How to Configure and Use Secure Properties In Mule 4

Mule 4 is an advanced integration platform that enables seamless connectivity between various systems, applications, and data sources. In Mule 4, safeguarding sensitive data such as ClientID and Client Password is crucial for ensuring the security of your applications. Thankfully, MuleSoft provides a powerful solution in the form of the Secure Property module, allowing you to encrypt properties within .yaml or .properties files with ease. These files commonly contain critical information like Client ID, Secret, User ID, User Password, Splunk Tokens, OAuth Tokens, AWS Keys, and more. Encrypting this data is essential to prevent unauthorized access and uphold data protection standards.

This tutorial serves as a comprehensive guide to configuring and utilizing MuleSoft's Secure Property module effectively. By following the steps outlined in this tutorial, you'll learn how to encrypt sensitive information within property files, effectively shielding it from prying eyes and potential security threats. Whether you're a seasoned MuleSoft developer or just getting started with Mule 4, mastering Secure Properties will enhance the security posture of your applications and ensure compliance with industry standards. 

Let's dive in!

3 Steps to Creating Secure Properties in Mule 

Step 1: Create a configuration properties file.

Step 2: We can encrypt the whole file or encrypt individual property. For individual property, we can define secure properties in the file by enclosing the encrypted values between the sequence![value].

Step 3: Configure the file in the project with the Mule Secure Configuration Properties Extension module dependency. The file must point to or include the decryption key.

Step 1: Create a Configuration Properties File

The first task in securing configuration properties is to create a YAML configuration file (.yaml) or a Spring-formatted Properties file (.properties), where you define the properties in src/main/resources in your Mule project. The Mule Secure Configuration Properties extension module enables you to configure YAML or Properties file types.

Refer to the below artifacts for more information.

Open Anypoint Studio -> Go to Project Folder -> src/main/resources ->Select Create New file(File extension can be either .yaml or .properties)

The following test.yaml, dev.properties files contain non-encrypted configuration properties values:

test.yaml (sample yaml file)

http:

port: "8081"

username: "Priyanka@pp"

password: "1254343654pp"

dev.properties (sample properties file)

encrypted.value1= sfdsgfdgfj1234566

encrypted.value2= xyz123568abc


testPropertyA=testValueA

testPropertyB=testValueB

How to Define Secure Configuration Properties in The File

1. Add the Premium Security Connector in AnyPoint Studio:

1. Open Anypoint Studio -> Go to Help -> Select Install New Software 
2. Click the Add button and it will open a window, provide the Name as Anypoint Enterprise Security and provide the location as http://security-update-site-1.4.s3.amazonaws.com and press ok.
3. Go to the work drop-down and check Anypoint Enterprise Security — in the dropdown list. 
4. Select it and select the Premium checkbox -> click Next — accept the policy and finish.
   
   
5. Now go to the application and right-click on dev.properties and go to -> Open with -> Mule Properties Editor. Now your property file is open in the table editor view.
   
    
6. Double-click on any key. It will open a new window. Now press the button Encrypt. In the next window specify the ‘algorithm’ (Algorithm used to encrypt/decrypt the value example- AES, Blowfish) and provide an encryption key(key size must be at least: '16' if it is AES algorithm) to encrypt.
   
   
   
7. Press the OK button.
8. Similarly, you can encrypt the rest of the properties and open the file with a text editor.

***Note: We can not encrypt the YAML file this way as after the encryption process all the property key alignment will be rearranged. ***

But the encryption of the YAML file can be achieved using Java encryption JAR.

Step 2: Encrypt Properties Using the Secure Properties Tool (jar)

1. Download Secure-properties-tool.jar and put it into any folder location. Put the unencrypted yaml file in the same location.
   
    
2. Use the following syntax to encrypt or decrypt all the content of a properties file:

String level-------

java -cp secure-properties-tool.jar com.mulesoft.tools.SecurePropertiesTool

string <operation><algorithm><mode><key><input property>


java -cp secure-properties-tool.jar com.mulesoft.tools.SecurePropertiesTool string encrypt Blowfish CBC 123456789 PriyankaPaul


File/file level--------

java -cp secure-properties-tool.jar com.mulesoft.tools.SecurePropertiesTool

<method><operation><algorithm><mode><key><input file><output file>


java -cp secure-properties-tool.jar com.mulesoft.tools.SecurePropertiesTool file encrypt AES CBC 1234567812345678 dev-properties.yaml dev-out.yaml

Example of encryption:

Step 3: Configure Secure Property Module and Dependency in The Project

1. Add the secure property module in your project and configure the same. It can be downloaded from exchange also. Maven dependency:  

<dependency>

<groupId>com.mulesoft.modules</groupId>

<artifactId>mule-secure-configuration-property-module</artifactId>

<classifier>mule-plugin</classifier>

<version>1.0.0</version>

</dependency>

File: Property file name 

Key: encryption /decryption key. This token will be passed in runtime configuration as program argument example: -Dtoken=1234567812345678

2. Define the correct Algorithm and mode used for encryption.

Use of Secure Property in The Project

In any global configuration you can use this secure property as ${secure:: property.name}

In dwl we can also use secure property as p(‘secure:: property.name’)

In this below example we used http port as ${secure:: http.port} and decrypted_username_value: p('secure::username') 

Please note, the decryption process will be done implicitly by the Mule Runtime engine and this requires only the Key (passed as VM argument) which was used to encrypt the password and voilà you're done!!!!

Mastering the use of Secure Properties in Mule 4 is essential for ensuring the security and integrity of your applications. By encrypting sensitive data within property files, you can effectively mitigate the risk of unauthorized access and safeguard your critical information. As you continue to leverage Secure Properties in your development projects, remember to adhere to best practices and stay vigilant against emerging security threats. With Secure Properties, you can fortify your applications against potential vulnerabilities and maintain compliance with industry standards. Start implementing Secure Properties today and take your Mule 4 applications to new levels of security and resilience. Happy coding!