How to enable Secure Property Placeholder in MuleSoft

17.07.2018

Secure Property Placeholder is an important standard for keeping our sensitive data like User ID and Password secure (encrypted/cypher-text) in the Property file.  Data is stored in the property file as key value pair. This property file can store information like User ID, Password, Tokens, Keys etc. After storing these data in the property file, we need encryption to restrict unauthorised access and to protect the data. To do this we are using the MuleSoft’s Secure Property Placeholder.

Before enabling the Secure Property Placeholder, we need to add Java Cryptography Extension (JCE) in the machine.

Steps to download and install JCE in your machine:

Step 1: Go to the Oracle Java SE download page

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Step 2: Under the Downloads tab, select the version of Java which is installed in your machine

Step 3: Select Accept License Agreement and click on JCE_Policy-8.zip to download the zip file.

Java Cryptography Extension

Step 4: Unzip the downloaded zip

Step 5: Copy the local_policy.jar and the US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them)

Steps to add the Premium Security Connector in AnyPoint Studio:

Step 1: Open Anypoint Studio -> Go to Help -> Select Install New Software

Anypoint studio

Step 2: Click the Add button and it will open a window

Provide Name as: Anypoint Enterprise Security

Location as: http://security-update-site-1.4.s3.amazonaws.com

Press OK

Install

Step 3: Go to the Work With drop down

Now you can see Anypoint Enterprise Security - http://security-update-site-1.4.s3.amazonaws.com in the dropdown list. Select it and select the Premium checkbox -> click Next -

Check for available software

Again click Next, accept the ‘terms of license agreement’ and then click Finish.

Review Licenses

Step 6: Restart the Anypoint studio.

Steps to encrypt the values in property file

Step 1: Create a new Mule Project,

Go to File -> New -> MuleProject -> Give the project name (you can give any name, for example secure-property-app) -> click Next  -> select JRE version and Finish

Now the project is created.

Step 2: Create a sample property file

Right click on src/main/resources -> go to New -> File -> give a file name (you can give any name for example app.properties) -> and then click on Finish

Create new file source

Now the app.property got created. Open this property file and put the key value pair in it.

For example:

username=admin

password=admin@123

 Right click on app.property and go to -> Open with -> Mule Properties Editor

Now your property file is open in table editor view.

Double click on Password Key. It will open a new window, like below -

Add new property

Now press the button Encrypt. It will open a new window, where you specify the ‘algorithm’ (Algorithm used to encrypt/decrypt the value) and provide a Key to encrypt. Press the OK button.

Setup Encryption Information

In the same window the password will be encrypted by using the algorithm and the key provided by us. Use this encrypted password in the standalone runtime which will decrypt the password to get the plain text.

Below screen shows the value is now encrypted –

Add a new property

In the same way you can also decrypt the values of the keys to get the plain text using MuleSoft’s Anypoint Enterprise Security.

Go to the text editor and you can see that both username and password are encrypted.

Mule Design Secure Property PlaceholderTo

To Decrypt the ID and Password (Example):

1. Create and configure an HTTP Listener

2. Pick the Variable component from the pallet and configure it (select Set Variable option and put the username in the Name field and the value from the property file in the Value field).

Package Explorer

3. Take a logger Component and configure it. Write the expression under message #[flowVars.username]
4. Run the Application and you will get the decrypted Password.

Note, this decryption process will be done implicitly by Mule Runtime engine and this requires ONLY the Key (configured as system property) which was used to encrypt the Password.

 

If you would like to find out more about how API-led connectivity can help you create a a fully integrated environment, do give us a call at +44 (0)203 475 7980 or email us at marketing@whishworks.com

Other useful links:

Overview and best practices for the MUnit 2 testing framework

API Recipes with MuleSoft Anypoint Platform

Migrating DevKit Connectors to Mule 4 SDK

Recent Posts