespaces{"k8s Namespaces 1", "k8s Namespaces 2", "k8s Namespaces 3"},
+		LabelSelector:          "k8s LabelSelector",
+	}
+	config.Mesos = &mesos.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "mesos Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "mesos Constraints Key 1",
+					Regex:     "mesos Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "mesos Constraints Key 1",
+					Regex:     "mesos Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Endpoint:           "mesos Endpoint",
+		Domain:             "mesos Domain",
+		ExposedByDefault:   true,
+		GroupsAsSubDomains: true,
+		ZkDetectionTimeout: 666,
+		RefreshSeconds:     666,
+		IPSources:          "mesos IPSources",
+		StateTimeoutSecond: 666,
+		Masters:            []string{"mesos Masters 1", "mesos Masters 2", "mesos Masters 3"},
+	}
+	config.Eureka = &eureka.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "eureka Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "eureka Constraints Key 1",
+					Regex:     "eureka Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "eureka Constraints Key 1",
+					Regex:     "eureka Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Endpoint: "eureka Endpoint",
+		Delay:    "eureka Delay",
+	}
+	config.ECS = &ecs.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "ecs Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "ecs Constraints Key 1",
+					Regex:     "ecs Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "ecs Constraints Key 1",
+					Regex:     "ecs Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		Domain:               "ecs Domain",
+		ExposedByDefault:     true,
+		RefreshSeconds:       666,
+		Clusters:             ecs.Clusters{"ecs Clusters 1", "ecs Clusters 2", "ecs Clusters 3"},
+		Cluster:              "ecs Cluster",
+		AutoDiscoverClusters: true,
+		Region:               "ecs Region",
+		AccessKeyID:          "ecs AccessKeyID",
+		SecretAccessKey:      "ecs SecretAccessKey",
+	}
+	config.Rancher = &rancher.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "rancher Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "rancher Constraints Key 1",
+					Regex:     "rancher Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "rancher Constraints Key 1",
+					Regex:     "rancher Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		APIConfiguration: rancher.APIConfiguration{
+			Endpoint:  "rancher Endpoint",
+			AccessKey: "rancher AccessKey",
+			SecretKey: "rancher SecretKey",
+		},
+		API: &rancher.APIConfiguration{
+			Endpoint:  "rancher Endpoint",
+			AccessKey: "rancher AccessKey",
+			SecretKey: "rancher SecretKey",
+		},
+		Metadata: &rancher.MetadataConfiguration{
+			IntervalPoll: true,
+			Prefix:       "rancher Metadata Prefix",
+		},
+		Domain:                    "rancher Domain",
+		RefreshSeconds:            666,
+		ExposedByDefault:          true,
+		EnableServiceHealthFilter: true,
+	}
+	config.DynamoDB = &dynamodb.Provider{
+		BaseProvider: provider.BaseProvider{
+			Watch:    true,
+			Filename: "dynamodb Filename",
+			Constraints: types.Constraints{
+				{
+					Key:       "dynamodb Constraints Key 1",
+					Regex:     "dynamodb Constraints Regex 2",
+					MustMatch: true,
+				},
+				{
+					Key:       "dynamodb Constraints Key 1",
+					Regex:     "dynamodb Constraints Regex 2",
+					MustMatch: true,
+				},
+			},
+			Trace: true,
+			DebugLogGeneratedTemplate: true,
+		},
+		AccessKeyID:     "dynamodb AccessKeyID",
+		RefreshSeconds:  666,
+		Region:          "dynamodb Region",
+		SecretAccessKey: "dynamodb SecretAccessKey",
+		TableName:       "dynamodb TableName",
+		Endpoint:        "dynamodb Endpoint",
+	}
+	config.Etcd = &etcd.Provider{
+		Provider: kv.Provider{
+			BaseProvider: provider.BaseProvider{
+				Watch:    true,
+				Filename: "etcd Filename",
+				Constraints: types.Constraints{
+					{
+						Key:       "etcd Constraints Key 1",
+						Regex:     "etcd Constraints Regex 2",
+						MustMatch: true,
+					},
+					{
+						Key:       "etcd Constraints Key 1",
+						Regex:     "etcd Constraints Regex 2",
+						MustMatch: true,
+					},
+				},
+				Trace: true,
+				DebugLogGeneratedTemplate: true,
+			},
+			Endpoint: "etcd Endpoint",
+			Prefix:   "etcd Prefix",
+			TLS: &types.ClientTLS{
+				CA:                 "etcd CA",
+				Cert:               "etcd Cert",
+				Key:                "etcd Key",
+				InsecureSkipVerify: true,
+			},
+			Username: "etcd Username",
+			Password: "etcd Password",
+		},
+	}
+	config.Zookeeper = &zk.Provider{
+		Provider: kv.Provider{
+			BaseProvider: provider.BaseProvider{
+				Watch:    true,
+				Filename: "zk Filename",
+				Constraints: types.Constraints{
+					{
+						Key:       "zk Constraints Key 1",
+						Regex:     "zk Constraints Regex 2",
+						MustMatch: true,
+					},
+					{
+						Key:       "zk Constraints Key 1",
+						Regex:     "zk Constraints Regex 2",
+						MustMatch: true,
+					},
+				},
+				Trace: true,
+				DebugLogGeneratedTemplate: true,
+			},
+			Endpoint: "zk Endpoint",
+			Prefix:   "zk Prefix",
+			TLS: &types.ClientTLS{
+				CA:                 "zk CA",
+				Cert:               "zk Cert",
+				Key:                "zk Key",
+				InsecureSkipVerify: true,
+			},
+			Username: "zk Username",
+			Password: "zk Password",
+		},
+	}
+	config.Boltdb = &boltdb.Provider{
+		Provider: kv.Provider{
+			BaseProvider: provider.BaseProvider{
+				Watch:    true,
+				Filename: "boltdb Filename",
+				Constraints: types.Constraints{
+					{
+						Key:       "boltdb Constraints Key 1",
+						Regex:     "boltdb Constraints Regex 2",
+						MustMatch: true,
+					},
+					{
+						Key:       "boltdb Constraints Key 1",
+						Regex:     "boltdb Constraints Regex 2",
+						MustMatch: true,
+					},
+				},
+				Trace: true,
+				DebugLogGeneratedTemplate: true,
+			},
+			Endpoint: "boltdb Endpoint",
+			Prefix:   "boltdb Prefix",
+			TLS: &types.ClientTLS{
+				CA:                 "boltdb CA",
+				Cert:               "boltdb Cert",
+				Key:                "boltdb Key",
+				InsecureSkipVerify: true,
+			},
+			Username: "boltdb Username",
+			Password: "boltdb Password",
+		},
+	}
+	config.Consul = &consul.Provider{
+		Provider: kv.Provider{
+			BaseProvider: provider.BaseProvider{
+				Watch:    true,
+				Filename: "consul Filename",
+				Constraints: types.Constraints{
+					{
+						Key:       "consul Constraints Key 1",
+						Regex:     "consul Constraints Regex 2",
+						MustMatch: true,
+					},
+					{
+						Key:       "consul Constraints Key 1",
+						Regex:     "consul Constraints Regex 2",
+						MustMatch: true,
+					},
+				},
+				Trace: true,
+				DebugLogGeneratedTemplate: true,
+			},
+			Endpoint: "consul Endpoint",
+			Prefix:   "consul Prefix",
+			TLS: &types.ClientTLS{
+				CA:                 "consul CA",
+				Cert:               "consul Cert",
+				Key:                "consul Key",
+				InsecureSkipVerify: true,
+			},
+			Username: "consul Username",
+			Password: "consul Password",
+		},
+	}
+
+	cleanJSON, err := Do(config, true)
+	if err != nil {
+		t.Fatal(err, cleanJSON)
+	}
+}
diff --git a/cmd/traefik/anonymize/anonymize_doOnJSON_test.go b/cmd/traefik/anonymize/anonymize_doOnJSON_test.go
new file mode 100644
index 000000000..87f43d125
--- /dev/null
+++ b/cmd/traefik/anonymize/anonymize_doOnJSON_test.go
@@ -0,0 +1,238 @@
+package anonymize
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func Test_doOnJSON(t *testing.T) {
+	baseConfiguration := `
+{
+ "GraceTimeOut": 10000000000,
+ "Debug": false,
+ "CheckNewVersion": true,
+ "AccessLogsFile": "",
+ "TraefikLogsFile": "",
+ "LogLevel": "ERROR",
+ "EntryPoints": {
+  "http": {
+   "Network": "",
+   "Address": ":80",
+   "TLS": null,
+   "Redirect": {
+    "EntryPoint": "https",
+    "Regex": "",
+    "Replacement": ""
+   },
+   "Auth": null,
+   "Compress": false
+  },
+  "https": {
+   "Network": "",
+   "Address": ":443",
+   "TLS": {
+    "MinVersion": "",
+    "CipherSuites": null,
+    "Certificates": null,
+    "ClientCAFiles": null
+   },
+   "Redirect": null,
+   "Auth": null,
+   "Compress": false
+  }
+ },
+ "Cluster": null,
+ "Constraints": [],
+ "ACME": {
+  "Email": "foo@bar.com",
+  "Domains": [
+   {
+    "Main": "foo@bar.com",
+    "SANs": null
+   },
+   {
+    "Main": "foo@bar.com",
+    "SANs": null
+   }
+  ],
+  "Storage": "",
+  "StorageFile": "/acme/acme.json",
+  "OnDemand": true,
+  "OnHostRule": true,
+  "CAServer": "",
+  "EntryPoint": "https",
+  "DNSProvider": "",
+  "DelayDontCheckDNS": 0,
+  "ACMELogging": false,
+  "TLSConfig": null
+ },
+ "DefaultEntryPoints": [
+  "https",
+  "http"
+ ],
+ "ProvidersThrottleDuration": 2000000000,
+ "MaxIdleConnsPerHost": 200,
+ "IdleTimeout": 180000000000,
+ "InsecureSkipVerify": false,
+ "Retry": null,
+ "HealthCheck": {
+  "Interval": 30000000000
+ },
+ "Docker": null,
+ "File": null,
+ "Web": null,
+ "Marathon": null,
+ "Consul": null,
+ "ConsulCatalog": null,
+ "Etcd": null,
+ "Zookeeper": null,
+ "Boltdb": null,
+ "Kubernetes": null,
+ "Mesos": null,
+ "Eureka": null,
+ "ECS": null,
+ "Rancher": null,
+ "DynamoDB": null,
+ "ConfigFile": "/etc/traefik/traefik.toml"
+}
+`
+	expectedConfiguration := `
+{
+ "GraceTimeOut": 10000000000,
+ "Debug": false,
+ "CheckNewVersion": true,
+ "AccessLogsFile": "",
+ "TraefikLogsFile": "",
+ "LogLevel": "ERROR",
+ "EntryPoints": {
+  "http": {
+   "Network": "",
+   "Address": ":80",
+   "TLS": null,
+   "Redirect": {
+    "EntryPoint": "https",
+    "Regex": "",
+    "Replacement": ""
+   },
+   "Auth": null,
+   "Compress": false
+  },
+  "https": {
+   "Network": "",
+   "Address": ":443",
+   "TLS": {
+    "MinVersion": "",
+    "CipherSuites": null,
+    "Certificates": null,
+    "ClientCAFiles": null
+   },
+   "Redirect": null,
+   "Auth": null,
+   "Compress": false
+  }
+ },
+ "Cluster": null,
+ "Constraints": [],
+ "ACME": {
+  "Email": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+  "Domains": [
+   {
+    "Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+    "SANs": null
+   },
+   {
+    "Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+    "SANs": null
+   }
+  ],
+  "Storage": "",
+  "StorageFile": "/acme/acme.json",
+  "OnDemand": true,
+  "OnHostRule": true,
+  "CAServer": "",
+  "EntryPoint": "https",
+  "DNSProvider": "",
+  "DelayDontCheckDNS": 0,
+  "ACMELogging": false,
+  "TLSConfig": null
+ },
+ "DefaultEntryPoints": [
+  "https",
+  "http"
+ ],
+ "ProvidersThrottleDuration": 2000000000,
+ "MaxIdleConnsPerHost": 200,
+ "IdleTimeout": 180000000000,
+ "InsecureSkipVerify": false,
+ "Retry": null,
+ "HealthCheck": {
+  "Interval": 30000000000
+ },
+ "Docker": null,
+ "File": null,
+ "Web": null,
+ "Marathon": null,
+ "Consul": null,
+ "ConsulCatalog": null,
+ "Etcd": null,
+ "Zookeeper": null,
+ "Boltdb": null,
+ "Kubernetes": null,
+ "Mesos": null,
+ "Eureka": null,
+ "ECS": null,
+ "Rancher": null,
+ "DynamoDB": null,
+ "ConfigFile": "/etc/traefik/traefik.toml"
+}
+`
+	anomConfiguration := doOnJSON(baseConfiguration)
+
+	if anomConfiguration != expectedConfiguration {
+		t.Errorf("Got %s, want %s.", anomConfiguration, expectedConfiguration)
+	}
+}
+
+func Test_doOnJSON_simple(t *testing.T) {
+	testCases := []struct {
+		name           string
+		input          string
+		expectedOutput string
+	}{
+		{
+			name: "email",
+			input: `{
+				"email1": "goo@example.com",
+				"email2": "foo.bargoo@example.com",
+				"email3": "foo.bargoo@example.com.us"
+			}`,
+			expectedOutput: `{
+				"email1": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+				"email2": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+				"email3": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+			}`,
+		},
+		{
+			name: "url",
+			input: `{
+				"URL": "foo domain.com foo",
+				"URL": "foo sub.domain.com foo",
+				"URL": "foo sub.sub.domain.com foo",
+				"URL": "foo sub.sub.sub.domain.com.us foo"
+			}`,
+			expectedOutput: `{
+				"URL": "foo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx foo",
+				"URL": "foo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx foo",
+				"URL": "foo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx foo",
+				"URL": "foo xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx foo"
+			}`,
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.name, func(t *testing.T) {
+			output := doOnJSON(test.input)
+			assert.Equal(t, test.expectedOutput, output)
+		})
+	}
+}
diff --git a/cmd/traefik/anonymize/anonymize_doOnStruct_test.go b/cmd/traefik/anonymize/anonymize_doOnStruct_test.go
new file mode 100644
index 000000000..3d9529682
--- /dev/null
+++ b/cmd/traefik/anonymize/anonymize_doOnStruct_test.go
@@ -0,0 +1,176 @@
+package anonymize
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type Courgette struct {
+	Ji string
+	Ho string
+}
+type Tomate struct {
+	Ji string
+	Ho string
+}
+
+type Carotte struct {
+	Name        string
+	Value       int
+	Courgette   Courgette
+	ECourgette  Courgette `export:"true"`
+	Pourgette   *Courgette
+	EPourgette  *Courgette `export:"true"`
+	Aubergine   map[string]string
+	EAubergine  map[string]string `export:"true"`
+	SAubergine  map[string]Tomate
+	ESAubergine map[string]Tomate `export:"true"`
+	PSAubergine map[string]*Tomate
+	EPAubergine map[string]*Tomate `export:"true"`
+}
+
+func Test_doOnStruct(t *testing.T) {
+	testCase := []struct {
+		name     string
+		base     *Carotte
+		expected *Carotte
+		hasError bool
+	}{
+		{
+			name: "primitive",
+			base: &Carotte{
+				Name:  "koko",
+				Value: 666,
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+			},
+		},
+		{
+			name: "struct",
+			base: &Carotte{
+				Name: "koko",
+				Courgette: Courgette{
+					Ji: "huu",
+				},
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+			},
+		},
+		{
+			name: "pointer",
+			base: &Carotte{
+				Name: "koko",
+				Pourgette: &Courgette{
+					Ji: "hoo",
+				},
+			},
+			expected: &Carotte{
+				Name:      "xxxx",
+				Pourgette: nil,
+			},
+		},
+		{
+			name: "export struct",
+			base: &Carotte{
+				Name: "koko",
+				ECourgette: Courgette{
+					Ji: "huu",
+				},
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+				ECourgette: Courgette{
+					Ji: "xxxx",
+				},
+			},
+		},
+		{
+			name: "export pointer struct",
+			base: &Carotte{
+				Name: "koko",
+				ECourgette: Courgette{
+					Ji: "huu",
+				},
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+				ECourgette: Courgette{
+					Ji: "xxxx",
+				},
+			},
+		},
+		{
+			name: "export map string/string",
+			base: &Carotte{
+				Name: "koko",
+				EAubergine: map[string]string{
+					"foo": "bar",
+				},
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+				EAubergine: map[string]string{
+					"foo": "bar",
+				},
+			},
+		},
+		{
+			name: "export map string/pointer",
+			base: &Carotte{
+				Name: "koko",
+				EPAubergine: map[string]*Tomate{
+					"foo": {
+						Ji: "fdskljf",
+					},
+				},
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+				EPAubergine: map[string]*Tomate{
+					"foo": {
+						Ji: "xxxx",
+					},
+				},
+			},
+		},
+		{
+			name: "export map string/struct (UNSAFE)",
+			base: &Carotte{
+				Name: "koko",
+				ESAubergine: map[string]Tomate{
+					"foo": {
+						Ji: "JiJiJi",
+					},
+				},
+			},
+			expected: &Carotte{
+				Name: "xxxx",
+				ESAubergine: map[string]Tomate{
+					"foo": {
+						Ji: "JiJiJi",
+					},
+				},
+			},
+			hasError: true,
+		},
+	}
+
+	for _, test := range testCase {
+		t.Run(test.name, func(t *testing.T) {
+			val := reflect.ValueOf(test.base).Elem()
+			err := doOnStruct(val)
+			if !test.hasError && err != nil {
+				t.Fatal(err)
+			}
+			if test.hasError && err == nil {
+				t.Fatal("Got no error but want an error.")
+			}
+
+			assert.EqualValues(t, test.expected, test.base)
+		})
+	}
+}
diff --git a/cmd/traefik/bug.go b/cmd/traefik/bug.go
index 66913c27f..27d99d389 100644
--- a/cmd/traefik/bug.go
+++ b/cmd/traefik/bug.go
@@ -2,20 +2,18 @@ package main
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"net/url"
 	"os/exec"
-	"regexp"
 	"runtime"
 	"text/template"
 
