Secure Sensitive Data With Mule Credentials Vault

DZone 's Guide to

Secure Sensitive Data With Mule Credentials Vault

In this post, we'll go over securing sensitive data using the Mule Credentials Vault, from setup to actually using it to protect your data.

· Security Zone ·
Free Resource

Mule Credentials Vault is used to encrypt the data in a .properties file. Data is stored in the properties file as a name-value pair. It can store various information like usernames, passwords, and security tokens. This data is very sensitive and required by the application at runtime. So you need to store the data in a properties file as encrypted data to restrict it from unauthorized access and to protect the data. To do this, use the three ingredients below:

  • Mule Credentials Vault.

  • Global Secure Property Placeholder element.

  • A key to unlock the vault.

In the context of Anypoint Enterprise Security, the property file which stores the encrypted property is know as a Mule Credentials Vault.

Placeholders, Keys, and Vaults

In Mule, you can set up several variations of the Placeholder-Vault-Key relationship.

One-to-One-to-One Relationship

A one-to-one-to-one relationship is simple. This relationship uses one key that decrypts the properties in one property file.

Image title

One-to-One-to-Many Relationship

 This relationship uses one key to decrypt the properties in multiple property files.

Image title

Many-to-Many-to-Many Relationship

 This relationship uses one key to decrypt the properties in only one property file.

Image title

Now, we will walk through how to create a mule credentials vault.

Encrypt Properties

First, make sure that Anypoint Enterprise Security is installed in your Anypoint Studio.

Go to src/main/resources folder in your Mule application and right click it. Select New > File.

Image title

In New file wizard, enter the filename security-test.properties. You can enter the filename of your choice but make sure the file extension is .properties and click Finish.

Image title

Close the .properties file by clicking on the ex.

Image title

In Package Explorer, right-click on the .properties file and select Open With > Mule Properties Editor.

Image titleClick on the green add button to open the 'Add a new property' dialog.

Image title

Add Key-Value as per your requirements.

Image title

If you do not want to encrypt the data, simply click ok to add a new property to the properties file. However, if you want to encrypt the data click on Encrypt button. This will open a new dialog in which you need to provide Key and select Algorithm that can be used to encrypt the data.

This Key is very important. The key that you enter to encrypt the properties file is the same key that the administrator enters at runtime. Be sure to keep this key secure and pass it to the administrator(s) who deploys and runs your Mule application.

Image title

Click OK to complete the encryption.

In the Add a new property dialog, Studio displays the encrypted value in the Value field (see below). Click OK to save the property. 

Image title

Repeat all the above steps to add more properties in the property file.

Set Global Secure Property Placeholder

Under Global Mule Configuration, create Secure Property Placeholder.

Image title

Configure the field values of the global element.

Image title




It is a unique name for your global secure placeholder.

Encryption Algorithm

The type of algorithm you used to encrypt the content of the Credentials Vault.

Encryption Mode

The procedure that allows Mule to repeatedly use a block cipher with a single key.


It is the name of the property file that the key unlocks.


The word or phrase to unlock the Credentials Vault according to the system property you define in this field. For example, ${production.myproperty} instructs Mule to demand the key at runtime.

Now, you know how to secure your sensitive data with Mule Credentials Vault.

Here is the video tutorial.

mulesoft ,security ,data encryption

Published at DZone with permission of Jitendra Bafna , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}