Credential Vault

Introduction

When we define properties in .properties file in a project a lot of properties contain sensitive information for example Jdbc password etc. So the best way is to protect this information by encrypting it.

Mule provides its out of the box functionality called Credentials Vault to encrypt the individual properties in the .properties file. The dictionary meaning of Vault is “an arched structure of masonry usually forming a ceiling or roof”. So, in our case once the .properties file becomes encrypted it becomes the Vault.

Let’s start

First of all you need to have the Mule Security Modules installed in your Anypoint Studio. Do please read the installation part of Mule Security Module in this post. After installing the security modules the rest is very simple.

Project configuration

Do please find the source code of the project in the following link. In the project I have created a very simple flow called vault-example.xml. In the resource folder I have created a file called init.properties. Please right click on it and open with Mule Properties Editor as shown in the diagram below.

structure
Structure

Step 1

Now let’s create some properties. After opening the init.properties  file with Mule Properties Editor now please click the green button and add property (key & value) as shown below,

add-property
Add property.

Step 2

Now click the button Encrypt. A pop-up screen will be shown and you will be asked to choose Algorithm and Key for encryption. For simplicity I have chosen Blowfish as algorithm and “mule” as key. Please refer to the diagram,

encrypt
Encrypt

Step 3

You should see the screen after Step 2. You can click the button Encrypt/Decrypt to see the value (encrypted/decrypted) as shown below.

flip
Encrypt/Decrypt

You can add some more properties.

Step 4

Now the encrypted init.properties is our vault and we will use this vault in our flow vault-example.xml. So please open the Global Elements tab and let’s add a Property Placeholder element to refer to our init.properties file.

property-plaeholder
Property Placeholder.

And then in the Location field, point to the init.properties file.

location
Add location of our properties file.

Step 5

After that we have to add a global element called Secure Property Placeholder. It will contain the necessary information of our key that was used to encrypt/decrypt our properties. The key we used was mule. Here is a screenshot,

spp
Hardcode key

I am using the key hard coded. A better way is to put it in the mule-app.properties. I have put a property in this file and named it as

vault.key=mule

Now, please see the updated Secure Property Placeholder configuration. Check it out below,

spp1
Variable key

Testing

Now, in the flow , just put a logger and let’s check if we can have decrypted output of an encrypted property in our init.properties file. Here is a screenshot,

testing
Testing.

Note

Probably at this point when you run the application you are not able to see the decrypted output in the Anypoint Studio console. I don’t know why. The trick is that when context property placeholder configuration precedes the secure property placeholder configuration  it does not work. The work around is to put the it  after.

Just take a look at the .xml configuration file,

mule-config
Trick

So, that’s it. Now when you run the application and make a request to the end point http://localhost:8081/vault you will see the decrypted value in the console.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s