 	"github.com/containous/flaeg"
-	"github.com/mvdan/xurls"
+	"github.com/containous/traefik/cmd/traefik/anonymize"
 )
 
-var (
-	bugtracker  = "https://github.com/containous/traefik/issues/new"
+const (
+	bugTracker  = "https://github.com/containous/traefik/issues/new"
 	bugTemplate = `<!--
 DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
 
@@ -94,50 +92,67 @@ func newBugCmd(traefikConfiguration interface{}, traefikPointersConfiguration in
 		Description:           `Report an issue on Traefik bugtracker`,
 		Config:                traefikConfiguration,
 		DefaultPointersConfig: traefikPointersConfiguration,
-		Run: func() error {
-			var version bytes.Buffer
-			if err := getVersionPrint(&version); err != nil {
-				return err
-			}
-
-			tmpl, err := template.New("").Parse(bugTemplate)
-			if err != nil {
-				return err
-			}
-
-			configJSON, err := json.MarshalIndent(traefikConfiguration, "", " ")
-			if err != nil {
-				return err
-			}
-
-			v := struct {
-				Version       string
-				Configuration string
-			}{
-				Version:       version.String(),
-				Configuration: anonymize(string(configJSON)),
-			}
-
-			var bug bytes.Buffer
-			if err := tmpl.Execute(&bug, v); err != nil {
-				return err
-			}
-
-			body := bug.String()
-			URL := bugtracker + "?body=" + url.QueryEscape(body)
-			if err := openBrowser(URL); err != nil {
-				fmt.Printf("Please file a new issue at %s using this template:\n\n", bugtracker)
-				fmt.Print(body)
-			}
-
-			return nil
-		},
+		Run: runBugCmd(traefikConfiguration),
 		Metadata: map[string]string{
 			"parseAllSources": "true",
 		},
 	}
 }
 
+func runBugCmd(traefikConfiguration interface{}) func() error {
+	return func() error {
+
+		body, err := createBugReport(traefikConfiguration)
+		if err != nil {
+			return err
+		}
+
+		sendBugReport(body)
+
+		return nil
+	}
+}
+
+func createBugReport(traefikConfiguration interface{}) (string, error) {
+	var version bytes.Buffer
+	if err := getVersionPrint(&version); err != nil {
+		return "", err
+	}
+
+	tmpl, err := template.New("bug").Parse(bugTemplate)
+	if err != nil {
+		return "", err
+	}
+
+	config, err := anonymize.Do(&traefikConfiguration, true)
+	if err != nil {
+		return "", err
+	}
+
+	v := struct {
+		Version       string
+		Configuration string
+	}{
+		Version:       version.String(),
+		Configuration: config,
+	}
+
+	var bug bytes.Buffer
+	if err := tmpl.Execute(&bug, v); err != nil {
+		return "", err
+	}
+
+	return bug.String(), nil
+}
+
+func sendBugReport(body string) {
+	URL := bugTracker + "?body=" + url.QueryEscape(body)
+	if err := openBrowser(URL); err != nil {
+		fmt.Printf("Please file a new issue at %s using this template:\n\n", bugTracker)
+		fmt.Print(body)
+	}
+}
+
 func openBrowser(URL string) error {
 	var err error
 	switch runtime.GOOS {
@@ -152,9 +167,3 @@ func openBrowser(URL string) error {
 	}
 	return err
 }
-
-func anonymize(input string) string {
-	replace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx\""
-	mailExp := regexp.MustCompile(`\w[-._\w]*\w@\w[-._\w]*\w\.\w{2,3}"`)
-	return xurls.Relaxed.ReplaceAllString(mailExp.ReplaceAllString(input, replace), replace)
-}
diff --git a/cmd/traefik/bug_test.go b/cmd/traefik/bug_test.go
index cbc7c854c..efe191bcc 100644
--- a/cmd/traefik/bug_test.go
+++ b/cmd/traefik/bug_test.go
@@ -2,192 +2,48 @@ package main
 
 import (
 	"testing"
+
+	"github.com/containous/traefik/cmd/traefik/anonymize"
+	"github.com/containous/traefik/configuration"
+	"github.com/containous/traefik/provider/file"
+	"github.com/stretchr/testify/assert"
 )
 
-func Test_anonymize(t *testing.T) {
-	baseConfiguration := `
-{
- "GraceTimeOut": 10000000000,
- "Debug": false,
- "CheckNewVersion": true,
- "AccessLogsFile": "",
- "TraefikLogsFile": "",
- "LogLevel": "ERROR",
- "EntryPoints": {
-  "http": {
-   "Network": "",
-   "Address": ":80",
-   "TLS": null,
-   "Redirect": {
-    "EntryPoint": "https",
-    "Regex": "",
-    "Replacement": ""
-   },
-   "Auth": null,
-   "Compress": false
-  },
-  "https": {
-   "Network": "",
-   "Address": ":443",
-   "TLS": {
-    "MinVersion": "",
-    "CipherSuites": null,
-    "Certificates": null,
-    "ClientCAFiles": null
-   },
-   "Redirect": null,
-   "Auth": null,
-   "Compress": false
-  }
- },
- "Cluster": null,
- "Constraints": [],
- "ACME": {
-  "Email": "foo@bar.com",
-  "Domains": [
-   {
-    "Main": "foo@bar.com",
-    "SANs": null
-   },
-   {
-    "Main": "foo@bar.com",
-    "SANs": null
-   }
-  ],
-  "Storage": "",
-  "StorageFile": "/acme/acme.json",
-  "OnDemand": true,
-  "OnHostRule": true,
-  "CAServer": "",
-  "EntryPoint": "https",
-  "DNSProvider": "",
-  "DelayDontCheckDNS": 0,
-  "ACMELogging": false,
-  "TLSConfig": null
- },
- "DefaultEntryPoints": [
-  "https",
-  "http"
- ],
- "ProvidersThrottleDuration": 2000000000,
- "MaxIdleConnsPerHost": 200,
- "IdleTimeout": 180000000000,
- "InsecureSkipVerify": false,
- "Retry": null,
- "HealthCheck": {
-  "Interval": 30000000000
- },
- "Docker": null,
- "File": null,
- "Web": null,
- "Marathon": null,
- "Consul": null,
- "ConsulCatalog": null,
- "Etcd": null,
- "Zookeeper": null,
- "Boltdb": null,
- "Kubernetes": null,
- "Mesos": null,
- "Eureka": null,
- "ECS": null,
- "Rancher": null,
- "DynamoDB": null,
- "ConfigFile": "/etc/traefik/traefik.toml"
-}
-`
-	expectedConfiguration := `
-{
- "GraceTimeOut": 10000000000,
- "Debug": false,
- "CheckNewVersion": true,
- "AccessLogsFile": "",
- "TraefikLogsFile": "",
- "LogLevel": "ERROR",
- "EntryPoints": {
-  "http": {
-   "Network": "",
-   "Address": ":80",
-   "TLS": null,
-   "Redirect": {
-    "EntryPoint": "https",
-    "Regex": "",
-    "Replacement": ""
-   },
-   "Auth": null,
-   "Compress": false
-  },
-  "https": {
-   "Network": "",
-   "Address": ":443",
-   "TLS": {
-    "MinVersion": "",
-    "CipherSuites": null,
-    "Certificates": null,
-    "ClientCAFiles": null
-   },
-   "Redirect": null,
-   "Auth": null,
-   "Compress": false
-  }
- },
- "Cluster": null,
- "Constraints": [],
- "ACME": {
-  "Email": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-  "Domains": [
-   {
-    "Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-    "SANs": null
-   },
-   {
-    "Main": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-    "SANs": null
-   }
-  ],
-  "Storage": "",
-  "StorageFile": "/acme/acme.json",
-  "OnDemand": true,
-  "OnHostRule": true,
-  "CAServer": "",
-  "EntryPoint": "https",
-  "DNSProvider": "",
-  "DelayDontCheckDNS": 0,
-  "ACMELogging": false,
-  "TLSConfig": null
- },
- "DefaultEntryPoints": [
-  "https",
-  "http"
- ],
- "ProvidersThrottleDuration": 2000000000,
- "MaxIdleConnsPerHost": 200,
- "IdleTimeout": 180000000000,
- "InsecureSkipVerify": false,
- "Retry": null,
- "HealthCheck": {
-  "Interval": 30000000000
- },
- "Docker": null,
- "File": null,
- "Web": null,
- "Marathon": null,
- "Consul": null,
- "ConsulCatalog": null,
- "Etcd": null,
- "Zookeeper": null,
- "Boltdb": null,
- "Kubernetes": null,
- "Mesos": null,
- "Eureka": null,
- "ECS": null,
- "Rancher": null,
- "DynamoDB": null,
- "ConfigFile": "/etc/traefik/traefik.toml"
-}
-`
-	anomConfiguration := anonymize(baseConfiguration)
-
-	if anomConfiguration != expectedConfiguration {
-		t.Errorf("Got %s, want %s.", anomConfiguration, expectedConfiguration)
+func Test_createBugReport(t *testing.T) {
+	traefikConfiguration := TraefikConfiguration{
+		ConfigFile: "FOO",
+		GlobalConfiguration: configuration.GlobalConfiguration{
+			EntryPoints: configuration.EntryPoints{
+				"goo": &configuration.EntryPoint{
+					Address: "hoo.bar",
+				},
+			},
+			File: &file.Provider{
+				Directory: "BAR",
+			},
+			RootCAs: configuration.RootCAs{"fllf"},
+		},
 	}
+
+	report, err := createBugReport(traefikConfiguration)
+	assert.NoError(t, err, report)
+}
+
+func Test_anonymize_traefikConfiguration(t *testing.T) {
+	traefikConfiguration := &TraefikConfiguration{
+		ConfigFile: "FOO",
+		GlobalConfiguration: configuration.GlobalConfiguration{
+			EntryPoints: configuration.EntryPoints{
+				"goo": &configuration.EntryPoint{
+					Address: "hoo.bar",
+				},
+			},
+			File: &file.Provider{
+				Directory: "BAR",
+			},
+		},
+	}
+	_, err := anonymize.Do(traefikConfiguration, true)
+	assert.NoError(t, err)
+	assert.Equal(t, "hoo.bar", traefikConfiguration.GlobalConfiguration.EntryPoints["goo"].Address)
 }
diff --git a/cmd/traefik/configuration.go b/cmd/traefik/configuration.go
index 320b7a9eb..cf82f8dd4 100644
--- a/cmd/traefik/configuration.go
+++ b/cmd/traefik/configuration.go
@@ -25,8 +25,8 @@ import (
 
