/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How to Encrypt Passwords in MuleSoft ESB Community Edition

DZone's Guide to

How to Encrypt Passwords in MuleSoft ESB Community Edition

In this article, we show you how you can quickly implement password encryption in your Mule to add security to your integration project.

by
Abhay Singh
·
Oct. 05, 17 · Security Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Discover how to protect your applications from known and unknown vulnerabilities.

MuleSoft provides an out of the box Secure Property Placeholder for encrypting passwords and other private information in your applications. Although, in order to use this component in your integration, you need to have an Enterprise License, and hence it is not supported in Mule Community Edition Runtime.

Since Mule ESB is a framework of Spring, we can achieve the full functionality of Mule EE's Secure Property Placeholder even in Mule Community Edition Runtime, with the use of Spring Beans. 

The following Spring Bean snippet when added to your Mule configuration XML file, will provide full functionality of Mule EE's Secure Property Placeholder in Mule Community Edition Runtime.

<spring:beans>
    <spring:bean class="org.mule.modules.security.placeholder.SecurePropertyPlaceholderModule">
        <spring:property name="encryptionMode" value="${encryptionMode}"/>
        <spring:property name="encryptionAlgorithm" value="${encryptionAlgorithm}"/>
        <spring:property name="location" value="${env}.properties"/>
        <spring:property name="ignoreUnresolvablePlaceholders" value="true"/>
        <spring:property name="ignoreResourceNotFound" value="true"/>
        <spring:property name="key" value="${key}"/>
</spring:bean>
</spring:beans>

There are a few prerequisites that you need to keep in mind before implementing this functionality.

1) It is recommended to mavenize the project, and add the below dependencies.

<dependency>
    <groupId>com.mulesoft.security</groupId>
    <artifactId>mule-module-security-property-placeholder</artifactId>
    <version>1.4.0</version>
</dependency>
<dependency>
    <groupId>com.mulesoft.security</groupId>
    <artifactId>mule-module-security-encryption</artifactId>
    <version>1.4.0</version>
</dependency>

Kindly note, you can use any version of the jar file.

2) Make sure the snippet of your Property Placeholder is syntactically below the Spring Bean created for Secure Property Placeholder in your Mule configuration XML, as decryption of the parameter takes precedence.

If the prerequisites are followed, you should be good to go and be able to secure your passwords and private information for your integrations.

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

Like This Article? Read More From DZone

Strong Encryption and Death
Encrypt Mule Message With Anypoint JCE and XML Encrypter
Secure Sensitive Data With Mule Credentials Vault

Free DZone Refcard

Java Application Vulnerabilities
DOWNLOAD
Topics:
mulesoft ,security ,password security ,encryption

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Learn How to Build Security into the DevOps Life Cycle
Traditional Application Security Approaches Are Not Working
See how the Agile Security Manifesto can help your firm build secure software in an agile way.
Bring your Java apps up to date with the latest Java release with no code changes
CISO’s Guide to Application Security
Webinar: Secure your apps against a deserialization attack. It's not possible, is it?
Building Security Into Cloud Applications
Delivering Security in an Agile World
Software Security Testing: Blending Art and Science

Security Partner Resources

Learn How to Build Security into the DevOps Life Cycle
Traditional Application Security Approaches Are Not Working
See how the Agile Security Manifesto can help your firm build secure software in an agile way.
Bring your Java apps up to date with the latest Java release with no code changes

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone