Safely Hiding Application Properties
Safely Hiding Application Properties
Let's look at the concept of encrypting application properties and storing them in secure properties placeholders.
Join the DZone community and get the full member experience.Join For Free
The State of API Integration 2018: Get Cloud Elements’ report for the most comprehensive breakdown of the API integration industry’s past, present, and future.
CloudHub supports safely hidden application properties, where the name of a property is visible in the console, but the value is not displayed or retrievable by any user. CloudHub resolves the property at runtime without exposing the sensitive information.
This is a separate feature and concept from encrypted Mule application properties and the easiest way to secure the sensitive information.
Application Properties are variables that act as placeholders in your Mule application and which are set in your Mule runtime at runtime. The Mule runtime supplies the values for the property variables using the information you configure in the Runtime Manager console’s Properties tab.
For sensitive information, we may wish to flag these properties as hidden so that after they are entered and saved in the Runtime Manager console, their values should not be visible in the console. This can be achieved by either of the below 2 approaches:
1. Encrypt Application Properties and Store in Secure Properties Placeholders:
Using this option, Mule applications can also store properties with encrypted values and bundles the secure property placeholder files inside the Mule application’s deployable archive .jar file. Encrypted properties will not appear in the Runtime manager tab, and in this way, the values are safely locked inside the Mule application.
However, a problem arises when someone needs to update an encrypted value. The Runtime Manager console does not have access to the secret key, so it is impossible to replace an encrypted value with a new encrypted value without opening up the Mule application source files and regenerating the new encrypted value which makes this approach cumbersome in maintenance perspective.
2. Safely Hidden Application Properties:
The above problem can be eliminated by using this approach. This is another feature to secure the sensitive information in Mule by listing the application properties as secured properties. Once application properties are marked as secured properties in the Mule's app properties, then values will be hidden in the Runtime Manager just like encrypted properties. Also, one can safely replace the value with the new value in clear text without encrypting them.
1.2 Use Case
Let's consider an example where we want to secure or hide sensitive information using Safely hidden properties. Here, we want to hide the emailId of a customer using secured properties.
a) First, create a Mule project that can accept an HTTP request and send the emailId of the customer in the response.
In set payload, I am reading the emailId from the property file and sending it as a part of the response.
b) Now, we want to secure the emailId so that it should not be visible in Runtime Manager. To do this, include the application properties in the secure properties list in mule-app.properties.
c) Create an archive and deploy the application in CloudHub and test it.
We can see that emailId is showing up in the response. Now, let's update the emailId in the Runtime Manager and see what happens.
After updating the emailId in the Runtime Manager, we are getting the updated emailId value in the response and if you look at the Runtime Manager you will notice that value of emailId is hidden/masked and there is no way one can retrieve this value.
If anyone wants to update the emailId with the new value, one has to enter the new value in the clear text and hence, there is no need to enter in the encrypted form.
- Mule applications, which are deployed in CloudHub, may not need to encrypt the properties. Instead, just flag those properties as secured properties.
- If there is any need to update the value, then one can directly enter the new value in the clear text.
- Moving the application from one environment to another, safely hidden application properties will not get copied to the new environment.
- Once an application is deployed with safely hidden application properties, CloudHub maintains the security flag for those properties. Even if you edit your application file to remove the secured properties definition.
Published at DZone with permission of manish kumar . See the original article here.
Opinions expressed by DZone contributors are their own.