 // TraefikConfiguration holds GlobalConfiguration and other stuff
 type TraefikConfiguration struct {
-	configuration.GlobalConfiguration `mapstructure:",squash"`
-	ConfigFile                        string `short:"c" description:"Configuration file to use (TOML)."`
+	configuration.GlobalConfiguration `mapstructure:",squash" export:"true"`
+	ConfigFile                        string `short:"c" description:"Configuration file to use (TOML)." export:"true"`
 }
 
 // NewTraefikDefaultPointersConfiguration creates a TraefikConfiguration with pointers default values
diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go
index 2b4f7f8c9..0c6fea52d 100644
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -25,11 +25,11 @@ import (
 	"github.com/containous/traefik/provider/rancher"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/server"
+	"github.com/containous/traefik/server/uuid"
 	"github.com/containous/traefik/types"
 	"github.com/containous/traefik/version"
 	"github.com/coreos/go-systemd/daemon"
 	"github.com/docker/libkv/store"
-	"github.com/satori/go.uuid"
 )
 
 func main() {
@@ -188,7 +188,7 @@ Complete documentation is available at https://traefik.io`,
 	s.AddSource(toml)
 	s.AddSource(f)
 	if _, err := s.LoadConfig(); err != nil {
-		fmtlog.Println(fmt.Errorf("Error reading TOML config file %s : %s", toml.ConfigFileUsed(), err))
+		fmtlog.Printf("Error reading TOML config file %s : %s\n", toml.ConfigFileUsed(), err)
 		os.Exit(-1)
 	}
 
@@ -203,7 +203,7 @@ Complete documentation is available at https://traefik.io`,
 	// IF a KV Store is enable and no sub-command called in args
 	if kv != nil && usedCmd == traefikCmd {
 		if traefikConfiguration.Cluster == nil {
-			traefikConfiguration.Cluster = &types.Cluster{Node: uuid.NewV4().String()}
+			traefikConfiguration.Cluster = &types.Cluster{Node: uuid.Get()}
 		}
 		if traefikConfiguration.Cluster.Store == nil {
 			traefikConfiguration.Cluster.Store = &types.Store{Prefix: kv.Prefix, Store: kv.Store}
@@ -291,16 +291,7 @@ func run(globalConfiguration *configuration.GlobalConfiguration) {
 	log.Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
 
 	if globalConfiguration.CheckNewVersion {
-		ticker := time.NewTicker(24 * time.Hour)
-		safe.Go(func() {
-			version.CheckNewVersion()
-			for {
-				select {
-				case <-ticker.C:
-					version.CheckNewVersion()
-				}
-			}
-		})
+		checkNewVersion()
 	}
 
 	log.Debugf("Global configuration loaded %s", string(jsonConf))
@@ -366,3 +357,16 @@ func CreateKvSource(traefikConfiguration *TraefikConfiguration) (*staert.KvSourc
 	}
 	return kv, err
 }
+
+func checkNewVersion() {
+	ticker := time.NewTicker(24 * time.Hour)
+	safe.Go(func() {
+		version.CheckNewVersion()
+		for {
+			select {
+			case <-ticker.C:
+				version.CheckNewVersion()
+			}
+		}
+	})
+}
diff --git a/configuration/configuration.go b/configuration/configuration.go
index 2a21ab398..f3e91fbd0 100644
--- a/configuration/configuration.go
+++ b/configuration/configuration.go
@@ -42,42 +42,42 @@ const (
 // GlobalConfiguration holds global configuration (with providers, etc.).
 // It's populated from the traefik configuration file passed as an argument to the binary.
 type GlobalConfiguration struct {
-	GraceTimeOut              flaeg.Duration          `short:"g" description:"Duration to give active requests a chance to finish before Traefik stops"`
-	Debug                     bool                    `short:"d" description:"Enable debug mode"`
-	CheckNewVersion           bool                    `description:"Periodically check if a new version has been released"`
-	AccessLogsFile            string                  `description:"(Deprecated) Access logs file"` // Deprecated
-	AccessLog                 *types.AccessLog        `description:"Access log settings"`
-	TraefikLogsFile           string                  `description:"Traefik logs file. Stdout is used when omitted or empty"`
-	LogLevel                  string                  `short:"l" description:"Log level"`
-	EntryPoints               EntryPoints             `description:"Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'"`
-	Cluster                   *types.Cluster          `description:"Enable clustering"`
-	Constraints               types.Constraints       `description:"Filter services by constraint, matching with service tags"`
-	ACME                      *acme.ACME              `description:"Enable ACME (Let's Encrypt): automatic SSL"`
-	DefaultEntryPoints        DefaultEntryPoints      `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
-	ProvidersThrottleDuration flaeg.Duration          `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
-	MaxIdleConnsPerHost       int                     `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used"`
-	IdleTimeout               flaeg.Duration          `description:"(Deprecated) maximum amount of time an idle (keep-alive) connection will remain idle before closing itself."` // Deprecated
-	InsecureSkipVerify        bool                    `description:"Disable SSL certificate verification"`
-	RootCAs                   RootCAs                 `description:"Add cert file for self-signed certicate"`
-	Retry                     *Retry                  `description:"Enable retry sending request if network error"`
-	HealthCheck               *HealthCheckConfig      `description:"Health check parameters"`
-	RespondingTimeouts        *RespondingTimeouts     `description:"Timeouts for incoming requests to the Traefik instance"`
-	ForwardingTimeouts        *ForwardingTimeouts     `description:"Timeouts for requests forwarded to the backend servers"`
-	Docker                    *docker.Provider        `description:"Enable Docker backend with default settings"`
-	File                      *file.Provider          `description:"Enable File backend with default settings"`
-	Web                       *web.Provider           `description:"Enable Web backend with default settings"`
-	Marathon                  *marathon.Provider      `description:"Enable Marathon backend with default settings"`
-	Consul                    *consul.Provider        `description:"Enable Consul backend with default settings"`
-	ConsulCatalog             *consul.CatalogProvider `description:"Enable Consul catalog backend with default settings"`
-	Etcd                      *etcd.Provider          `description:"Enable Etcd backend with default settings"`
-	Zookeeper                 *zk.Provider            `description:"Enable Zookeeper backend with default settings"`
-	Boltdb                    *boltdb.Provider        `description:"Enable Boltdb backend with default settings"`
-	Kubernetes                *kubernetes.Provider    `description:"Enable Kubernetes backend with default settings"`
-	Mesos                     *mesos.Provider         `description:"Enable Mesos backend with default settings"`
-	Eureka                    *eureka.Provider        `description:"Enable Eureka backend with default settings"`
-	ECS                       *ecs.Provider           `description:"Enable ECS backend with default settings"`
-	Rancher                   *rancher.Provider       `description:"Enable Rancher backend with default settings"`
-	DynamoDB                  *dynamodb.Provider      `description:"Enable DynamoDB backend with default settings"`
+	GraceTimeOut              flaeg.Duration          `short:"g" description:"Duration to give active requests a chance to finish before Traefik stops" export:"true"`
+	Debug                     bool                    `short:"d" description:"Enable debug mode" export:"true"`
+	CheckNewVersion           bool                    `description:"Periodically check if a new version has been released" export:"true"`
+	AccessLogsFile            string                  `description:"(Deprecated) Access logs file" export:"true"` // Deprecated
+	AccessLog                 *types.AccessLog        `description:"Access log settings" export:"true"`
+	TraefikLogsFile           string                  `description:"Traefik logs file. Stdout is used when omitted or empty" export:"true"`
+	LogLevel                  string                  `short:"l" description:"Log level" export:"true"`
+	EntryPoints               EntryPoints             `description:"Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'" export:"true"`
+	Cluster                   *types.Cluster          `description:"Enable clustering" export:"true"`
+	Constraints               types.Constraints       `description:"Filter services by constraint, matching with service tags" export:"true"`
+	ACME                      *acme.ACME              `description:"Enable ACME (Let's Encrypt): automatic SSL" export:"true"`
+	DefaultEntryPoints        DefaultEntryPoints      `description:"Entrypoints to be used by frontends that do not specify any entrypoint" export:"true"`
+	ProvidersThrottleDuration flaeg.Duration          `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time." export:"true"`
+	MaxIdleConnsPerHost       int                     `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used" export:"true"`
+	IdleTimeout               flaeg.Duration          `description:"(Deprecated) maximum amount of time an idle (keep-alive) connection will remain idle before closing itself." export:"true"` // Deprecated
+	InsecureSkipVerify        bool                    `description:"Disable SSL certificate verification" export:"true"`
+	RootCAs                   RootCAs                 `description:"Add cert file for self-signed certificate"`
+	Retry                     *Retry                  `description:"Enable retry sending request if network error" export:"true"`
+	HealthCheck               *HealthCheckConfig      `description:"Health check parameters" export:"true"`
+	RespondingTimeouts        *RespondingTimeouts     `description:"Timeouts for incoming requests to the Traefik instance" export:"true"`
+	ForwardingTimeouts        *ForwardingTimeouts     `description:"Timeouts for requests forwarded to the backend servers" export:"true"`
+	Docker                    *docker.Provider        `description:"Enable Docker backend with default settings" export:"true"`
+	File                      *file.Provider          `description:"Enable File backend with default settings" export:"true"`
+	Web                       *web.Provider           `description:"Enable Web backend with default settings" export:"true"`
+	Marathon                  *marathon.Provider      `description:"Enable Marathon backend with default settings" export:"true"`
+	Consul                    *consul.Provider        `description:"Enable Consul backend with default settings" export:"true"`
+	ConsulCatalog             *consul.CatalogProvider `description:"Enable Consul catalog backend with default settings" export:"true"`
+	Etcd                      *etcd.Provider          `description:"Enable Etcd backend with default settings" export:"true"`
+	Zookeeper                 *zk.Provider            `description:"Enable Zookeeper backend with default settings" export:"true"`
+	Boltdb                    *boltdb.Provider        `description:"Enable Boltdb backend with default settings" export:"true"`
+	Kubernetes                *kubernetes.Provider    `description:"Enable Kubernetes backend with default settings" export:"true"`
+	Mesos                     *mesos.Provider         `description:"Enable Mesos backend with default settings" export:"true"`
+	Eureka                    *eureka.Provider        `description:"Enable Eureka backend with default settings" export:"true"`
+	ECS                       *ecs.Provider           `description:"Enable ECS backend with default settings" export:"true"`
+	Rancher                   *rancher.Provider       `description:"Enable Rancher backend with default settings" export:"true"`
+	DynamoDB                  *dynamodb.Provider      `description:"Enable DynamoDB backend with default settings" export:"true"`
 }
 
