Credential Vault in Mule 3 vs Mule 4

Implementing a credential vault using secure property placeholders, encryption-key, and a credential vault is different in Mule 4 when compared to Mule 3.

Let's see how we will implement this in Mule 3:

Prerequisite: Mule Enterprise Security Module should be installed/plugged-in to the Anypoint Studio 6.x.

To implement this, you will need 3 things:

1. Creating a credential vault:

Credential Vault is a property file which contains encrypted properties in Key=Value fashion. This can be done as follows:

• Create a property file under the resources folder.

• Open the newly created property file with Mule Properties Editor by right-clicking on the file and select Open With -> Mule Properties Editor.
• Click on the + icon on the toolbar to create or add the property to the file.

• Add properties in Key and Value fashion and click on the Encrypt button to encrypt this specific property value. You can also click the OK button to create a plain property value.
• Encryption SetUp: Select the appropriate algorithm in the pop-up window. Here, I am choosing the Blowfish as the algorithm and passing the Key (a secret-key used to encrypt these property values) and then clicking on the OK button. (Note: This same key should be made to pass at the run-time so that Mule will use this and decrypt property values during run-time)

• Now the value of this particular property will be encrypted and stored in this file.

• The above steps should be repeated for creating all sensitive properties that need to be maintained securely.

2. Creating a secure property placeholder:

• Create a global secure placeholder from theGlobal Elements tab of the canvas.

• Give the encryption algorithm a name, mode, and Key used to encrypt/decrypt property values and the location of the credential vault (filename of the secure property file). Then, click on the OK button.

3. Creating the secret key to demand by the Mule:

• Deploy the application as Run Configuration and then pass the secret.key and env values as the VM argument by prefixing -D to the Key=Value pair. Multiple Key=Value pairs are to be separated by whitespace.

• Click on the Run button to deploy the application.

Now let's see how we will implement this in Mule 4:

Prerequisite: Add secure property configuration extension to the studio by adding the dependency to the project's pom file.

<dependency>

<groupId>com.mulesoft.modules</groupId>

<artifactId>mule-secure-configuration-property-module</artifactId>

<classifier>mule-plugin</classifier>

<version>1.0.0</version>

</dependency>

Here in Mule 4, we also have to do 3 things but in a different way:

1. Creating a credential vault:

• Create a property file under the resources folder.

• Add properties to this file in a Key=Value fashion.
• In Mule 4, property values need to be encrypted by using the secure-properties-tool.jar from the command prompt. This jar can be downloaded from the link https://docs.mulesoft.com/mule4-user-guide/v/4.1/_attachments/secure-properties-tool.jar
• To encrypt or decrypt properties using this tool, open the command prompt and navigate to the path of this tool.
• You can encrypt each and every single property value or you can encrypt all property values of a file in a single step. It is done using the commands that follow:
  • Encrypt each property value using the command: java -jar secure-properties-tool.jar string <encrypt|decrypt> <algorithm> <mode> <key> <value>
  • Encrypt entire property file at once using the command: java -jar secure-properties-tool.jar file <encrypt|decrypt> <algorithm> <mode> <key> <input file> <output file>
• If you want encrypt each sing property as a string: