When we define properties in .properties file in a project a lot of properties contain sensitive information for example Jdbc password etc. So the best way is to protect this information by encrypting it.
Mule provides its out of the box functionality called Credentials Vault to encrypt the individual properties in the .properties file. The dictionary meaning of Vault is “an arched structure of masonry usually forming a ceiling or roof”. So, in our case once the .properties file becomes encrypted it becomes the Vault.
First of all you need to have the Mule Security Modules installed in your Anypoint Studio. Do please read the installation part of Mule Security Module in this post. After installing the security modules the rest is very simple.
Do please find the source code of the project in the following link. In the project I have created a very simple flow called vault-example.xml. In the resource folder I have created a file called init.properties. Please right click on it and open with Mule Properties Editor as shown in the diagram below.
Now let’s create some properties. After opening the init.properties file with Mule Properties Editor now please click the green + button and add property (key & value) as shown below,
Now click the button Encrypt. A pop-up screen will be shown and you will be asked to choose Algorithm and Key for encryption. For simplicity I have chosen Blowfish as algorithm and “mule” as key. Please refer to the diagram,
You should see the screen after Step 2. You can click the button Encrypt/Decrypt to see the value (encrypted/decrypted) as shown below.
You can add some more properties.
Now the encrypted init.properties is our vault and we will use this vault in our flow vault-example.xml. So please open the Global Elements tab and let’s add a Property Placeholder element to refer to our init.properties file.
And then in the Location field, point to the init.properties file.
After that we have to add a global element called Secure Property Placeholder. It will contain the necessary information of our key that was used to encrypt/decrypt our properties. The key we used was mule. Here is a screenshot,
I am using the key hard coded. A better way is to put it in the mule-app.properties. I have put a property in this file and named it as
Now, please see the updated Secure Property Placeholder configuration. Check it out below,
Now, in the flow , just put a logger and let’s check if we can have decrypted output of an encrypted property in our init.properties file. Here is a screenshot,
Probably at this point when you run the application you are not able to see the decrypted output in the Anypoint Studio console. I don’t know why. The trick is that when context property placeholder configuration precedes the secure property placeholder configuration it does not work. The work around is to put the it after.
Just take a look at the .xml configuration file,
So, that’s it. Now when you run the application and make a request to the end point http://localhost:8081/vault you will see the decrypted value in the console.