Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Credential Vault in Mule 3 vs Mule 4

DZone's Guide to

Credential Vault in Mule 3 vs Mule 4

Read this tutorial in order to learn how to create a credential vault in Mule 3 and also in Mule 4. It includes pictures for reference.

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

Image titleImplementing a credential vault using secure property placeholders, encryption-key, and a credential vault is different in Mule 4 when compared to Mule 3.

Let's see how we will implement this in Mule 3:

Prerequisite: Mule Enterprise Security Module should be installed/plugged-in to the Anypoint Studio 6.x.

To implement this, you will need 3 things:

  1. Creating a credential vault:

Credential Vault is a property file which contains encrypted properties in Key=Value fashion. This can be done as follows:

  • Create a property file under the resources folder.

Image title

  • Open the newly created property file with Mule Properties Editor by right-clicking on the file and select Open With -> Mule Properties Editor.
  • Click on the + icon on the toolbar to create or add the property to the file.

Image title

  • Add properties in Key and Value fashion and click on the Encrypt button to encrypt this specific property value. You can also click the OK button to create a plain property value.
  • Encryption SetUp: Select the appropriate algorithm in the pop-up window. Here, I am choosing the Blowfish as the algorithm and passing the Key (a secret-key used to encrypt these property values) and then clicking on the OK button. (Note: This same key should be made to pass at the run-time so that Mule will use this and decrypt property values during run-time)

Image title

  • Now the value of this particular property will be encrypted and stored in this file.

Image title

  • The above steps should be repeated for creating all sensitive properties that need to be maintained securely.

2. Creating a secure property placeholder:

  • Create a global secure placeholder from theGlobal Elements tab of the canvas.

Image title

  • Give the encryption algorithm a name, mode, and Key used to encrypt/decrypt property values and the location of the credential vault (filename of the secure property file). Then, click on the OK button.

Image title

3. Creating the secret key to demand by the Mule:

  • Deploy the application as Run Configuration and then pass the secret.key and env values as the VM argument by prefixing -D to the Key=Value pair. Multiple Key=Value pairs are to be separated by whitespace.

Image title

  • Click on the Run button to deploy the application.

Now let's see how we will implement this in Mule 4:

Prerequisite: Add secure property configuration extension to the studio by adding the dependency to the project's pom file.

<dependency>

<groupId>com.mulesoft.modules</groupId>

<artifactId>mule-secure-configuration-property-module</artifactId>

<classifier>mule-plugin</classifier>

<version>1.0.0</version>

</dependency>


Here in Mule 4, we also have to do 3 things but in a different way:

  1. Creating a credential vault:
  • Create a property file under the resources folder.

Image title

  • Add properties to this file in a Key=Value fashion.
  • In Mule 4, property values need to be encrypted by using the secure-properties-tool.jar from the command prompt. This jar can be downloaded from the link https://docs.mulesoft.com/mule4-user-guide/v/4.1/_attachments/secure-properties-tool.jar
  • To encrypt or decrypt properties using this tool, open the command prompt and navigate to the path of this tool.
  • You can encrypt each and every single property value or you can encrypt all property values of a file in a single step. It is done using the commands that follow:
    • Encrypt each property value using the command: java -jar secure-properties-tool.jar string <encrypt|decrypt> <algorithm> <mode> <key> <value>
    • Encrypt entire property file at once using the command: java -jar secure-properties-tool.jar file <encrypt|decrypt> <algorithm> <mode> <key> <input file> <output file>
  • If you want encrypt each sing property as a string:

Image title

  • Copy the encrypted text and paste it into the project's property file. Note: Make sure that the encrypted text in property file is enclosed or represented as ![encryptedPropertyValue]

Image title

  • Repeat this to encrypt each property value
  • If you want to encrypt the total property file, then add all properties to the file.

Image title

  • Then, run the command to generate encrypted property file:

Image title

  • Generated file content will look like this:

Image title

  • Use the newly generated file in the project as a credential vault.

Note: We can also use the UI based property encryption process by installing the Mule Enterprise Security Module,  which we used with AnypointStudio 6.x with Mule 3.x

2. Creating a secure properties configuration

  • Create a global secure properties configuration from the Global Elements tab of the canvas

Image title

  • Give the file name, Key used to encrypt/decrypt property value, encryption algorithm name, and mode. Then click on OK button.

Image title

  • A reference to an encrypted property from the project can be made by the ant notation and by prefixing the propertyKey with the "secure::", and it will look like ${secure::database.password}.
  • Note: To refer or to use any property (i.e., both encrypted and plain properties) from a secure-property-placeholder, we need to use "secure::" preceding to the propertyKey.

Image title

3. Creating the secret key to demand by the Mule:

  • Deploy the application as Run Configuration and then pass the secret.key and env values as the VM argument by prefixing -D to the Key=Value pair. Multiple Key=Value pairs are to be separated by whitespace.

Image title

Thanks.

Download A Buyer's Guide to Application and Data Integration, your one-stop-shop for research, checklists, and explanations for an application and data integration solution.

Topics:
mule 4 ,tutorial ,mule 3 ,integration ,credential vault

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}