 // DefaultEntryPoints holds default entry points
@@ -289,12 +289,12 @@ func (ep *EntryPoints) Type() string {
 type EntryPoint struct {
 	Network              string
 	Address              string
-	TLS                  *TLS
-	Redirect             *Redirect
-	Auth                 *types.Auth
+	TLS                  *TLS        `export:"true"`
+	Redirect             *Redirect   `export:"true"`
+	Auth                 *types.Auth `export:"true"`
 	WhitelistSourceRange []string
-	Compress             bool
-	ProxyProtocol        bool
+	Compress             bool `export:"true"`
+	ProxyProtocol        bool `export:"true"`
 }
 
 // Redirect configures a redirection of an entry point to another, or to an URL
@@ -306,7 +306,7 @@ type Redirect struct {
 
 // TLS configures TLS for an entry point
 type TLS struct {
-	MinVersion    string
+	MinVersion    string `export:"true"`
 	CipherSuites  []string
 	Certificates  Certificates
 	ClientCAFiles []string
@@ -356,8 +356,6 @@ func (certs *Certificates) CreateTLSConfig() (*tls.Config, error) {
 	config.Certificates = []tls.Certificate{}
 	certsSlice := []Certificate(*certs)
 	for _, v := range certsSlice {
-		cert := tls.Certificate{}
-
 		var err error
 
 		certContent, err := v.CertFile.Read()
@@ -370,7 +368,7 @@ func (certs *Certificates) CreateTLSConfig() (*tls.Config, error) {
 			return nil, err
 		}
 
-		cert, err = tls.X509KeyPair(certContent, keyContent)
+		cert, err := tls.X509KeyPair(certContent, keyContent)
 		if err != nil {
 			return nil, err
 		}
@@ -425,23 +423,23 @@ type Certificate struct {
 
 // Retry contains request retry config
 type Retry struct {
-	Attempts int `description:"Number of attempts"`
+	Attempts int `description:"Number of attempts" export:"true"`
 }
 
 // HealthCheckConfig contains health check configuration parameters.
 type HealthCheckConfig struct {
-	Interval flaeg.Duration `description:"Default periodicity of enabled health checks"`
+	Interval flaeg.Duration `description:"Default periodicity of enabled health checks" export:"true"`
 }
 
 // RespondingTimeouts contains timeout configurations for incoming requests to the Traefik instance.
 type RespondingTimeouts struct {
-	ReadTimeout  flaeg.Duration `description:"ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set"`
-	WriteTimeout flaeg.Duration `description:"WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set"`
-	IdleTimeout  flaeg.Duration `description:"IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. Defaults to 180 seconds. If zero, no timeout is set"`
+	ReadTimeout  flaeg.Duration `description:"ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set" export:"true"`
+	WriteTimeout flaeg.Duration `description:"WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set" export:"true"`
+	IdleTimeout  flaeg.Duration `description:"IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. Defaults to 180 seconds. If zero, no timeout is set" export:"true"`
 }
 
