Using secure configuration properties in Mule 4

Overview

The enterprise edition of Mule runtime comes equipped with a Secure Configuration Properties module which is a very neat tool that allows you to hide your keys from prying eyes.

Here is an example of how you could:

• encrypt strings or entire files
• reference encrypted properties stored in a file
• decrypt them with a master key;
• and use those values to connect to Salesforce cloud to retrieve a list of Accounts.

This article assumes that you have a Salesforce developer account, and possess basic knowledge of Anypoint Studio 7 and various Mule concepts.

1. Get the tool ready, and prepare your encrypted values

Download the encryption tool at https://docs.mulesoft.com/mule4-user-guide/v/4.1/_attachments/secure-properties-tool.jar

Come up with your master key. For this demo I am using My$ecr3tK3y!!

Open DOS and change directory to the folder where your jar file is located.

If I only want to encrypt a single string, pass in "string" and all your parameters like below:

java -jar secure-properties-tool.jar string encrypt AES CBC My$ecr3tK3y!! Mulesoft.123

To encrypt the entire file: I have created a file called app.properties that I have placed in my /src/main/resources folder, would like to secure:

Open DOS and change directory to the folder where your jar file is located.

Run the command:

Open the encrypted file. Now you can copy and paste the contents of the encrypted file back to your secure properties.

2. Adding Maven dependencies to your project

Next, add the maven dependency to pom.xml. You can find out more here:

https://docs.mulesoft.com/mule-user-guide/v/3.9/configuring-maven-to-work-with-mule-esb#referencing-mulesoft-s-enterprise-repositories

Insert the highlighted code between your node in pom.xml

<dependency>
  <groupId>com.mulesoft.modules</groupId>
  <artifactId>mule-secure-configuration-property-module</artifactId>
  <classifier>mule-plugin</classifier>
  <version>1.0.0</version>
</dependency>

3. Add Global Secure Property reference to your app.properties file

Add a new global secure property reference to app.properties

The key, algorithm and mode must be the same one used to encrypt values in the tool.

The resulting XML will be generated in your flow XML. It would be best to refer to a ${runtime.property} placeholder to avoid hard coding values.

 <secure-properties:config name="Secure_Properties_Config" doc:name="Secure Properties Config" doc:id="d14e9f9c-9730-4ad6-a5a7-b59b6492dd54" file="app.properties" key="My$ecr3tK3y!!" >
  <secure-properties:encrypt algorithm="Blowfish" />
 </secure-properties:config>

With all the pieces in place, we're now ready to start referring to the secure property values.

In this example I will connect to the Salesforce sandbox to list Accounts.

4. Reference the secure properties in your Salesforce connection

Switch to Message Flow view for your main flow XML.

Drag a HTTP Listener and set your HTTP Listener configuration as usual.

Then, type Salesforce in the palette search bar and drag the Query to your flow.

Configure the query connection as below:

I am going to run a simple query against the Accounts object:

SELECT Name, OwnerId, AccountNumber, BillingCity,

BillingCountry, BillingLatitude, BillingLongitude, BillingPostalCode,

BillingState,

BillingStreet, Description, Industry, Website, NumberOfEmployees, LastModifiedDate

FROM Account

Paste this into the Query textbox.

Next, drag a Transform Message component to the flow.

Display the results in JSON.

Additionally, you could refer to the decrypted value in Dataweave 2.0 using the p(prop_name) function.

5. Test your application

Run your application locally and launch POSTMAN. Invoke the path specified in your HTTP Listener.

You should be able to see your decrypted values.

Thank you for reading. I hope that you found this article useful!