In this article I will show you how to use mule credential vault and how to start securing your properties file using Anypoint Security suite. You will also get to know about the best practices of using secure properties.
Step I: Installing Anypoint Security Suite
Step I: Installing Anypoint Security Suite
Anypoint Enterprise Security is a collection of security features that enforce secure access to information in Mule applications.It helps application developers to develop security solutions as per security requirements, prevent security breaches, and facilitate proper authorized access to data.
You can find how to install Anypoint security suite my another article here
You can find how to install Anypoint security suite my another article here
Before starting you should understand how Mule Credentials Vault actually works. you can go through the documentation here
How to Encrypt Properties
How to Encrypt Properties
1. Create a Mule project in Anypoint Studio.
2. Add maven dependency to project pom.xml
<dependency>
<groupId>com.mulesoft.modules</groupId>
<artifactId>mule-secure-configuration-property-module</artifactId>
<version>1.0.2</version>
<classifier>mule-plugin</classifier>
</dependency>
2. Add maven dependency to project pom.xml
<dependency>
<groupId>com.mulesoft.modules</groupId>
<artifactId>mule-secure-configuration-property-module</artifactId>
<version>1.0.2</version>
<classifier>mule-plugin</classifier>
</dependency>
3. In the src/main/resources folder of the project, right-click and select New -> File.
4. In the New file wizard, provide a file name, which should include .properties extension. Ex: dev.secure.properties. Click finish.
5. In the project explorer, right-click the .properties file and select Open with -> Mule Properties Editor.
6. Click on the green + icon in the studio. In the Add New Property window, add a key and a value. Click on Encrypt button if you want to encrypt the value, and do not if you don’t want to.
7. If you click on Encrypt, in the Setup encryption information dialog box that appears, select an algorithm and provide a key that will be used to encrypt the value. Click OK.
8. After you click OK, the encrypted value looks as shown below.
8. Repeat the above steps to add more values to the Credentials Vault.
1. Click on the Global Elements tab. Create a global property ${encrypted.key}. This will be provided to secure property place holder. ${encryption.key} is the key that we will provide at runtime of the application.
2. In the Secure Property Placeholder wizard, set the Encryption Algorithm, Encryption Mode, and key. The Encryption Algorithm will be the same as you used at the time of the encryption process above. The key will be the value that you used to encrypt your value above (STEP 6).
Here, ${encrypted.key} is provided through global property.
Local Setup for running your application
1. Click on the project–> Run as –> Run Configuration
1234 above is my key. You need to add your encryption key in runtime arguments here as shown above.
2. After you run this application, call the following flow and look at the console. You will see that the encrypted value is getting printed after decryption.
INFO 2019-10-02 12:33:17,486 [[MuleRuntime].cpuLight.08: [retrieve-secure-properties-using-dw2].retrieve-secure-properties-using-dw2.CPU_LITE @17e305df] [event: b5c46681-e4e2-11e9-a182-e6a471bf06f3] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: secure prop value>> Hello Manish
INFO 2019-10-02 12:33:22,768 [[MuleRuntime].cpuIntensive.02: [retrieve-secure-properties-using-dw2].retrieve-secure-properties-using-dw2.CPU_INTENSIVE @51ad86c5] [event: b5c46681-e4e2-11e9-a182-e6a471bf06f3] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: “secure prop value>>” {password=*****}
INFO 2019-10-02 12:33:22,768 [[MuleRuntime].cpuIntensive.02: [retrieve-secure-properties-using-dw2].retrieve-secure-properties-using-dw2.CPU_INTENSIVE @51ad86c5] [event: b5c46681-e4e2-11e9-a182-e6a471bf06f3] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: “secure prop value>>” {password=*****}
 |
| Logging secure properties |
 |
| Logging secure prop as payload |
To build your application through command line
Note:
- It is recommended to never log your secure prop values.
- Always externalize your secure properties.
- In cloud deployment you can pass secure properties like encryption key in properties editor tab.
Please find the sample Mule project here