 // ForwardingTimeouts contains timeout configurations for forwarding requests to the backend servers.
 type ForwardingTimeouts struct {
-	DialTimeout           flaeg.Duration `description:"The amount of time to wait until a connection to a backend server can be established. Defaults to 30 seconds. If zero, no timeout exists"`
-	ResponseHeaderTimeout flaeg.Duration `description:"The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists"`
+	DialTimeout           flaeg.Duration `description:"The amount of time to wait until a connection to a backend server can be established. Defaults to 30 seconds. If zero, no timeout exists" export:"true"`
+	ResponseHeaderTimeout flaeg.Duration `description:"The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists" export:"true"`
 }
diff --git a/docs/configuration/backends/web.md b/docs/configuration/backends/web.md
index 2df072a8c..0d88b96f8 100644
--- a/docs/configuration/backends/web.md
+++ b/docs/configuration/backends/web.md
@@ -29,7 +29,9 @@ address = ":8080"
 # Set REST API to read-only mode.
 #
 # Optional
-# readOnly = false
+# Default: false
+#
+readOnly = true
 ```
 
 ## Web UI
diff --git a/glide.lock b/glide.lock
index 1316462ff..94577fae0 100644
--- a/glide.lock
+++ b/glide.lock
@@ -1,5 +1,5 @@
-hash: 17b4abe35874c0990cf9ac68f4cdfae0229f4395097bcaab3105b698d91bd272
-updated: 2017-09-18T11:52:16.848940186+02:00
+hash: 9d176906cf25eaa3224c750b1dd3a5c8ce3340a58df3c562e57572c6294e16f0
+updated: 2017-09-30T18:32:16.848940186+02:00
 imports:
 - name: cloud.google.com/go
   version: 2e6a95edb1071d750f6d7db777bf66cd2997af6c
@@ -370,8 +370,12 @@ imports:
   version: f533f7a102197536779ea3a8cb881d639e21ec5a
 - name: github.com/miekg/dns
   version: 8060d9f51305bbe024b99679454e62f552cd0b0b
+- name: github.com/mitchellh/copystructure
+  version: d23ffcb85de31694d6ccaa23ccb4a03e55c1303f
 - name: github.com/mitchellh/mapstructure
   version: d0303fe809921458f417bcf828397a65db30a7e4
+- name: github.com/mitchellh/reflectwalk
+  version: 63d60e9d0dbc60cf9164e6510889b0db6683d98c
 - name: github.com/mvdan/xurls
   version: db96455566f05ffe42bd6ac671f05eeb1152b45d
 - name: github.com/Nvveen/Gotty
diff --git a/glide.yaml b/glide.yaml
index 6878be391..e6817d4d8 100644
--- a/glide.yaml
+++ b/glide.yaml
@@ -200,6 +200,7 @@ import:
   version: e039e20e500c2c025d9145be375e27cf42a94174
 - package: github.com/armon/go-proxyproto
   version: 48572f11356f1843b694f21a290d4f1006bc5e47
+- package: github.com/mitchellh/copystructure
 testImport:
 - package: github.com/stvp/go-udp-testing
 - package: github.com/docker/libcompose
diff --git a/integration/fixtures/access_log_config.toml b/integration/fixtures/access_log_config.toml
index 154e58d30..ed49e68af 100644
--- a/integration/fixtures/access_log_config.toml
+++ b/integration/fixtures/access_log_config.toml
@@ -9,6 +9,8 @@ defaultEntryPoints = ["http"]
   [entryPoints.http]
   address = ":8000"
 
+checkNewVersion = false
+
 ################################################################
 # Web configuration backend
 ################################################################
diff --git a/integration/fixtures/log_rotation_config.toml b/integration/fixtures/log_rotation_config.toml
index 70758386b..a77392f30 100644
--- a/integration/fixtures/log_rotation_config.toml
+++ b/integration/fixtures/log_rotation_config.toml
@@ -9,6 +9,8 @@ defaultEntryPoints = ["http"]
   [entryPoints.http]
   address = ":8000"
 
+checkNewVersion = false
+
 ################################################################
 # Web configuration backend
 ################################################################
diff --git a/integration/fixtures/traefik_log_config.toml b/integration/fixtures/traefik_log_config.toml
index d615c0064..6ab0de24a 100644
--- a/integration/fixtures/traefik_log_config.toml
+++ b/integration/fixtures/traefik_log_config.toml
@@ -4,8 +4,10 @@
 traefikLogsFile = "traefik.log"
 accessLogsFile = "access.log"
 logLevel = "DEBUG"
-checkNewVersion = false
 defaultEntryPoints = ["http"]
+
+checkNewVersion = false
+
 [entryPoints]
   [entryPoints.http]
   address = ":8000"
diff --git a/middlewares/auth/authenticator.go b/middlewares/auth/authenticator.go
index 5482948d7..8236693f1 100644
--- a/middlewares/auth/authenticator.go
+++ b/middlewares/auth/authenticator.go
@@ -18,7 +18,7 @@ type Authenticator struct {
 	users   map[string]string
 }
 
-// NewAuthenticator builds a new Autenticator given a config
+// NewAuthenticator builds a new Authenticator given a config
 func NewAuthenticator(authConfig *types.Auth) (*Authenticator, error) {
 	if authConfig == nil {
 		return nil, fmt.Errorf("Error creating Authenticator: auth is nil")
diff --git a/middlewares/metrics.go b/middlewares/metrics.go
index bd91f63d9..084c576b4 100644
--- a/middlewares/metrics.go
+++ b/middlewares/metrics.go
@@ -38,7 +38,7 @@ func (m *MetricsWrapper) ServeHTTP(rw http.ResponseWriter, r *http.Request, next
 	m.registry.ReqsCounter().With(reqLabels...).Add(1)
 
 	reqDurationLabels := []string{"service", m.serviceName, "code", strconv.Itoa(prw.statusCode)}
-	m.registry.ReqDurationHistogram().With(reqDurationLabels...).Observe(float64(time.Since(start).Seconds()))
+	m.registry.ReqDurationHistogram().With(reqDurationLabels...).Observe(time.Since(start).Seconds())
 }
 
 type retryMetrics interface {
diff --git a/provider/boltdb/boltdb.go b/provider/boltdb/boltdb.go
index 190bea638..0a043ec94 100644
--- a/provider/boltdb/boltdb.go
+++ b/provider/boltdb/boltdb.go
@@ -15,7 +15,7 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	kv.Provider `mapstructure:",squash"`
+	kv.Provider `mapstructure:",squash" export:"true"`
 }
 
 // Provide allows the boltdb provider to Provide configurations to traefik
diff --git a/provider/consul/consul.go b/provider/consul/consul.go
index d7a31f28d..ff4737346 100644
--- a/provider/consul/consul.go
+++ b/provider/consul/consul.go
@@ -15,7 +15,7 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the p.
 type Provider struct {
-	kv.Provider `mapstructure:",squash"`
+	kv.Provider `mapstructure:",squash" export:"true"`
 }
 
 // Provide allows the consul provider to provide configurations to traefik
diff --git a/provider/consul/consul_catalog.go b/provider/consul/consul_catalog.go
index e34a07a0d..0d7876358 100644
--- a/provider/consul/consul_catalog.go
+++ b/provider/consul/consul_catalog.go
@@ -28,12 +28,12 @@ var _ provider.Provider = (*CatalogProvider)(nil)
 
 // CatalogProvider holds configurations of the Consul catalog provider.
 type CatalogProvider struct {
-	provider.BaseProvider `mapstructure:",squash"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
 	Endpoint              string `description:"Consul server endpoint"`
 	Domain                string `description:"Default domain used"`
-	ExposedByDefault      bool   `description:"Expose Consul services by default"`
-	Prefix                string `description:"Prefix used for Consul catalog tags"`
-	FrontEndRule          string `description:"Frontend rule used for Consul services"`
+	ExposedByDefault      bool   `description:"Expose Consul services by default" export:"true"`
+	Prefix                string `description:"Prefix used for Consul catalog tags" export:"true"`
+	FrontEndRule          string `description:"Frontend rule used for Consul services" export:"true"`
 	client                *api.Client
 	frontEndRuleTemplate  *template.Template
 }
diff --git a/provider/docker/docker.go b/provider/docker/docker.go
index 8eea42ace..1dec90b4b 100644
--- a/provider/docker/docker.go
+++ b/provider/docker/docker.go
@@ -46,13 +46,13 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	provider.BaseProvider `mapstructure:",squash"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
 	Endpoint              string           `description:"Docker server endpoint. Can be a tcp or a unix socket endpoint"`
 	Domain                string           `description:"Default domain used"`
-	TLS                   *types.ClientTLS `description:"Enable Docker TLS support"`
-	ExposedByDefault      bool             `description:"Expose containers by default"`
-	UseBindPortIP         bool             `description:"Use the ip address from the bound port, rather than from the inner network"`
-	SwarmMode             bool             `description:"Use Docker on Swarm Mode"`
+	TLS                   *types.ClientTLS `description:"Enable Docker TLS support" export:"true"`
+	ExposedByDefault      bool             `description:"Expose containers by default" export:"true"`
+	UseBindPortIP         bool             `description:"Use the ip address from the bound port, rather than from the inner network" export:"true"`
+	SwarmMode             bool             `description:"Use Docker on Swarm Mode" export:"true"`
 }
 
 // dockerData holds the need data to the Provider p
diff --git a/provider/dynamodb/dynamodb.go b/provider/dynamodb/dynamodb.go
index 916f5ab67..62070aa81 100644
--- a/provider/dynamodb/dynamodb.go
+++ b/provider/dynamodb/dynamodb.go
@@ -24,14 +24,13 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configuration for provider.
 type Provider struct {
-	provider.BaseProvider `mapstructure:",squash"`
-
-	AccessKeyID     string `description:"The AWS credentials access key to use for making requests"`
-	RefreshSeconds  int    `description:"Polling interval (in seconds)"`
-	Region          string `description:"The AWS region to use for requests"`
-	SecretAccessKey string `description:"The AWS credentals secret key to use for making requests"`
-	TableName       string `description:"The AWS dynamodb table that stores configuration for traefik"`
-	Endpoint        string `description:"The endpoint of a dynamodb. Used for testing with a local dynamodb"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
+	AccessKeyID           string `description:"The AWS credentials access key to use for making requests"`
+	RefreshSeconds        int    `description:"Polling interval (in seconds)" export:"true"`
+	Region                string `description:"The AWS region to use for requests" export:"true"`
+	SecretAccessKey       string `description:"The AWS credentials secret key to use for making requests"`
+	TableName             string `description:"The AWS dynamodb table that stores configuration for traefik" export:"true"`
+	Endpoint              string `description:"The endpoint of a dynamodb. Used for testing with a local dynamodb"`
 }
 
 type dynamoClient struct {
diff --git a/provider/ecs/ecs.go b/provider/ecs/ecs.go
index 32e9af5c6..3c543d9b9 100644
--- a/provider/ecs/ecs.go
+++ b/provider/ecs/ecs.go
@@ -29,17 +29,17 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	provider.BaseProvider `mapstructure:",squash"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
 
 	Domain           string `description:"Default domain used"`
-	ExposedByDefault bool   `description:"Expose containers by default"`
-	RefreshSeconds   int    `description:"Polling interval (in seconds)"`
+	ExposedByDefault bool   `description:"Expose containers by default" export:"true"`
+	RefreshSeconds   int    `description:"Polling interval (in seconds)" export:"true"`
 
 	// Provider lookup parameters
 	Clusters             Clusters `description:"ECS Clusters name"`
 	Cluster              string   `description:"deprecated - ECS Cluster name"` // deprecated
-	AutoDiscoverClusters bool     `description:"Auto discover cluster"`
-	Region               string   `description:"The AWS region to use for requests"`
+	AutoDiscoverClusters bool     `description:"Auto discover cluster" export:"true"`
+	Region               string   `description:"The AWS region to use for requests" export:"true"`
 	AccessKeyID          string   `description:"The AWS credentials access key to use for making requests"`
 	SecretAccessKey      string   `description:"The AWS credentials access key to use for making requests"`
 }
diff --git a/provider/etcd/etcd.go b/provider/etcd/etcd.go
index 488959e3a..d2b4ccea6 100644
--- a/provider/etcd/etcd.go
+++ b/provider/etcd/etcd.go
@@ -15,7 +15,7 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	kv.Provider `mapstructure:",squash"`
+	kv.Provider `mapstructure:",squash" export:"true"`
 }
 
 // Provide allows the etcd provider to Provide configurations to traefik
diff --git a/provider/eureka/eureka.go b/provider/eureka/eureka.go
index 8e9b6b881..0e00676ba 100644
--- a/provider/eureka/eureka.go
+++ b/provider/eureka/eureka.go
@@ -18,9 +18,9 @@ import (
 
 // Provider holds configuration of the Provider provider.
 type Provider struct {
-	provider.BaseProvider `mapstructure:",squash"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
 	Endpoint              string `description:"Eureka server endpoint"`
-	Delay                 string `description:"Override default configuration time between refresh"`
+	Delay                 string `description:"Override default configuration time between refresh" export:"true"`
 }
 
 // Provide allows the eureka provider to provide configurations to traefik
diff --git a/provider/file/file.go b/provider/file/file.go
index 1ca651202..678a51b3a 100644
--- a/provider/file/file.go
+++ b/provider/file/file.go
@@ -18,8 +18,8 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	provider.BaseProvider `mapstructure:",squash"`
-	Directory             string `description:"Load configuration from one or more .toml files in a directory"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
+	Directory             string `description:"Load configuration from one or more .toml files in a directory" export:"true"`
 }
 
 // Provide allows the file provider to provide configurations to traefik
diff --git a/provider/kubernetes/kubernetes.go b/provider/kubernetes/kubernetes.go
index d4b6494dc..d6cdd1782 100644
--- a/provider/kubernetes/kubernetes.go
+++ b/provider/kubernetes/kubernetes.go
@@ -42,13 +42,13 @@ const traefikDefaultRealm = "traefik"
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	provider.BaseProvider  `mapstructure:",squash"`
+	provider.BaseProvider  `mapstructure:",squash" export:"true"`
 	Endpoint               string     `description:"Kubernetes server endpoint (required for external cluster client)"`
 	Token                  string     `description:"Kubernetes bearer token (not needed for in-cluster client)"`
 	CertAuthFilePath       string     `description:"Kubernetes certificate authority file path (not needed for in-cluster client)"`
