As a premium feature, MuleSoft provides secure property placeholder which helps in encrypting/decrypting the properties within the mule flow. Consider scenario where an api call requires username/password in the header which is used to authenticate the caller before performing any operation. If you are writing a mule application to make this api call, the value for password may not be stored in the properties file/xml as a clear text as it will be a direct violation of a security scan.
To avoid security voilations, you can encrypt the values and store in property file and decrypt it before making the api call. However, I believe, MuleSoft helps in easing life and created components which one can drag/drop and use to achieve some great benefits with little code. Secure Property Placeholder is one such component. As the name says, this is a place holder which holds the configuration for decrypting the secured properties. This component is not available in community version and is a premium only component.
Below is a step by step process demonstrating the following:
- Encrypting the property values in file
- Using secured property placeholder to auto decrypt the values while calling any external api/system
Step1: Download and install Anypoint Enterprise Security modules
Release information for the latest version of Anypoint Enterprise Security module can be found at – https://docs.mulesoft.com/release-notes/anypoint-enterprise-security-release-notes
Once you have installed this and restarted anypoint studio, you should see a additional context menu option for properties files to open with Mule Properties Editor.
Step2: Encrypt property using the Mule Properties Editor
When you open the property file with Mule Properties Editor, you should be able to double click on a property key and see a popup with option to encrypt the value. Clicking on Encrypt button you should see option to select Algorithm and provide a key value for encryption.
NOTE: Make sure to remember/note down the key provided here as this is required for decryption by the secure property placeholder.
Step3: Configuring secure property placeholder
After you have encrypted the value, add secure property placeholder in the global configuration element of your flow as show below:
NOTE: I am using UI option to create the secure property placeholder. This can also be done by hand editing the xml file.
Configure the Secure Property Placeholder with the same settings(Algorithm and key) you used while encrypting the property. This should look something like below:
Once this is setup, you are all set. You can start using the encrypted values in your flow and the global secure property placeholder will do the job of decrypting the value automatically before making any api calls.
Testing:
Below project flow has a http inbound endpoint which makes api call and passes the username/pwd in the header of the api call. If noticed, the password used while calling the api flow is encrypted in the keys.properties file.
keys.properties
uname=rak
pwd=![OoIqlh6RDib3dbBam26BXA==]
[/java]
When the api call is made, the secure property place holder auto decrypts the password and calls the api. This unecrypted password is validated in the api flow and the choice router sends authenticated/unauthenticated response back as payload.
The complete project for this demo can be found at GitHub
Things to Note:
The value need to be encrypted is placed in keys.properties file. This is intentionally placed in a separate properties file instead of mule-app.properties file. The reason for this is the sequence of loading property placeholder config and other properties is important here. If the property file is loaded before secure property placeholder config is loaded, the values in the properties file wont be decrypted. Inorder to ensure the secure, the values are placed in a separate file and loaded explicitly as shown below:
[xml]<secure-property-placeholder:config key="abcd1234" location="keys.properties,mule-app.properties" name="secureprop" doc:name="Secure Property Placeholder" encryptionAlgorithm="DES" systemPropertiesMode="NEVER"/>
<context:property-placeholder location="keys.properties"/>
I was looking for “Things to Note:” part. It helped me and save my time.
thanks !!!