DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • Create Proxy Application for Mule APIs
  • Create Custom DataWeave Functions in Mule 4
  • MuleSoft: Do You Have an Extra Mule Under the Hood?
  • MuleSoft: Tactical and Strategical Role of an Application Template

Trending

  • Is Agile Right for Every Project? When To Use It and When To Avoid It
  • The 4 R’s of Pipeline Reliability: Designing Data Systems That Last
  • AI's Dilemma: When to Retrain and When to Unlearn?
  • Comprehensive Guide to Property-Based Testing in Go: Principles and Implementation
  1. DZone
  2. Software Design and Architecture
  3. Integration
  4. Securing a MuleSoft Application Properties File

Securing a MuleSoft Application Properties File

In this article, see a tutorial on how to secure a MuleSoft application properties file.

By 
Jitendra Bafna user avatar
Jitendra Bafna
DZone Core CORE ·
Feb. 19, 20 · Tutorial
Likes (3)
Comment
Save
Tweet
Share
22.5K Views

Join the DZone community and get the full member experience.

Join For Free

Introduction

It is very important to store the confidential and sensitive data in properties file encrypted. MuleSoft provides capabilities where you can encrypt single property or entire file. From MuleSoft documentation:

  • "Create a secure configuration properties file."

  • "Define secure properties in the file by enclosing the encrypted values between the sequence ![value]."

  • "Configure the file in the project with the Mule Secure Configuration Properties Extension module. The file must point to or include the decryption key."

MuleSoft provides a utility (secure-properties-tool.jar) that can be downloaded from here. This jar file is used to encrypt or decrypt the string or file.

You might also like: Property File Handling in Mule 4

Attributes

Before we create the properties file, let's understand some important attributes:

Attribute Name

Description

Name

A unique name for your global secure configuration properties.

Key

A word or phrase that you specify to unlock the properties value.

File

The location of the file that the key unlocks.

Encoding

Encoding of the file that the key unlocks. The default value is UTF-8.

File Level Encryption

Set to true if the file itself is entirely encrypted. Default value is false.

Algorithm

The type of algorithm you use to encrypt the content of the property.

Mode

The procedure that allows the Mule runtime engine to repeatedly use a block cipher with a single key. 

Setting Up Mule Secure Configuration Property Extension

By default, you will not find the Mule Secure Configuration Property extension in Anypoint Studio. You can install it from Exchange into your Anypoint Studio.



Create a Secure Configuration Properties File

The first step is to create a secure properties file. It can be .properties or .yaml file. MuleSoft recommends using a YAML configuration file because it allows the addition of type validations and auto-completion. The Mule Secure Configuration Properties Extension module enables you to configure these .yaml or .properties file types.

You can create secure configuration properties files either in src/main/resources in your Mule project or by using absolute paths.

Example YAML Properties File 

YAML
xxxxxxxxxx
1
11
 
1
smtp:
2
  email:
3
    port: "587"
4
    host: "smtp.gmail.com"
5
    username: "no.reply@gmail.com" 
6
    password: "![BjEMftH9uJV4e+QKpKfcvg=="
7
    fromEmail: "no.reply@gmail.com"     
8
api:
9
  instanceId: "2332131"
10
http:
11
    port: "8091"


In the above properties file, we have encrypted passwords and stored in the file. Password is confidential, and it needs to be encrypted before storing it to the file. It is best practice to encrypt confidential and sensitive details.

We can use secure-properties-tool.jar file to encrypt or decrypt data.

Syntax For Encrypt the text/string

Plain Text
x
 
1
java -jar secure-properties-tool.jar \
2
<method> \
3
<operation> \
4
<algorithm> \
5
<mode> \
6
<key> \
7
<value>


We will be using algorithms such as Blowfish and mode as CBC. Below is a command that has been used to encrypt passwords stored in a properties file.

java -jar secure-properties-tool.jar string encrypt Blowfish CBC mulesoft abcdef


The encrypted value needs to be added to the properties file as shown below:

![encryptedpassword]

This will tell the runtime that this particular value needs to decrypt.

We need to use the same key, algorithm, and mode for decrypting the data.

java -jar secure-properties-tool.jar string decrypt Blowfish CBC MuleSoft WXDKlr6GZfs=


Create Secure Configuration Property in Global Configuration

To create Secure Properties Config, you can use Global Configuration.

Provide the Properties File location, Key (can be used to encrypt and decrypt the text), Algorithm (can be Blowfish), and Mode to CBC.

Accessing Secure Property in MuleSoft Components

Secure property can be accessed in connector, DataWeave, etc.

To access property, we can use ${secure::propertyName}.

Supported Algorithms

AES (default), Blowfish, DES, DESede, RC2, and RCA.

The following algorithms can be used only if you configure a Java Cryptography Extension (JCE) Provider that adds support for them:

Camellia, CAST5, CAST6, Noekeon, Rijndael, SEED, Serpent, Skipjack, TEA, Twofish, XTEA, RC5, and RC6.

Supported Modes

CBC (default), CFB, ECB, and OFB.

Best Practices

  • It is recommended to keep separate properties file for each environment (eg. appName-dev.yaml, appName-test.yaml, appName-prod.yaml). 
  • It is recommended to use a .yaml file instead of a .properties file.
  • It is recommended to declare a global property for the environment (eg. mule.env).
  • Do not change mule.env property to prod or test but instead, pass as argument in the CI/CD pipeline maven command.

           mvn deploy -DmuleDeploy -Dmule.env=prod

  • All sensitive and confidential data like passwords and keys need to be encrypted before storing them in the property file.
  • Keep all connections and other properties in global.xml.

Now you know how to encrypt the sensitive and confidential data before storing it to Mule Properties File.

Further Reading

Mule: Load Properties as per the Environment (With Default Properties File)

Configuring Properties in Mule 4 vs Mule 3

Property (programming) MuleSoft application

Opinions expressed by DZone contributors are their own.

Related

  • Create Proxy Application for Mule APIs
  • Create Custom DataWeave Functions in Mule 4
  • MuleSoft: Do You Have an Extra Mule Under the Hood?
  • MuleSoft: Tactical and Strategical Role of an Application Template

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!