Generating Secure Properties in Mule 4

Secure Property Placeholder is an essential standard for keeping our Sensitive data like User ID and Password secure (encrypted/cipher-text) in the Property file. Securing properties is one of the crucial elements in every Mule project. MuleSoft has introduced a Secure properties generator with a point and click environment that saves time and effort in specific scenarios.

This blog will explore both traditional (using jar) and modern (using secure property generator) methods of generating secure properties in Mule 4:

Method 1: Using Jar

Below steps are required for storing username and password in Encrypted form:

1.1 Create a simple Properties Config file which will be used as an input file:

File Name:  name-db.yaml

1.2 We need to add the “Mule Secure Configuration” module now. It is not available in Anypoint studio by default. We need to add it from any point exchange.

Click on the “Search in exchange” button in the Mule palette on the right side.

Then search for “Secure” and select the “Mule Secure Configuration” module.

Click on “Add” to add this dependency to our project.

1.3 Now, Select the Global elements tab in your XML and click on “Create”. Then select “Secure properties Config” as shown below:

Now Configure Secure Properties Config as shown below:

1.4 Now we have to generate a db-secure-dev.yaml file with encrypted property values using the jar file.

This jar can be downloaded from the following documentation page of MuleSoft:

https://docs.mulesoft.com/mule-runtime/4.3/secure-configuration-properties#secure_props_tool

We can use following command:

Open CMD and run these commands by adding the encryption and decryption information.

java -jar secure-properties-tool.jar file <encrypt|decrypt> <algorithm> <mode> <key> <input file> <output file>

java -jar secure-properties-tool.jar file encrypt Blowfish CBC abcdefghijklmnop db-dev.yaml  + db-secure-dev.yaml

You can change the KEY according to your requirements.

Now, copy the generated db-secure-dev.yaml into src/main/resources.

Now, edit the Database Config as shown below:

Run the application and observe if it still works same.

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns:secure-properties="http://www.mulesoft.org/schema/mule/secure-properties" xmlns:ee="http://www.mulesoft.org/schema/mule/ee/core"
	xmlns:db="http://www.mulesoft.org/schema/mule/db"
	xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/db http://www.mulesoft.org/schema/mule/db/current/mule-db.xsd
http://www.mulesoft.org/schema/mule/ee/core http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd
http://www.mulesoft.org/schema/mule/secure-properties http://www.mulesoft.org/schema/mule/secure-properties/current/mule-secure-properties.xsd">
	<configuration-properties doc:name="Configuration properties" doc:id="939739f1-02cc-4494-9174-e1bac975c70a" file="name-db.yaml" />
	<db:config name="Database_Config" doc:name="Database Config" doc:id="7ca8be2a-b438-497f-9490-67180ca2b9c7" >
		<db:my-sql-connection host="${secure::db.host}" port="${secure::db.port}" user="${secure::db.username}" database="${secure::db.dbname}" password="${secure::db.password}"/>
	</db:config>
	<secure-properties:config name="Secure_Properties_Config" doc:name="Secure Properties Config" doc:id="2de5364a-c147-4269-adfb-e3fa528c8e35" file="db-secure-dev.yaml" key="abcdefghijklmnop" >
		<secure-properties:encrypt algorithm="Blowfish" />
	</secure-properties:config>
	
</mule>

Method 2: Securing Properties using Secure Properties Generator:

MuleSoft has optimized the complete process by providing an online secure properties generator that gives developers ease of securing properties. MuleSoft developers can now secure the properties in a point and click environment eliminating the command line interface.
The secure properties generator gives us an option of directly encrypting our values without creating an input file. However, we can secure our properties using input files as well.

Following are the steps to secure Properties using Secure Property Generator:

2.1 Visit the following Website using the following link:

https://secure-properties-api.us-e1.cloudhub.io/

2.2 Provide the following configurations:

2.2.1 Choose the operation type:

2.2.2 Select the Algorithm type

To learn more about the Algorithm type, visit the following link:

https://www.simplilearn.com/data-encryption-methods-article

2.2.3 Choose the required State

2.2.4 Provide the Special key

* While choosing AES algorithm, you have to provide key of length 16.

** While choosing Blowfish algorithm, you have to provide key of length 15

2.2.5 Fill in the Value you want to Encrypt

2.2.6. Click on Generate to get the required Result.

You can also provide the encrypted result along with the key (previously used for encryption) to get the Original Value.

Securing properties is one of the essential elements in every Mule project, and MuleSoft has made this process far easier for a developer by introducing Secure Properties Generator. Please feel free to leave comments and find out more MuleSoft best practices at Caelius Consulting Resource Center.