Securing configuration properties in mule

In this article I will show you how to use mule credential vault and how to start securing your properties file using Anypoint Security suite. You will also get to know about the best practices of using secure properties.

Step I: Installing Anypoint Security Suite

Anypoint Enterprise Security is a collection of security features that enforce secure access to information in Mule applications.It helps application developers to develop security solutions as per security requirements, prevent security breaches, and facilitate proper authorized access to data.

You can find how to install Anypoint security suite my another article here

Before starting you should understand how Mule Credentials Vault actually works. you can go through the documentation here

How to Encrypt Properties

1. Create a Mule project in Anypoint Studio.

2. Add maven dependency to project pom.xml

<dependency>
<groupId>com.mulesoft.modules</groupId>
<artifactId>mule-secure-configuration-property-module</artifactId>
<version>1.0.2</version>
<classifier>mule-plugin</classifier>
</dependency>

3. In the src/main/resources folder of the project, right-click and select New -> File.

Anypoint, Configuration, dataweave 2, Decryption, Encryption, Integration, Maven, Middleware, Mule, Mule 3, Mule 4, MuleCode, MuleProject, MuleSoft, Properties, Tutorial, Mule Credentials Vault, Maven, secure, Security,

4. In the New file wizard, provide a file name, which should include .properties extension. Ex: dev.secure.properties. Click finish.

5. In the project explorer, right-click the .properties file and select Open with -> Mule Properties Editor.

6. Click on the green + icon in the studio. In the Add New Property window, add a key and a value. Click on Encrypt button if you want to encrypt the value, and do not if you don’t want to.

7. If you click on Encrypt, in the Setup encryption information dialog box that appears, select an algorithm and provide a key that will be used to encrypt the value. Click OK.

8. After you click OK, the encrypted value looks as shown below.

8. Repeat the above steps to add more values to the Credentials Vault.

1. Click on the Global Elements tab. Create a global property ${encrypted.key}. This will be provided to secure property place holder. ${encryption.key} is the key that we will provide at runtime of the application.

2. In the Secure Property Placeholder wizard, set the Encryption Algorithm, Encryption Mode, and key. The Encryption Algorithm will be the same as you used at the time of the encryption process above. The key will be the value that you used to encrypt your value above (STEP 6).

Here, ${encrypted.key} is provided through global property.

Local Setup for running your application

1. Click on the project–> Run as –> Run Configuration

1234 above is my key. You need to add your encryption key in runtime arguments here as shown above.

2. After you run this application, call the following flow and look at the console. You will see that the encrypted value is getting printed after decryption.

INFO 2019-10-02 12:33:17,486 [[MuleRuntime].cpuLight.08: [retrieve-secure-properties-using-dw2].retrieve-secure-properties-using-dw2.CPU_LITE @17e305df] [event: b5c46681-e4e2-11e9-a182-e6a471bf06f3] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: secure prop value>> Hello Manish

INFO 2019-10-02 12:33:22,768 [[MuleRuntime].cpuIntensive.02: [retrieve-secure-properties-using-dw2].retrieve-secure-properties-using-dw2.CPU_INTENSIVE @51ad86c5] [event: b5c46681-e4e2-11e9-a182-e6a471bf06f3] org.mule.runtime.core.internal.processor.LoggerMessageProcessor: “secure prop value>>” {password=*****}

Logging secure properties

Logging secure prop as payload

To build your application through command line

Note:

It is recommended to never log your secure prop values.
Always externalize your secure properties.
In cloud deployment you can pass secure properties like encryption key in properties editor tab.