Secure Configuration Properties Using Premium Security Connector in Anypoint Studio

Author: Kishori Patil

Content:

• While developing Mule applications, we use sensitive information like Client id, Secret, tokens, etc and instead of hardcoding it into the configuration, we store them in configuration files.
• This mule configuration file can be .yaml or .properties file.
• These properties are stored in the application so they are accessible to anyone who has that application.
• Therefore there is a need to secure this sensitive data. For this, secure properties come into the picture.
• There are different ways to encrypt these properties

1. Using Premium Security Connector in AnyPoint Studio with .properties file
2. Using Command prompt with Secure Properties jar.

• Here we will encrypt these properties using the Premium Security Connector.

Setup:

First, go to help > Install New Software

Search http://s3.amazonaws.com/security-update-site-1.2.5 in work with.

Select only those modules from premium which is selected in the above screenshot and click next and download will start. Then click on I accept and finish

After downloading Create a secure configuration properties file.for that right click on src/test/resources >New > File.

Type name for the config file and click finish. Then Add properties to it as follows.2 files are created one is with normal properties(local.properties) and one with secure properties(secure-local.properties).

After creating the config file Select mule Secure configuration. For that click on search in exchange in mule palette and finish.

Now create a flow with Anypoint MQ publish component and HTTP listener with /publish endpoint.

Add configuration for MQ as follows.

After this right click on the secure config file and open it with Mule Properties Editor.

Click on the table editor view.

Double click on any key and it will open the following window. Then delete the double quotes from the value.

Select algorithm and encryption key for encryption. The only restriction in using this mule properties editor is the mode. The mode will always be CBC.

Click on encrypt and it will encrypt that given value then click ok.

After encrypting those values, configure a secure configuration properties file in the project with the Mule Secure Configuration Properties Extension module. Go to global and create a secure property configuration.

The file will be a file name where you have encrypted properties. In our case secure-local.properties. As It is recommended to declare a global property for the environment therefore writing mule.env. Value for mule.env will be passed on runtime. In key write encryption key used for encryption. Mode and algorithm selected with which you have encrypted those configuration properties.

Also, add config for local.properties in global.

You can pass a value for the environment that is local and encryption key in VM arguments. For that goto run configuration and add value for properties by adding -D to them as follows.

Or else go to global > select global property and add key and value for mule.env and mule.encryptionKey.

Deploy this application and send a request from the postman as follows.

Now you can see the message in MQ. Hence the secure properties work correctly.

When you pass the value for the encryption key on the cloud hub( runtime manager), it will be visible to everyone. To avoid that you can add the encryptionKey to secureProperties array In mule-artifact.json.

It will show the value of the encryption key as stars in the runtime manager after deployment.it will look something like this:

1. To access these secure properties in mule flow following 2 methods are used:
2. In normal mode:
3. Use ${} and in curly brackets write the name of the property with the prefix “secure::”.
4. Eg: ${secure::client_id}
5. In Fx mode:
6. Use p(‘ ’) and in a single quotation mark write the name of the property with the prefix “secure::”.
7. Eg: p(‘secure::client_id’)
8. It is recommended by MuleSoft :
9. to keep separate properties file for each environment (eg. dev.yaml,sit.yaml prod.yaml).
10. to use the YAML file instead of the .properties file.