Credential Vault


When we define properties in .properties file in a project a lot of properties contain sensitive information for example Jdbc password etc. So the best way is to protect this information by encrypting it.

Mule provides its out of the box functionality called Credentials Vault to encrypt the individual properties in the .properties file. The dictionary meaning of Vault is “an arched structure of masonry usually forming a ceiling or roof”. So, in our case once the .properties file becomes encrypted it becomes the Vault.

Let’s start

First of all you need to have the Mule Security Modules installed in your Anypoint Studio. Do please read the installation part of Mule Security Module in this post. After installing the security modules the rest is very simple.

Project configuration

Do please find the source code of the project in the following link. In the project I have created a very simple flow called vault-example.xml. In the resource folder I have created a file called Please right click on it and open with Mule Properties Editor as shown in the diagram below.


Step 1

Now let’s create some properties. After opening the  file with Mule Properties Editor now please click the green button and add property (key & value) as shown below,

Add property.

Step 2

Now click the button Encrypt. A pop-up screen will be shown and you will be asked to choose Algorithm and Key for encryption. For simplicity I have chosen Blowfish as algorithm and “mule” as key. Please refer to the diagram,


Step 3

You should see the screen after Step 2. You can click the button Encrypt/Decrypt to see the value (encrypted/decrypted) as shown below.


You can add some more properties.

Step 4

Now the encrypted is our vault and we will use this vault in our flow vault-example.xml. So please open the Global Elements tab and let’s add a Property Placeholder element to refer to our file.

Property Placeholder.

And then in the Location field, point to the file.

Add location of our properties file.

Step 5

After that we have to add a global element called Secure Property Placeholder. It will contain the necessary information of our key that was used to encrypt/decrypt our properties. The key we used was mule. Here is a screenshot,

Hardcode key

I am using the key hard coded. A better way is to put it in the I have put a property in this file and named it as


Now, please see the updated Secure Property Placeholder configuration. Check it out below,

Variable key


Now, in the flow , just put a logger and let’s check if we can have decrypted output of an encrypted property in our file. Here is a screenshot,



Probably at this point when you run the application you are not able to see the decrypted output in the Anypoint Studio console. I don’t know why. The trick is that when context property placeholder configuration precedes the secure property placeholder configuration  it does not work. The work around is to put the it  after.

Just take a look at the .xml configuration file,


So, that’s it. Now when you run the application and make a request to the end point http://localhost:8081/vault you will see the decrypted value in the console.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s