How to Encrypt Passwords in MuleSoft ESB Community Edition
How to Encrypt Passwords in MuleSoft ESB Community Edition
In this article, we show you how you can quickly implement password encryption in your Mule to add security to your integration project.
Join the DZone community and get the full member experience.
Join For FreeDiscover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.
MuleSoft provides an out of the box Secure Property Placeholder for encrypting passwords and other private information in your applications. Although, in order to use this component in your integration, you need to have an Enterprise License, and hence it is not supported in Mule Community Edition Runtime.
Since Mule ESB is a framework of Spring, we can achieve the full functionality of Mule EE's Secure Property Placeholder even in Mule Community Edition Runtime, with the use of Spring Beans.
The following Spring Bean snippet when added to your Mule configuration XML file, will provide full functionality of Mule EE's Secure Property Placeholder in Mule Community Edition Runtime.
<spring:beans>
<spring:bean class="org.mule.modules.security.placeholder.SecurePropertyPlaceholderModule">
<spring:property name="encryptionMode" value="${encryptionMode}"/>
<spring:property name="encryptionAlgorithm" value="${encryptionAlgorithm}"/>
<spring:property name="location" value="${env}.properties"/>
<spring:property name="ignoreUnresolvablePlaceholders" value="true"/>
<spring:property name="ignoreResourceNotFound" value="true"/>
<spring:property name="key" value="${key}"/>
</spring:bean>
</spring:beans>There are a few prerequisites that you need to keep in mind before implementing this functionality.
1) It is recommended to mavenize the project, and add the below dependencies.
<dependency>
<groupId>com.mulesoft.security</groupId>
<artifactId>mule-module-security-property-placeholder</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>com.mulesoft.security</groupId>
<artifactId>mule-module-security-encryption</artifactId>
<version>1.4.0</version>
</dependency>Kindly note, you can use any version of the jar file.
2) Make sure the snippet of your Property Placeholder is syntactically below the Spring Bean created for Secure Property Placeholder in your Mule configuration XML, as decryption of the parameter takes precedence.
If the prerequisites are followed, you should be good to go and be able to secure your passwords and private information for your integrations.
Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.
Like This Article? Read More From DZone
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}