ArganoMS3 | Cloud Integration Solutions

  • About
    • Why Us
    • Leadership
    • Our Core Values
    • Clients
    • ArganoMS3 PHILIPPINES
  • Services & Expertise
    • API & INTEGRATION
      • Tavros
      • KONG API
      • MuleSoft
      • APIGEE
      • REDHAT FUSE / CAMEL
    • STRATEGY & OPTIMIZATION
      • DEVOPS
      • 24x7x365 Ops Support
    • CLOUD SERVICES
      • AMAZON AWS
      • SALESFORCE
    • ARTIFICIAL INTELLIGENCE
      • RPA
      • BIG DATA
      • IoT
  • Partners
    • MuleSoft
    • AWS
    • UiPath
    • Kong
    • Apigee
    • Red Hat
  • Resources
    • ArganoMS3 Is Talkin’ Nerdy
    • Case Study
    • MUnit Whitepaper
    • MuleSoft Runtime Whitepaper
    • API-Led Architecture Whitepaper
  • Careers
  • Blog
    • Archive
  • Contact

Securing Passwords Using the Mule Credentials Vault

March 8, 2016

Mule – Credentials – Vault

Robert Whitmer

REVIEW

There is an age old question that people often ask; what is the single most valuable thing to society? Some of the top responses may be things like gold, silver, and money. Personally I believe that in the 21st century the correct answer is information. Just as the gold in Fort Knox is protected and secured we must do the same with our sensitive data to keep it from falling into the wrong hands. The next question becomes how do we protect and store our sensitive data? The answer is encryption and MULE offers us a great way of encrypting and storing our data securely by using the MULE-Credentials-Vault. The MULE-Credentials-Vault is very flexible and offers us 19 different encryption algorithms by default!

REQUIREMENTS

To correctly secure a .properties file using MULE the following requirements must be meet:

  • The Use Of A MULE-Credentials-Vault (an encrypted .properties files)
  • A Global Security Property Placeholder Element
  • An Encryption Key For Opening The Vault

HOW IT WORKS

When implementing the use of the MULE-Credentials-Vault our sensitive data such as user names and passwords are stored as key value pairs inside of a .properties file. Once a .properties file becomes encrypted the file is then referred to as a Credentials Vault. After a Credentials Vault has been implemented MULE uses a Secure Properties Placeholder (Global Element) to point to our Credentials Vault, decrypt the stored data, and return the stored data (only if it has the correct key to the vault). This process can be thought about in the same way as using a key to open your front door to your house to allow entry. The KEY to a MULE-Credentials-Vault gets stored in a user’s runtime memory (it is never written or stored to disk). KEY credentials are prompted and gathered when a MULE application starts. The KEY is then stored in memory for the complete lifecycle of the application. Once the applications session has ended the KEY is then cleared from memory and is thus forgotten.

WALKTHROUGH

Before we can begin to utilize the MULE-Credentials-Vault we first must have installed Anypoint Enterprise Security for Anypoint Studio. Start by opening your project application in Anypoint Studio.

0308 pic1

  • From the file menu bar select:
    • Help > Install New Software…

0308 pic2

  • Install the software shown above
    • The latest version and update site can be found at https://docs.mulesoft.com/release-notes/anypoint-enterprise-security-release-notes

0308 pic 3

  • Anypoint Enterprise Security for Anypoint Studio will then begin to install.

0308 pic4

  • After the Anypoint Enterprise Security for Anypoint Studio process completes restart Anypoint Studio

0308 pic5

  • Next we must create a .properties file that will later become our Credentials Vault by:
    • (R-Click) src/main/resources > New > File from the Package Explorer

0308 pic6

  • Open the newly created .properties file with the Mule Properties Editor
    • (R-Click) *.properties file* > Open With > Other from the Project Explorer
      • Select Mule Properties Editor
        0308 pic7
  • After opening the Mule Properties Editor :
    • (L-Click) Add Properties Button
    • Input field values:
      • Key
      • Value
    • (L-Click) Encrypt
      • Select your Encryption Algorithm & Key0308 pic8
  • Your value will then be encrypted

    0308 pic9
  • Next we must create our Secure Property Placeholder Global Element

0308 pic 10

  • The Secure Property Placeholder Global Element is configured as show in the image above

FORCE MULE RUNTIME KEY

Once ready to move your application into production configure MULE to demand that a user enter a password key at runtime, you need to include the following in the system properties (the mule-app.properties file in the src/main/app folder)

  • M-Dprod.key=uniquepassword -M-Denv=prod

0308 pic11

  • For development purposes the src/main/app/mule-app.properties file can be configured as shown above

RELATIONSHIP STRUCTURE

As previously stated there are 3 requirements that must be meeting to properly secure our sensitive data. There are many varieties these key ingredients based upon the use case of your application can be structured.  Typically an application will use one of three ways. The structure can be thought about in the exact same as a MySQL database table relationship. The relationships are as followed:

  • ONE to ONE to ONE Relationship

0308 pic12

  • ONE to ONE to MANY Relationship

0308 pic 13

  • (MANY) ONE to ONE to ONE Relationship

0308 pic14

Filed Under: Integration, Mulesoft

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

FUTURE PROOF SOFTWARE SOLUTIONS
ArganoMS³ enables organizations to meet today’s software, integration, cloud, and data-related challenges with confidence and ease.

About

  • Why Us
  • Leadership
  • Team
  • Clients
  • We're hiring

Solutions

  • API & Integration
  • Strategy and Optimization
  • Cloud Services
  • Artificial Intelligence

Partners

  • Apigee
  • AWS
  • Kong
  • MuleSoft
  • Red Hat
  • Salesforce
  • UiPath

Popular Links

  • Contact Us
  • Blog
  • White Papers
  • Case Study
COPYRIGHT © 2022 ⬤ ArganoMS³ MOUNTAIN STATE SOFTWARE SOLUTIONS

Copyright © 2023 · MS3 Mountain State Software Solutions · Log in