Secure Property Placeholder is an important standard for keeping our sensitive data like User ID and Password secure (encrypted/cypher-text) in the Property file. Data is stored in the property file as key value pair. This property file can store information like User ID, Password, Tokens, Keys etc. After storing these data in the property file, we need encryption to restrict unauthorised access and to protect the data. To do this we are using the MuleSoft’s Secure Property Placeholder.
Before enabling the Secure Property Placeholder, we need to add Java Cryptography Extension (JCE) in the machine.
Steps to download and install JCE in your machine:
Step 1: Go to the Oracle Java SE download page
Step 2: Under the Downloads tab, select the version of Java which is installed in your machine
Step 3: Select Accept License Agreement and click on JCE_Policy-8.zip to download the zip file.
Step 4: Unzip the downloaded zip
Step 5: Copy the local_policy.jar and the US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them)
Steps to add the Premium Security Connector in AnyPoint Studio:
Step 1: Open Anypoint Studio -> Go to Help -> Select Install New Software
Step 2: Click the Add button and it will open a window
Provide Name as: Anypoint Enterprise Security
Location as: http://security-update-site-1.4.s3.amazonaws.com
Step 3: Go to the Work With drop down
Now you can see Anypoint Enterprise Security – http://security-update-site-1.4.s3.amazonaws.com in the dropdown list. Select it and select the Premium checkbox -> click Next –
Again click Next, accept the ‘terms of license agreement’ and then click Finish.
Step 6: Restart the Anypoint studio.
Steps to encrypt the values in property file
Step 1: Create a new Mule Project,
Go to File -> New -> MuleProject -> Give the project name (you can give any name, for example secure-property-app) -> click Next -> select JRE version and Finish
Now the project is created.
Step 2: Create a sample property file
Right click on src/main/resources -> go to New -> File -> give a file name (you can give any name for example app.properties) -> and then click on Finish
Now the app.property got created. Open this property file and put the key value pair in it.
Right click on app.property and go to -> Open with -> Mule Properties Editor
Now your property file is open in table editor view.
Double click on Password Key. It will open a new window, like below –
Now press the button Encrypt. It will open a new window, where you specify the ‘algorithm’ (Algorithm used to encrypt/decrypt the value) and provide a Key to encrypt. Press the OK button.
In the same window the password will be encrypted by using the algorithm and the key provided by us. Use this encrypted password in the standalone runtime which will decrypt the password to get the plain text.
Below screen shows the value is now encrypted –
In the same way you can also decrypt the values of the keys to get the plain text using MuleSoft’s Anypoint Enterprise Security.
Go to the text editor and you can see that both username and password are encrypted.
To Decrypt the ID and Password (Example):
1. Create and configure an HTTP Listener
2. Pick the Variable component from the pallet and configure it (select Set Variable option and put the username in the Name field and the value from the property file in the Value field).
3. Take a logger Component and configure it. Write the expression under message #[flowVars.username]
4. Run the Application and you will get the decrypted Password.
Note, this decryption process will be done implicitly by Mule Runtime engine and this requires ONLY the Key (configured as system property) which was used to encrypt the Password.
If you would like to find out more about how API-led connectivity can help you create a a fully integrated environment, do give us a call at +44 (0)203 475 7980 or email us at firstname.lastname@example.org.
Other useful links: