YUCEL MORAN

YUCEL MORAN


Salesforce and Mulesoft experience

Yucel
Author

Share


Subscribe to YUCEL MORAN


Subscribe to our email newsletter to receive article notifications and regular updates. We don't spam and your email won't be shared with third-parties.

Tags


YUCEL MORAN

Mule 3.9.1 basic template project application (Part 2 - Securing Place Holders)

YucelYucel

Continuing with the same project structure in the last blog, this time I'm going to try to explain how to implement Secure Place Holders in your project in the fastest way possible.

The whole idea behind to implement this feature, is that all credentials or sensitive information living in your properties files are going to be encrypted (only the information you want to have hidden).

So this will be the step by step process (I assume you already have the based template with the properties files created and the mulesoft base project in your local environment and also you already downloaded the Anypoint Enterprise Security module [you can download this going to Help > Install New Software and add this site http://anypoint-enterprise-security-update-site.s3.amazonaws.com/1.7.1])

  1. in your current configuration file (application_name.xml) you need to switch to the XML view and include this in the xsi:schemaLocation
http://www.mulesoft.org/schema/mule/secure-property-placeholder http://www.mulesoft.org/schema/mule/secure-property-placeholder/current/mule-secure-property-placeholder.xsd

2. Open you POM.xml file and add this dependency

<dependency>
 	<groupId>com.mulesoft.security</groupId>
     <artifactId>mule-module-security-property-placeholder</artifactId>
     <version>1.7.1</version>
</dependency>

3. If your project already has a Property Place Holder you should remove it.

4. Clic on the Global Elements tab and clic on "Create", search for Secure Property Place Holder

5. Now you need to come up with a personal secure phrase (it can be anything you want), for this sample lets set it as mulesoft2019$#@!

6. In the next part of the Secure Place Holder configuration, you need to set a Encryption Algorithm , an Encryption Mode and a key.   for now let's use this values:

Encryption Algorithm=AES (Default)
Encryption Mode = CBC (Default)
Key=mulesoft2019$#@! 

Location=${env}.properties

Location has set the  environment value you are using, and you will be able to set a different masterKey for every one of them (DEV,TEST,PROD). Clic on Save.

7. Open your mule-project.xml file

There we can see the env variable (this one says what environment we are running and what properties file we are using). Additionally to the env variable, we are gonna add one more called masterkey (this is going to be the key we use to decrypt our properties files) it should look like this:

To add the masterkey is to demonstrate the functionality, in the real world this value should be stored in a secure property attribute used by Jenkins or Circle CI to figure the encrypted values, meaning people never actually see any of the passwords.

8. We can go back to our Secure Place Holder configuration and change the key value for ${masterkey}

9.  Locate your dev.properties file, right clic and select Open With > Mule Properties Editor.

that will open a new window with the attributes in our file:

Let's add a new dummy value called systemPassword and the value will be MyMulePassword2019$#

If we double tap in the property, it will prompt the screen where we need to set the key to encrypt the value

The first time will  ask you to set the encryption Algorithm and the key you can to use, lets leave it with AES and the key: mulesoft2019$#@!

then the password gets encrypted and hidden

Time to test!, add the property variable in the logger component so then we can see that mule can resolve the value

 After run the project the logger output should show the value

for every single properties file we can specify different master keys.

Hope this helps to keep your credentials secure and also this can be seen as a best practice to include in every single project you are working.

You can download the template with the whole setup from here

Yucel
Author

Yucel

View Comments