-	DisablePassHostHeaders bool       `description:"Kubernetes disable PassHost Headers"`
-	Namespaces             Namespaces `description:"Kubernetes namespaces"`
-	LabelSelector          string     `description:"Kubernetes api label selector to use"`
+	DisablePassHostHeaders bool       `description:"Kubernetes disable PassHost Headers" export:"true"`
+	Namespaces             Namespaces `description:"Kubernetes namespaces" export:"true"`
+	LabelSelector          string     `description:"Kubernetes api label selector to use" export:"true"`
 	lastConfiguration      safe.Safe
 }
 
diff --git a/provider/kv/kv.go b/provider/kv/kv.go
index a6db0d21f..e61ea5be9 100644
--- a/provider/kv/kv.go
+++ b/provider/kv/kv.go
@@ -20,10 +20,10 @@ import (
 
 // Provider holds common configurations of key-value providers.
 type Provider struct {
-	provider.BaseProvider `mapstructure:",squash"`
+	provider.BaseProvider `mapstructure:",squash" export:"true"`
 	Endpoint              string           `description:"Comma separated server endpoints"`
-	Prefix                string           `description:"Prefix used for KV store"`
-	TLS                   *types.ClientTLS `description:"Enable TLS support"`
+	Prefix                string           `description:"Prefix used for KV store" export:"true"`
+	TLS                   *types.ClientTLS `description:"Enable TLS support" export:"true"`
 	Username              string           `description:"KV Username"`
 	Password              string           `description:"KV Password"`
 	storeType             store.Backend
diff --git a/provider/marathon/marathon.go b/provider/marathon/marathon.go
index 845b31bec..0ea7627be 100644
--- a/provider/marathon/marathon.go
+++ b/provider/marathon/marathon.go
@@ -53,18 +53,18 @@ var servicesPropertiesRegexp = regexp.MustCompile(`^traefik\.(?P<service_name>.+
 // Provider holds configuration of the provider.
 type Provider struct {
 	provider.BaseProvider
-	Endpoint                string           `description:"Marathon server endpoint. You can also specify multiple endpoint for Marathon"`
-	Domain                  string           `description:"Default domain used"`
-	ExposedByDefault        bool             `description:"Expose Marathon apps by default"`
-	GroupsAsSubDomains      bool             `description:"Convert Marathon groups to subdomains"`
-	DCOSToken               string           `description:"DCOSToken for DCOS environment, This will override the Authorization header"`
-	MarathonLBCompatibility bool             `description:"Add compatibility with marathon-lb labels"`
-	TLS                     *types.ClientTLS `description:"Enable Docker TLS support"`
-	DialerTimeout           flaeg.Duration   `description:"Set a non-default connection timeout for Marathon"`
-	KeepAlive               flaeg.Duration   `description:"Set a non-default TCP Keep Alive time in seconds"`
-	ForceTaskHostname       bool             `description:"Force to use the task's hostname."`
-	Basic                   *Basic           `description:"Enable basic authentication"`
-	RespectReadinessChecks  bool             `description:"Filter out tasks with non-successful readiness checks during deployments"`
+	Endpoint                string           `description:"Marathon server endpoint. You can also specify multiple endpoint for Marathon" export:"true"`
+	Domain                  string           `description:"Default domain used" export:"true"`
+	ExposedByDefault        bool             `description:"Expose Marathon apps by default" export:"true"`
+	GroupsAsSubDomains      bool             `description:"Convert Marathon groups to subdomains" export:"true"`
+	DCOSToken               string           `description:"DCOSToken for DCOS environment, This will override the Authorization header" export:"true"`
+	MarathonLBCompatibility bool             `description:"Add compatibility with marathon-lb labels" export:"true"`
+	TLS                     *types.ClientTLS `description:"Enable Docker TLS support" export:"true"`
+	DialerTimeout           flaeg.Duration   `description:"Set a non-default connection timeout for Marathon" export:"true"`
+	KeepAlive               flaeg.Duration   `description:"Set a non-default TCP Keep Alive time in seconds" export:"true"`
+	ForceTaskHostname       bool             `description:"Force to use the task's hostname." export:"true"`
+	Basic                   *Basic           `description:"Enable basic authentication" export:"true"`
+	RespectReadinessChecks  bool             `description:"Filter out tasks with non-successful readiness checks during deployments" export:"true"`
 	readyChecker            *readinessChecker
 	marathonClient          marathon.Marathon
 }
diff --git a/provider/mesos/mesos.go b/provider/mesos/mesos.go
index b234d530e..46f7d33f7 100644
--- a/provider/mesos/mesos.go
+++ b/provider/mesos/mesos.go
@@ -32,12 +32,12 @@ type Provider struct {
 	provider.BaseProvider
 	Endpoint           string `description:"Mesos server endpoint. You can also specify multiple endpoint for Mesos"`
 	Domain             string `description:"Default domain used"`
-	ExposedByDefault   bool   `description:"Expose Mesos apps by default"`
-	GroupsAsSubDomains bool   `description:"Convert Mesos groups to subdomains"`
-	ZkDetectionTimeout int    `description:"Zookeeper timeout (in seconds)"`
-	RefreshSeconds     int    `description:"Polling interval (in seconds)"`
-	IPSources          string `description:"IPSources (e.g. host, docker, mesos, rkt)"` // e.g. "host", "docker", "mesos", "rkt"
-	StateTimeoutSecond int    `description:"HTTP Timeout (in seconds)"`
+	ExposedByDefault   bool   `description:"Expose Mesos apps by default" export:"true"`
+	GroupsAsSubDomains bool   `description:"Convert Mesos groups to subdomains" export:"true"`
+	ZkDetectionTimeout int    `description:"Zookeeper timeout (in seconds)" export:"true"`
+	RefreshSeconds     int    `description:"Polling interval (in seconds)" export:"true"`
+	IPSources          string `description:"IPSources (e.g. host, docker, mesos, rkt)" export:"true"`
+	StateTimeoutSecond int    `description:"HTTP Timeout (in seconds)" export:"true"`
 	Masters            []string
 }
 
diff --git a/provider/provider.go b/provider/provider.go
index 6c479ae43..cc1e12edf 100644
--- a/provider/provider.go
+++ b/provider/provider.go
@@ -24,11 +24,11 @@ type Provider interface {
 
 // BaseProvider should be inherited by providers
 type BaseProvider struct {
-	Watch                     bool              `description:"Watch provider"`
-	Filename                  string            `description:"Override default configuration template. For advanced users :)"`
-	Constraints               types.Constraints `description:"Filter services by constraint, matching with Traefik tags."`
-	Trace                     bool              `description:"Display additional provider logs (if available)."`
-	DebugLogGeneratedTemplate bool              `description:"Enable debug logging of generated configuration template."`
+	Watch                     bool              `description:"Watch provider" export:"true"`
+	Filename                  string            `description:"Override default configuration template. For advanced users :)" export:"true"`
+	Constraints               types.Constraints `description:"Filter services by constraint, matching with Traefik tags." export:"true"`
+	Trace                     bool              `description:"Display additional provider logs (if available)." export:"true"`
+	DebugLogGeneratedTemplate bool              `description:"Enable debug logging of generated configuration template." export:"true"`
 }
 
 // MatchConstraints must match with EVERY single contraint
diff --git a/provider/rancher/rancher.go b/provider/rancher/rancher.go
index be40c1c1c..6fcb8fc1c 100644
--- a/provider/rancher/rancher.go
+++ b/provider/rancher/rancher.go
@@ -18,14 +18,14 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	provider.BaseProvider     `mapstructure:",squash"`
-	APIConfiguration          `mapstructure:",squash"` // Provide backwards compatibility
-	API                       *APIConfiguration        `description:"Enable the Rancher API provider"`
-	Metadata                  *MetadataConfiguration   `description:"Enable the Rancher metadata service provider"`
-	Domain                    string                   `description:"Default domain used"`
-	RefreshSeconds            int                      `description:"Polling interval (in seconds)"`
-	ExposedByDefault          bool                     `description:"Expose services by default"`
-	EnableServiceHealthFilter bool                     `description:"Filter services with unhealthy states and inactive states"`
+	provider.BaseProvider     `mapstructure:",squash" export:"true"`
+	APIConfiguration          `mapstructure:",squash" export:"true"` // Provide backwards compatibility
+	API                       *APIConfiguration                      `description:"Enable the Rancher API provider" export:"true"`
+	Metadata                  *MetadataConfiguration                 `description:"Enable the Rancher metadata service provider" export:"true"`
+	Domain                    string                                 `description:"Default domain used"`
+	RefreshSeconds            int                                    `description:"Polling interval (in seconds)" export:"true"`
+	ExposedByDefault          bool                                   `description:"Expose services by default" export:"true"`
+	EnableServiceHealthFilter bool                                   `description:"Filter services with unhealthy states and inactive states" export:"true"`
 }
 
 type rancherData struct {
diff --git a/provider/web/web.go b/provider/web/web.go
index 0e2d655e1..dcbf42ecf 100644
--- a/provider/web/web.go
+++ b/provider/web/web.go
@@ -25,15 +25,15 @@ import (
 
 // Provider is a provider.Provider implementation that provides the UI
 type Provider struct {
-	Address               string            `description:"Web administration port"`
-	CertFile              string            `description:"SSL certificate"`
-	KeyFile               string            `description:"SSL certificate"`
-	ReadOnly              bool              `description:"Enable read only API"`
-	Statistics            *types.Statistics `description:"Enable more detailed statistics"`
-	Metrics               *types.Metrics    `description:"Enable a metrics exporter"`
+	Address               string            `description:"Web administration port" export:"true"`
+	CertFile              string            `description:"SSL certificate" export:"true"`
+	KeyFile               string            `description:"SSL certificate" export:"true"`
+	ReadOnly              bool              `description:"Enable read only API" export:"true"`
+	Statistics            *types.Statistics `description:"Enable more detailed statistics" export:"true"`
+	Metrics               *types.Metrics    `description:"Enable a metrics exporter" export:"true"`
 	Path                  string            `description:"Root path for dashboard and API"`
-	Auth                  *types.Auth
-	Debug                 bool
+	Auth                  *types.Auth       `export:"true"`
+	Debug                 bool              `export:"true"`
 	CurrentConfigurations *safe.Safe
 	Stats                 *thoas_stats.Stats
 	StatsRecorder         *middlewares.StatsRecorder
diff --git a/provider/zk/zk.go b/provider/zk/zk.go
index 2089d44f5..28f8a2e26 100644
--- a/provider/zk/zk.go
+++ b/provider/zk/zk.go
@@ -15,7 +15,7 @@ var _ provider.Provider = (*Provider)(nil)
 
 // Provider holds configurations of the provider.
 type Provider struct {
-	kv.Provider `mapstructure:",squash"`
+	kv.Provider `mapstructure:",squash" export:"true"`
 }
 
 // Provide allows the zk provider to Provide configurations to traefik
diff --git a/server/uuid/uuid.go b/server/uuid/uuid.go
new file mode 100644
index 000000000..d8b7a6b57
--- /dev/null
+++ b/server/uuid/uuid.go
@@ -0,0 +1,14 @@
+package uuid
+
+import guuid "github.com/satori/go.uuid"
+
+var uuid string
+
+func init() {
+	uuid = guuid.NewV4().String()
+}
+
+// Get the instance UUID
+func Get() string {
+	return uuid
+}
diff --git a/types/types.go b/types/types.go
index 9f593b4e2..2bf2b9cf7 100644
--- a/types/types.go
+++ b/types/types.go
@@ -177,13 +177,13 @@ type ConfigMessage struct {
 	Configuration *Configuration
 }
 
-// Constraint hold a parsed constraint expresssion
+// Constraint hold a parsed constraint expression
 type Constraint struct {
-	Key string
+	Key string `export:"true"`
 	// MustMatch is true if operator is "==" or false if operator is "!="
-	MustMatch bool
+	MustMatch bool `export:"true"`
 	// TODO: support regex
-	Regex string
+	Regex string `export:"true"`
 }
 
 // NewConstraint receive a string and return a *Constraint, after checking syntax and parsing the constraint expression
@@ -198,14 +198,14 @@ func NewConstraint(exp string) (*Constraint, error) {
 		sep = "!="
 		constraint.MustMatch = false
 	} else {
-		return nil, errors.New("Constraint expression missing valid operator: '==' or '!='")
+		return nil, errors.New("constraint expression missing valid operator: '==' or '!='")
 	}
 
 	kv := strings.SplitN(exp, sep, 2)
 	if len(kv) == 2 {
 		// At the moment, it only supports tags
 		if kv[0] != "tag" {
-			return nil, errors.New("Constraint must be tag-based. Syntax: tag==us-*")
+			return nil, errors.New("constraint must be tag-based. Syntax: tag==us-*")
 		}
 
 		constraint.Key = kv[0]
@@ -213,7 +213,7 @@ func NewConstraint(exp string) (*Constraint, error) {
 		return constraint, nil
 	}
 
-	return nil, errors.New("Incorrect constraint expression: " + exp)
+	return nil, fmt.Errorf("incorrect constraint expression: %s", exp)
 }
 
 func (c *Constraint) String() string {
@@ -258,7 +258,7 @@ func (c *Constraint) MatchConstraintWithAtLeastOneTag(tags []string) bool {
 func (cs *Constraints) Set(str string) error {
 	exps := strings.Split(str, ",")
 	if len(exps) == 0 {
-		return errors.New("Bad Constraint format: " + str)
+		return fmt.Errorf("bad Constraint format: %s", str)
 	}
 	for _, exp := range exps {
 		constraint, err := NewConstraint(exp)
@@ -292,21 +292,22 @@ func (cs *Constraints) Type() string {
 // Store holds KV store cluster config
 type Store struct {
 	store.Store
-	Prefix string // like this "prefix" (without the /)
+	// like this "prefix" (without the /)
+	Prefix string `export:"true"`
 }
 
 // Cluster holds cluster config
 type Cluster struct {
-	Node  string `description:"Node name"`
-	Store *Store
+	Node  string `description:"Node name" export:"true"`
+	Store *Store `export:"true"`
 }
 
 // Auth holds authentication configuration (BASIC, DIGEST, users)
 type Auth struct {
-	Basic       *Basic
-	Digest      *Digest
-	Forward     *Forward
-	HeaderField string
+	Basic       *Basic   `export:"true"`
+	Digest      *Digest  `export:"true"`
+	Forward     *Forward `export:"true"`
+	HeaderField string   `export:"true"`
 }
 
 // Users authentication users
@@ -327,8 +328,8 @@ type Digest struct {
 // Forward authentication
 type Forward struct {
 	Address            string     `description:"Authentication server address"`
-	TLS                *ClientTLS `description:"Enable TLS support"`
-	TrustForwardHeader bool       `description:"Trust X-Forwarded-* headers"`
+	TLS                *ClientTLS `description:"Enable TLS support" export:"true"`
+	TrustForwardHeader bool       `description:"Trust X-Forwarded-* headers" export:"true"`
 }
 
 // CanonicalDomain returns a lower case domain with trim space
@@ -338,31 +339,31 @@ func CanonicalDomain(domain string) string {
 
 // Statistics provides options for monitoring request and response stats
 type Statistics struct {
-	RecentErrors int `description:"Number of recent errors logged"`
+	RecentErrors int `description:"Number of recent errors logged" export:"true"`
 }
 
 // Metrics provides options to expose and send Traefik metrics to different third party monitoring systems
 type Metrics struct {
-	Prometheus *Prometheus `description:"Prometheus metrics exporter type"`
-	Datadog    *Datadog    `description:"DataDog metrics exporter type"`
-	StatsD     *Statsd     `description:"StatsD metrics exporter type"`
+	Prometheus *Prometheus `description:"Prometheus metrics exporter type" export:"true"`
+	Datadog    *Datadog    `description:"DataDog metrics exporter type" export:"true"`
+	StatsD     *Statsd     `description:"StatsD metrics exporter type" export:"true"`
 }
 
 // Prometheus can contain specific configuration used by the Prometheus Metrics exporter
 type Prometheus struct {
-	Buckets Buckets `description:"Buckets for latency metrics"`
+	Buckets Buckets `description:"Buckets for latency metrics" export:"true"`
 }
 
 // Datadog contains address and metrics pushing interval configuration
 type Datadog struct {
 	Address      string `description:"DataDog's address"`
-	PushInterval string `description:"DataDog push interval"`
+	PushInterval string `description:"DataDog push interval" export:"true"`
 }
 
 // Statsd contains address and metrics pushing interval configuration
 type Statsd struct {
 	Address      string `description:"StatsD address"`
-	PushInterval string `description:"DataDog push interval"`
+	PushInterval string `description:"DataDog push interval" export:"true"`
 }
 
 // Buckets holds Prometheus Buckets
@@ -399,8 +400,8 @@ func (b *Buckets) SetValue(val interface{}) {
 
 // AccessLog holds the configuration settings for the access logger (middlewares/accesslog).
 type AccessLog struct {
-	FilePath string `json:"file,omitempty" description:"Access log file path. Stdout is used when omitted or empty"`
-	Format   string `json:"format,omitempty" description:"Access log format: json | common"`
+	FilePath string `json:"file,omitempty" description:"Access log file path. Stdout is used when omitted or empty" export:"true"`
+	Format   string `json:"format,omitempty" description:"Access log format: json | common" export:"true"`
 }
 
 // ClientTLS holds TLS specific configurations as client
diff --git a/vendor/github.com/mitchellh/copystructure/LICENSE b/vendor/github.com/mitchellh/copystructure/LICENSE
new file mode 100644
index 000000000..229851590
--- /dev/null
+++ b/vendor/github.com/mitchellh/copystructure/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Mitchell Hashimoto
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/mitchellh/copystructure/copier_time.go b/vendor/github.com/mitchellh/copystructure/copier_time.go
new file mode 100644
index 000000000..db6a6aa1a
--- /dev/null
+++ b/vendor/github.com/mitchellh/copystructure/copier_time.go
@@ -0,0 +1,15 @@
+package copystructure
+
+import (
+	"reflect"
+	"time"
+)
+
+func init() {
+	Copiers[reflect.TypeOf(time.Time{})] = timeCopier
+}
+
+func timeCopier(v interface{}) (interface{}, error) {
+	// Just... copy it.
+	return v.(time.Time), nil
+}
diff --git a/vendor/github.com/mitchellh/copystructure/copystructure.go b/vendor/github.com/mitchellh/copystructure/copystructure.go
new file mode 100644
index 000000000..140435255
--- /dev/null
+++ b/vendor/github.com/mitchellh/copystructure/copystructure.go
@@ -0,0 +1,548 @@
+package copystructure
+
+import (
+	"errors"
+	"reflect"
+	"sync"
+
+	"github.com/mitchellh/reflectwalk"
+)
+
+// Copy returns a deep copy of v.
+func Copy(v interface{}) (interface{}, error) {
+	return Config{}.Copy(v)
+}
+
+// CopierFunc is a function that knows how to deep copy a specific type.
+// Register these globally with the Copiers variable.
+type CopierFunc func(interface{}) (interface{}, error)
+
+// Copiers is a map of types that behave specially when they are copied.
+// If a type is found in this map while deep copying, this function
+// will be called to copy it instead of attempting to copy all fields.
+//
+// The key should be the type, obtained using: reflect.TypeOf(value with type).
+//
+// It is unsafe to write to this map after Copies have started. If you
+// are writing to this map while also copying, wrap all modifications to
+// this map as well as to Copy in a mutex.
+var Copiers map[reflect.Type]CopierFunc = make(map[reflect.Type]CopierFunc)
+
+// Must is a helper that wraps a call to a function returning
+// (interface{}, error) and panics if the error is non-nil. It is intended
+// for use in variable initializations and should only be used when a copy
+// error should be a crashing case.
+func Must(v interface{}, err error) interface{} {
+	if err != nil {
+		panic("copy error: " + err.Error())
+	}
+
+	return v
+}
+
+var errPointerRequired = errors.New("Copy argument must be a pointer when Lock is true")
+
+type Config struct {
+	// Lock any types that are a sync.Locker and are not a mutex while copying.
+	// If there is an RLocker method, use that to get the sync.Locker.
+	Lock bool
+
+	// Copiers is a map of types associated with a CopierFunc. Use the global
+	// Copiers map if this is nil.
+	Copiers map[reflect.Type]CopierFunc
+}
+
+func (c Config) Copy(v interface{}) (interface{}, error) {
+	if c.Lock && reflect.ValueOf(v).Kind() != reflect.Ptr {
+		return nil, errPointerRequired
+	}
+
+	w := new(walker)
+	if c.Lock {
+		w.useLocks = true
+	}
+
+	if c.Copiers == nil {
+		c.Copiers = Copiers
+	}
+
+	err := reflectwalk.Walk(v, w)
+	if err != nil {
+		return nil, err
+	}
+
+	// Get the result. If the result is nil, then we want to turn it
+	// into a typed nil if we can.
+	result := w.Result
+	if result == nil {
+		val := reflect.ValueOf(v)
+		result = reflect.Indirect(reflect.New(val.Type())).Interface()
+	}
+
+	return result, nil
+}
+
+// Return the key used to index interfaces types we've seen. Store the number
+// of pointers in the upper 32bits, and the depth in the lower 32bits. This is
+// easy to calculate, easy to match a key with our current depth, and we don't
+// need to deal with initializing and cleaning up nested maps or slices.
+func ifaceKey(pointers, depth int) uint64 {
+	return uint64(pointers)<<32 | uint64(depth)
+}
+
+type walker struct {
+	Result interface{}
+
+	depth       int
+	ignoreDepth int
+	vals        []reflect.Value
+	cs          []reflect.Value
+
+	// This stores the number of pointers we've walked over, indexed by depth.
+	ps []int
+
+	// If an interface is indirected by a pointer, we need to know the type of
+	// interface to create when creating the new value.  Store the interface
+	// types here, indexed by both the walk depth and the number of pointers
+	// already seen at that depth. Use ifaceKey to calculate the proper uint64
+	// value.
+	ifaceTypes map[uint64]reflect.Type
+
+	// any locks we've taken, indexed by depth
+	locks []sync.Locker
+	// take locks while walking the structure
+	useLocks bool
+}
+
+func (w *walker) Enter(l reflectwalk.Location) error {
+	w.depth++
+
+	// ensure we have enough elements to index via w.depth
+	for w.depth >= len(w.locks) {
+		w.locks = append(w.locks, nil)
+	}
+
+	for len(w.ps) < w.depth+1 {
+		w.ps = append(w.ps, 0)
+	}
+
+	return nil
+}
+
+func (w *walker) Exit(l reflectwalk.Location) error {
+	locker := w.locks[w.depth]
+	w.locks[w.depth] = nil
+	if locker != nil {
+		defer locker.Unlock()
+	}
+
+	// clear out pointers and interfaces as we exit the stack
+	w.ps[w.depth] = 0
+
+	for k := range w.ifaceTypes {
+		mask := uint64(^uint32(0))
+		if k&mask == uint64(w.depth) {
+			delete(w.ifaceTypes, k)
+		}
+	}
+
+	w.depth--
+	if w.ignoreDepth > w.depth {
+		w.ignoreDepth = 0
+	}
+
+	if w.ignoring() {
+		return nil
+	}
+
+	switch l {
+	case reflectwalk.Array:
+		fallthrough
+	case reflectwalk.Map:
+		fallthrough
+	case reflectwalk.Slice:
+		w.replacePointerMaybe()
+
+		// Pop map off our container
+		w.cs = w.cs[:len(w.cs)-1]
+	case reflectwalk.MapValue:
+		// Pop off the key and value
+		mv := w.valPop()
+		mk := w.valPop()
+		m := w.cs[len(w.cs)-1]
+
+		// If mv is the zero value, SetMapIndex deletes the key form the map,
+		// or in this case never adds it. We need to create a properly typed
+		// zero value so that this key can be set.
+		if !mv.IsValid() {
+			mv = reflect.Zero(m.Elem().Type().Elem())
+		}
+		m.Elem().SetMapIndex(mk, mv)
+	case reflectwalk.ArrayElem:
+		// Pop off the value and the index and set it on the array
+		v := w.valPop()
+		i := w.valPop().Interface().(int)
+		if v.IsValid() {
+			a := w.cs[len(w.cs)-1]
+			ae := a.Elem().Index(i) // storing array as pointer on stack - so need Elem() call
+			if ae.CanSet() {
+				ae.Set(v)
+			}
+		}
+	case reflectwalk.SliceElem:
+		// Pop off the value and the index and set it on the slice
+		v := w.valPop()
+		i := w.valPop().Interface().(int)
+		if v.IsValid() {
+			s := w.cs[len(w.cs)-1]
+			se := s.Elem().Index(i)
+			if se.CanSet() {
+				se.Set(v)
+			}
+		}
+	case reflectwalk.Struct:
+		w.replacePointerMaybe()
+
+		// Remove the struct from the container stack
+		w.cs = w.cs[:len(w.cs)-1]
+	case reflectwalk.StructField:
+		// Pop off the value and the field
+		v := w.valPop()
+		f := w.valPop().Interface().(reflect.StructField)
+		if v.IsValid() {
+			s := w.cs[len(w.cs)-1]
+			sf := reflect.Indirect(s).FieldByName(f.Name)
+
+			if sf.CanSet() {
+				sf.Set(v)
+			}
+		}
+	case reflectwalk.WalkLoc:
+		// Clear out the slices for GC
+		w.cs = nil
+		w.vals = nil
+	}
+
+	return nil
+}
+
+func (w *walker) Map(m reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+	w.lock(m)
+
+	// Create the map. If the map itself is nil, then just make a nil map
+	var newMap reflect.Value
+	if m.IsNil() {
+		newMap = reflect.New(m.Type())
+	} else {
+		newMap = wrapPtr(reflect.MakeMap(m.Type()))
+	}
+
+	w.cs = append(w.cs, newMap)
+	w.valPush(newMap)
+	return nil
+}
+
+func (w *walker) MapElem(m, k, v reflect.Value) error {
+	return nil
+}
+
+func (w *walker) PointerEnter(v bool) error {
+	if v {
+		w.ps[w.depth]++
+	}
+	return nil
+}
+
+func (w *walker) PointerExit(v bool) error {
+	if v {
+		w.ps[w.depth]--
+	}
+	return nil
+}
+
+func (w *walker) Interface(v reflect.Value) error {
+	if !v.IsValid() {
+		return nil
+	}
+	if w.ifaceTypes == nil {
+		w.ifaceTypes = make(map[uint64]reflect.Type)
+	}
+
+	w.ifaceTypes[ifaceKey(w.ps[w.depth], w.depth)] = v.Type()
+	return nil
+}
+
+func (w *walker) Primitive(v reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+	w.lock(v)
+
+	// IsValid verifies the v is non-zero and CanInterface verifies
+	// that we're allowed to read this value (unexported fields).
+	var newV reflect.Value
+	if v.IsValid() && v.CanInterface() {
+		newV = reflect.New(v.Type())
+		newV.Elem().Set(v)
+	}
+
+	w.valPush(newV)
+	w.replacePointerMaybe()
+	return nil
+}
+
+func (w *walker) Slice(s reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+	w.lock(s)
+
+	var newS reflect.Value
+	if s.IsNil() {
+		newS = reflect.New(s.Type())
+	} else {
+		newS = wrapPtr(reflect.MakeSlice(s.Type(), s.Len(), s.Cap()))
+	}
+
+	w.cs = append(w.cs, newS)
+	w.valPush(newS)
+	return nil
+}
+
+func (w *walker) SliceElem(i int, elem reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+
+	// We don't write the slice here because elem might still be
+	// arbitrarily complex. Just record the index and continue on.
+	w.valPush(reflect.ValueOf(i))
+
+	return nil
+}
+
+func (w *walker) Array(a reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+	w.lock(a)
+
+	newA := reflect.New(a.Type())
+
+	w.cs = append(w.cs, newA)
+	w.valPush(newA)
+	return nil
+}
+
+func (w *walker) ArrayElem(i int, elem reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+
+	// We don't write the array here because elem might still be
+	// arbitrarily complex. Just record the index and continue on.
+	w.valPush(reflect.ValueOf(i))
+
+	return nil
+}
+
+func (w *walker) Struct(s reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+	w.lock(s)
+
+	var v reflect.Value
+	if c, ok := Copiers[s.Type()]; ok {
+		// We have a Copier for this struct, so we use that copier to
+		// get the copy, and we ignore anything deeper than this.
+		w.ignoreDepth = w.depth
+
+		dup, err := c(s.Interface())
+		if err != nil {
+			return err
+		}
+
+		// We need to put a pointer to the value on the value stack,
+		// so allocate a new pointer and set it.
+		v = reflect.New(s.Type())
+		reflect.Indirect(v).Set(reflect.ValueOf(dup))
+	} else {
+		// No copier, we copy ourselves and allow reflectwalk to guide
+		// us deeper into the structure for copying.
+		v = reflect.New(s.Type())
+	}
+
+	// Push the value onto the value stack for setting the struct field,
+	// and add the struct itself to the containers stack in case we walk
+	// deeper so that its own fields can be modified.
+	w.valPush(v)
+	w.cs = append(w.cs, v)
+
+	return nil
+}
+
+func (w *walker) StructField(f reflect.StructField, v reflect.Value) error {
+	if w.ignoring() {
+		return nil
+	}
+
+	// If PkgPath is non-empty, this is a private (unexported) field.
+	// We do not set this unexported since the Go runtime doesn't allow us.
