Mule 4 – Password Encryption/Decryption (Secure Property Placeholder)

In this blog, we have shown how to encrypt properties and sensitive data that might float in and out of the applications and may be visible to the development and support teams.

Use Case : How to enable Secure Property Placeholder in Mule 4?

This requires configuration of security configuration module (Secure properties config) that will help protect sensitive data. This module is used to encrypt and decrypt information like passwords, SSN, Credit Card numbers and other confidential information.

Just for this blog, we will be using password tokenisation as an example with Blowfish.js as the encryption algorithm and Anypoint Studio 7 as the development tool. At the end of the blog we also provide a brief outline on how to use different encryption algorithms.

Step 1: Encrypt & Decrypt a Password

Password Encryption

  1. Click http://sladex.org/blowfish.js/
  2. Follow the steps as shown in the screen shot below

Password Decryption

Step 2: Secure module configuration in Mule 4 Domain Project

  1. Create a new domain project
  2. Create a file “configuration.yaml” in src/main/resource Mule 4 domain:
    http:
    host: “localhost”
    port: “9091”
    db:
    host: “localhost”
    port: “3306”
    user: “root”
    database: “industries_dy”
    secret:
    key: “secure@1234”
    password: “![viZBbApnipRKE6CJWGY7hA==]”
    ← place the encrypted password generated in blowfish.js shown in [step 1].
  3. Go to Global Elements → Create → Global Configurations → Configuration Properties → file , browse and select “configuration.yaml”
  4. Add a module “Secure properties config”
    Manage Modules → Add Modules → search for “Secure properties config” and Add
  5. Create → Connector Configuration → Secure properties config →
    Secure properties Config

Step 3: How to check Decrypting Password is working ?

  1. Add a Database module
    Manage Modules → Add Modules → search for “Database” and Add
  2. Creating Connector Configuration
    Create → Connector Configuration → Database Config

Use the below expression in the Password text box.

  • ${secure::domain.secret.password}

Mule 4 supports various encryption algorithms like AES, Blowfish, RSA, DES and others. Whole list of encrption algorithms shown on this link

https://docs.mulesoft.com/mule-runtime/3.9/mule-message-encryption-processor

In order to use any of these algorithms, the steps are the same as they were in Mule 3 & Mule 4.

The only difference is the repository location (step 2 of the blog). In Mule 4 the repository location is here: http://anypoint-enterprise-security-update-site.s3.amazonaws.com/1.7.3

Leave a Comment

Your email address will not be published. Required fields are marked *