While working with Global Configurations in Mule 4, configurable properties can be decoupled/isolated using Configuration Properties files (either .properties or .yaml files) instead of hard coding those properties. Using configuration Properties files makes it convenient to promote applications in different environments and changing such configurable properties without re-packaging the solution.
I already explained in another tutorial, how to use Global configurations for Environment Properties in Mule 4 in another tutorial. However, specifying all these properties including some of the sensitive and critical information in such files in plain text is a security risk and It is not a best practice. In order to configure these properties through such global configuration files, It is required to follow an approach of encrypting these files either completely or at least the values for various keys within these files. MuleSoft supports this by providing a sophisticated solution through a secure properties tool which allows you to encrypt such critical data using various encryption algorithms and modes and then decrypt this information and use in your global configurations.
In this tutorial, I will explain how to use MuleSoft Mule 4 Secure Properties tool in Mule 4 to encrypt configuration files and how to import Mule Secure Configuration Property Extension module from AnyPoint Exchange and use it in AnyPoint studio in order to decrypt and use secure properties.
Mule 4: How to Secure Properties Using Secure Properties Tool
In order to Secure your application properties which are defined in yaml or properties file, you need to download Secure Properties Tool which is a Java based tool provided by MuleSoft. You can use this Secure Properties Tool in order to encrypt or decrypt text strings, values inside a properties file, or all the contents of a properties file using simple yet powerful commands.
Once you have downloaded this Secure Properties Tool and you have properties defined in plain text in .properties or .yaml file, you can use below command to encrypt file completely by using Blowfish algorithm, CBC mode with the exmaple key tutorialspedia. In this example, source file is cred.yaml and destination file is scred.yaml which will contain secure properties once this command is executed
java -cp secure-properties-tool.jar com.mulesoft.tools.SecurePropertiesTool file-level encrypt Blowfish CBC tutorialspedia cred.yaml scred.yaml
In above example command, Blowfish and CBC have been specified as algorithm and mode respectively but you can use other supported algorithms and modes as well.
If you want to encrypt only property values instead of entire file, you can replace file-level with file in the above command.
How to Use Secure Properties in MuleSoft AnyPoint Studio
Once you have secured your configuration properties in an encrypted format using secure properties tool, you will need to add an extension from AnyPoint Exchange as it is not readily available in AnyPoint Studio Modules by default.
In order to use Secure Properties in Mule 4, in your Mule Project, click on Search in Exchange in Palette section and search for Mule Secure Configuration Property Extension. You will need to login to AnyPoint platform using your username & password for this. Once you see the required module in the search results, add it and you will see that this extension will be added to your modules.
Now you need to add Secure Properties Config in your Global Elements. For Secure Properties Config, you need to choose your Secure Properties file (scred.yaml in our example case) and also choose the encryption key, algorithm, mode in accordance with what you selected when encrypting the data.
Once you have configured your Secure Properties Config, next you can use these secure properties in any of your global element configurations. You will have to refer to these elements using ${secure::propertyname}. For example, if you secured db.password, you will refer to it using ${secure::db.password}
Feel free to comment below if you have any questions or any ambiguities. You can refer to MuleSoft Official Documentation about Secure Properties for detailed explanation of the concepts.