+	if f.PkgPath != "" {
+		return reflectwalk.SkipEntry
+	}
+
+	// Push the field onto the stack, we'll handle it when we exit
+	// the struct field in Exit...
+	w.valPush(reflect.ValueOf(f))
+	return nil
+}
+
+// ignore causes the walker to ignore any more values until we exit this on
+func (w *walker) ignore() {
+	w.ignoreDepth = w.depth
+}
+
+func (w *walker) ignoring() bool {
+	return w.ignoreDepth > 0 && w.depth >= w.ignoreDepth
+}
+
+func (w *walker) pointerPeek() bool {
+	return w.ps[w.depth] > 0
+}
+
+func (w *walker) valPop() reflect.Value {
+	result := w.vals[len(w.vals)-1]
+	w.vals = w.vals[:len(w.vals)-1]
+
+	// If we're out of values, that means we popped everything off. In
+	// this case, we reset the result so the next pushed value becomes
+	// the result.
+	if len(w.vals) == 0 {
+		w.Result = nil
+	}
+
+	return result
+}
+
+func (w *walker) valPush(v reflect.Value) {
+	w.vals = append(w.vals, v)
+
+	// If we haven't set the result yet, then this is the result since
+	// it is the first (outermost) value we're seeing.
+	if w.Result == nil && v.IsValid() {
+		w.Result = v.Interface()
+	}
+}
+
+func (w *walker) replacePointerMaybe() {
+	// Determine the last pointer value. If it is NOT a pointer, then
+	// we need to push that onto the stack.
+	if !w.pointerPeek() {
+		w.valPush(reflect.Indirect(w.valPop()))
+		return
+	}
+
+	v := w.valPop()
+
+	// If the expected type is a pointer to an interface of any depth,
+	// such as *interface{}, **interface{}, etc., then we need to convert
+	// the value "v" from *CONCRETE to *interface{} so types match for
+	// Set.
+	//
+	// Example if v is type *Foo where Foo is a struct, v would become
+	// *interface{} instead. This only happens if we have an interface expectation
+	// at this depth.
+	//
+	// For more info, see GH-16
+	if iType, ok := w.ifaceTypes[ifaceKey(w.ps[w.depth], w.depth)]; ok && iType.Kind() == reflect.Interface {
+		y := reflect.New(iType)           // Create *interface{}
+		y.Elem().Set(reflect.Indirect(v)) // Assign "Foo" to interface{} (dereferenced)
+		v = y                             // v is now typed *interface{} (where *v = Foo)
+	}
+
+	for i := 1; i < w.ps[w.depth]; i++ {
+		if iType, ok := w.ifaceTypes[ifaceKey(w.ps[w.depth]-i, w.depth)]; ok {
+			iface := reflect.New(iType).Elem()
+			iface.Set(v)
+			v = iface
+		}
+
+		p := reflect.New(v.Type())
+		p.Elem().Set(v)
+		v = p
+	}
+
+	w.valPush(v)
+}
+
+// if this value is a Locker, lock it and add it to the locks slice
+func (w *walker) lock(v reflect.Value) {
+	if !w.useLocks {
+		return
+	}
+
+	if !v.IsValid() || !v.CanInterface() {
+		return
+	}
+
+	type rlocker interface {
+		RLocker() sync.Locker
+	}
+
+	var locker sync.Locker
+
+	// We can't call Interface() on a value directly, since that requires
+	// a copy. This is OK, since the pointer to a value which is a sync.Locker
+	// is also a sync.Locker.
+	if v.Kind() == reflect.Ptr {
+		switch l := v.Interface().(type) {
+		case rlocker:
+			// don't lock a mutex directly
+			if _, ok := l.(*sync.RWMutex); !ok {
+				locker = l.RLocker()
+			}
+		case sync.Locker:
+			locker = l
+		}
+	} else if v.CanAddr() {
+		switch l := v.Addr().Interface().(type) {
+		case rlocker:
+			// don't lock a mutex directly
+			if _, ok := l.(*sync.RWMutex); !ok {
+				locker = l.RLocker()
+			}
+		case sync.Locker:
+			locker = l
+		}
+	}
+
+	// still no callable locker
+	if locker == nil {
+		return
+	}
+
+	// don't lock a mutex directly
+	switch locker.(type) {
+	case *sync.Mutex, *sync.RWMutex:
+		return
+	}
+
+	locker.Lock()
+	w.locks[w.depth] = locker
+}
+
+// wrapPtr is a helper that takes v and always make it *v. copystructure
+// stores things internally as pointers until the last moment before unwrapping
+func wrapPtr(v reflect.Value) reflect.Value {
+	if !v.IsValid() {
+		return v
+	}
+	vPtr := reflect.New(v.Type())
+	vPtr.Elem().Set(v)
+	return vPtr
+}
diff --git a/vendor/github.com/mitchellh/reflectwalk/LICENSE b/vendor/github.com/mitchellh/reflectwalk/LICENSE
new file mode 100644
index 000000000..f9c841a51
--- /dev/null
+++ b/vendor/github.com/mitchellh/reflectwalk/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Mitchell Hashimoto
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/mitchellh/reflectwalk/location.go b/vendor/github.com/mitchellh/reflectwalk/location.go
new file mode 100644
index 000000000..6a7f17611
--- /dev/null
+++ b/vendor/github.com/mitchellh/reflectwalk/location.go
@@ -0,0 +1,19 @@
+package reflectwalk
+
+//go:generate stringer -type=Location location.go
+
+type Location uint
+
+const (
+	None Location = iota
+	Map
+	MapKey
+	MapValue
+	Slice
+	SliceElem
+	Array
+	ArrayElem
+	Struct
+	StructField
+	WalkLoc
+)
diff --git a/vendor/github.com/mitchellh/reflectwalk/location_string.go b/vendor/github.com/mitchellh/reflectwalk/location_string.go
new file mode 100644
index 000000000..70760cf4c
--- /dev/null
+++ b/vendor/github.com/mitchellh/reflectwalk/location_string.go
@@ -0,0 +1,16 @@
+// Code generated by "stringer -type=Location location.go"; DO NOT EDIT.
+
+package reflectwalk
+
+import "fmt"
+
+const _Location_name = "NoneMapMapKeyMapValueSliceSliceElemArrayArrayElemStructStructFieldWalkLoc"
+
+var _Location_index = [...]uint8{0, 4, 7, 13, 21, 26, 35, 40, 49, 55, 66, 73}
+
+func (i Location) String() string {
+	if i >= Location(len(_Location_index)-1) {
+		return fmt.Sprintf("Location(%d)", i)
+	}
+	return _Location_name[_Location_index[i]:_Location_index[i+1]]
+}
diff --git a/vendor/github.com/mitchellh/reflectwalk/reflectwalk.go b/vendor/github.com/mitchellh/reflectwalk/reflectwalk.go
new file mode 100644
index 000000000..d7ab7b6d7
--- /dev/null
+++ b/vendor/github.com/mitchellh/reflectwalk/reflectwalk.go
@@ -0,0 +1,401 @@
+// reflectwalk is a package that allows you to "walk" complex structures
+// similar to how you may "walk" a filesystem: visiting every element one
+// by one and calling callback functions allowing you to handle and manipulate
+// those elements.
+package reflectwalk
+
+import (
+	"errors"
+	"reflect"
+)
+
+// PrimitiveWalker implementations are able to handle primitive values
+// within complex structures. Primitive values are numbers, strings,
+// booleans, funcs, chans.
+//
+// These primitive values are often members of more complex
+// structures (slices, maps, etc.) that are walkable by other interfaces.
+type PrimitiveWalker interface {
+	Primitive(reflect.Value) error
+}
+
+// InterfaceWalker implementations are able to handle interface values as they
+// are encountered during the walk.
+type InterfaceWalker interface {
+	Interface(reflect.Value) error
+}
+
+// MapWalker implementations are able to handle individual elements
+// found within a map structure.
+type MapWalker interface {
+	Map(m reflect.Value) error
+	MapElem(m, k, v reflect.Value) error
+}
+
+// SliceWalker implementations are able to handle slice elements found
+// within complex structures.
+type SliceWalker interface {
+	Slice(reflect.Value) error
+	SliceElem(int, reflect.Value) error
+}
+
+// ArrayWalker implementations are able to handle array elements found
+// within complex structures.
+type ArrayWalker interface {
+	Array(reflect.Value) error
+	ArrayElem(int, reflect.Value) error
+}
+
+// StructWalker is an interface that has methods that are called for
+// structs when a Walk is done.
+type StructWalker interface {
+	Struct(reflect.Value) error
+	StructField(reflect.StructField, reflect.Value) error
+}
+
+// EnterExitWalker implementations are notified before and after
+// they walk deeper into complex structures (into struct fields,
+// into slice elements, etc.)
+type EnterExitWalker interface {
+	Enter(Location) error
+	Exit(Location) error
+}
+
+// PointerWalker implementations are notified when the value they're
+// walking is a pointer or not. Pointer is called for _every_ value whether
+// it is a pointer or not.
+type PointerWalker interface {
+	PointerEnter(bool) error
+	PointerExit(bool) error
+}
+
+// SkipEntry can be returned from walk functions to skip walking
+// the value of this field. This is only valid in the following functions:
+//
+//   - Struct: skips all fields from being walked
+//   - StructField: skips walking the struct value
+//
+var SkipEntry = errors.New("skip this entry")
+
+// Walk takes an arbitrary value and an interface and traverses the
+// value, calling callbacks on the interface if they are supported.
+// The interface should implement one or more of the walker interfaces
+// in this package, such as PrimitiveWalker, StructWalker, etc.
+func Walk(data, walker interface{}) (err error) {
+	v := reflect.ValueOf(data)
+	ew, ok := walker.(EnterExitWalker)
+	if ok {
+		err = ew.Enter(WalkLoc)
+	}
+
+	if err == nil {
+		err = walk(v, walker)
+	}
+
+	if ok && err == nil {
+		err = ew.Exit(WalkLoc)
+	}
+
+	return
+}
+
+func walk(v reflect.Value, w interface{}) (err error) {
+	// Determine if we're receiving a pointer and if so notify the walker.
+	// The logic here is convoluted but very important (tests will fail if
+	// almost any part is changed). I will try to explain here.
+	//
+	// First, we check if the value is an interface, if so, we really need
+	// to check the interface's VALUE to see whether it is a pointer.
+	//
+	// Check whether the value is then a pointer. If so, then set pointer
+	// to true to notify the user.
+	//
+	// If we still have a pointer or an interface after the indirections, then
+	// we unwrap another level
+	//
+	// At this time, we also set "v" to be the dereferenced value. This is
+	// because once we've unwrapped the pointer we want to use that value.
+	pointer := false
+	pointerV := v
+
+	for {
+		if pointerV.Kind() == reflect.Interface {
+			if iw, ok := w.(InterfaceWalker); ok {
+				if err = iw.Interface(pointerV); err != nil {
+					return
+				}
+			}
+
+			pointerV = pointerV.Elem()
+		}
+
+		if pointerV.Kind() == reflect.Ptr {
+			pointer = true
+			v = reflect.Indirect(pointerV)
+		}
+		if pw, ok := w.(PointerWalker); ok {
+			if err = pw.PointerEnter(pointer); err != nil {
+				return
+			}
+
+			defer func(pointer bool) {
+				if err != nil {
+					return
+				}
+
+				err = pw.PointerExit(pointer)
+			}(pointer)
+		}
+
+		if pointer {
+			pointerV = v
+		}
+		pointer = false
+
+		// If we still have a pointer or interface we have to indirect another level.
+		switch pointerV.Kind() {
+		case reflect.Ptr, reflect.Interface:
+			continue
+		}
+		break
+	}
+
+	// We preserve the original value here because if it is an interface
+	// type, we want to pass that directly into the walkPrimitive, so that
+	// we can set it.
+	originalV := v
+	if v.Kind() == reflect.Interface {
+		v = v.Elem()
+	}
+
+	k := v.Kind()
+	if k >= reflect.Int && k <= reflect.Complex128 {
+		k = reflect.Int
+	}
+
+	switch k {
+	// Primitives
+	case reflect.Bool, reflect.Chan, reflect.Func, reflect.Int, reflect.String, reflect.Invalid:
+		err = walkPrimitive(originalV, w)
+		return
+	case reflect.Map:
+		err = walkMap(v, w)
+		return
+	case reflect.Slice:
+		err = walkSlice(v, w)
+		return
+	case reflect.Struct:
+		err = walkStruct(v, w)
+		return
+	case reflect.Array:
+		err = walkArray(v, w)
+		return
+	default:
+		panic("unsupported type: " + k.String())
+	}
+}
+
+func walkMap(v reflect.Value, w interface{}) error {
+	ew, ewok := w.(EnterExitWalker)
+	if ewok {
+		ew.Enter(Map)
+	}
+
+	if mw, ok := w.(MapWalker); ok {
+		if err := mw.Map(v); err != nil {
+			return err
+		}
+	}
+
+	for _, k := range v.MapKeys() {
+		kv := v.MapIndex(k)
+
+		if mw, ok := w.(MapWalker); ok {
+			if err := mw.MapElem(v, k, kv); err != nil {
+				return err
+			}
+		}
+
+		ew, ok := w.(EnterExitWalker)
+		if ok {
+			ew.Enter(MapKey)
+		}
+
+		if err := walk(k, w); err != nil {
+			return err
+		}
+
+		if ok {
+			ew.Exit(MapKey)
+			ew.Enter(MapValue)
+		}
+
+		if err := walk(kv, w); err != nil {
+			return err
+		}
+
+		if ok {
+			ew.Exit(MapValue)
+		}
+	}
+
+	if ewok {
+		ew.Exit(Map)
+	}
+
+	return nil
+}
+
+func walkPrimitive(v reflect.Value, w interface{}) error {
+	if pw, ok := w.(PrimitiveWalker); ok {
+		return pw.Primitive(v)
+	}
+
+	return nil
+}
+
+func walkSlice(v reflect.Value, w interface{}) (err error) {
+	ew, ok := w.(EnterExitWalker)
+	if ok {
+		ew.Enter(Slice)
+	}
+
+	if sw, ok := w.(SliceWalker); ok {
+		if err := sw.Slice(v); err != nil {
+			return err
+		}
+	}
+
+	for i := 0; i < v.Len(); i++ {
+		elem := v.Index(i)
+
+		if sw, ok := w.(SliceWalker); ok {
+			if err := sw.SliceElem(i, elem); err != nil {
+				return err
+			}
+		}
+
+		ew, ok := w.(EnterExitWalker)
+		if ok {
+			ew.Enter(SliceElem)
+		}
+
+		if err := walk(elem, w); err != nil {
+			return err
+		}
+
+		if ok {
+			ew.Exit(SliceElem)
+		}
+	}
+
+	ew, ok = w.(EnterExitWalker)
+	if ok {
+		ew.Exit(Slice)
+	}
+
+	return nil
+}
+
+func walkArray(v reflect.Value, w interface{}) (err error) {
+	ew, ok := w.(EnterExitWalker)
+	if ok {
+		ew.Enter(Array)
+	}
+
+	if aw, ok := w.(ArrayWalker); ok {
+		if err := aw.Array(v); err != nil {
+			return err
+		}
+	}
+
+	for i := 0; i < v.Len(); i++ {
+		elem := v.Index(i)
+
+		if aw, ok := w.(ArrayWalker); ok {
+			if err := aw.ArrayElem(i, elem); err != nil {
+				return err
+			}
+		}
+
+		ew, ok := w.(EnterExitWalker)
+		if ok {
+			ew.Enter(ArrayElem)
+		}
+
+		if err := walk(elem, w); err != nil {
+			return err
+		}
+
+		if ok {
+			ew.Exit(ArrayElem)
+		}
+	}
+
+	ew, ok = w.(EnterExitWalker)
+	if ok {
+		ew.Exit(Array)
+	}
+
+	return nil
+}
+
+func walkStruct(v reflect.Value, w interface{}) (err error) {
+	ew, ewok := w.(EnterExitWalker)
+	if ewok {
+		ew.Enter(Struct)
+	}
+
+	skip := false
+	if sw, ok := w.(StructWalker); ok {
+		err = sw.Struct(v)
+		if err == SkipEntry {
+			skip = true
+			err = nil
+		}
+		if err != nil {
+			return
+		}
+	}
+
+	if !skip {
+		vt := v.Type()
+		for i := 0; i < vt.NumField(); i++ {
+			sf := vt.Field(i)
+			f := v.FieldByIndex([]int{i})
+
+			if sw, ok := w.(StructWalker); ok {
+				err = sw.StructField(sf, f)
+
+				// SkipEntry just pretends this field doesn't even exist
+				if err == SkipEntry {
+					continue
+				}
+
+				if err != nil {
+					return
+				}
+			}
+
+			ew, ok := w.(EnterExitWalker)
+			if ok {
+				ew.Enter(StructField)
+			}
+
+			err = walk(f, w)
+			if err != nil {
+				return
+			}
+
+			if ok {
+				ew.Exit(StructField)
+			}
+		}
+	}
+
+	if ewok {
+		ew.Exit(Struct)
+	}
+
+	return nil
+}