Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Encrypt Passwords in MuleSoft ESB Community Edition

DZone's Guide to

How to Encrypt Passwords in MuleSoft ESB Community Edition

In this article, we show you how you can quickly implement password encryption in your Mule to add security to your integration project.

· Security Zone
Free Resource

Discover how to protect your applications from known and unknown vulnerabilities.

MuleSoft provides an out of the box Secure Property Placeholder for encrypting passwords and other private information in your applications. Although, in order to use this component in your integration, you need to have an Enterprise License, and hence it is not supported in Mule Community Edition Runtime.

Since Mule ESB is a framework of Spring, we can achieve the full functionality of Mule EE's Secure Property Placeholder even in Mule Community Edition Runtime, with the use of Spring Beans. 

The following Spring Bean snippet when added to your Mule configuration XML file, will provide full functionality of Mule EE's Secure Property Placeholder in Mule Community Edition Runtime.

<spring:beans>
    <spring:bean class="org.mule.modules.security.placeholder.SecurePropertyPlaceholderModule">
        <spring:property name="encryptionMode" value="${encryptionMode}"/>
        <spring:property name="encryptionAlgorithm" value="${encryptionAlgorithm}"/>
        <spring:property name="location" value="${env}.properties"/>
        <spring:property name="ignoreUnresolvablePlaceholders" value="true"/>
        <spring:property name="ignoreResourceNotFound" value="true"/>
        <spring:property name="key" value="${key}"/>
</spring:bean>
</spring:beans>

There are a few prerequisites that you need to keep in mind before implementing this functionality.

1) It is recommended to mavenize the project, and add the below dependencies.

<dependency>
    <groupId>com.mulesoft.security</groupId>
    <artifactId>mule-module-security-property-placeholder</artifactId>
    <version>1.4.0</version>
</dependency>
<dependency>
    <groupId>com.mulesoft.security</groupId>
    <artifactId>mule-module-security-encryption</artifactId>
    <version>1.4.0</version>
</dependency>

Kindly note, you can use any version of the jar file.

2) Make sure the snippet of your Property Placeholder is syntactically below the Spring Bean created for Secure Property Placeholder in your Mule configuration XML, as decryption of the parameter takes precedence.

If the prerequisites are followed, you should be good to go and be able to secure your passwords and private information for your integrations.

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

Topics:
mulesoft ,security ,password security ,encryption

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}