Safely Hide Application Property In Mule 4
In this tutorial we will demonstrate how can we safely hide the application property as well encrypted property which is defined using secure property placeholder
Safely Hidden Property:
CloudHub supports safely hidden application properties, in which the name of the property is visible in Anypoint Runtime Manager, but the value is not displayed or retrievable by any user. CloudHub resolves the property at runtime without exposing the sensitive information
Safely Hide the Encrypted Property
Encrypted properties can also be defined as safely hidden application properties, by listing the encrypted property’s name in the secureProperties entry in the Mule application’s mule-artifact.json file.
Few Important Points:
- When we move the application from one environment to another environment safely hidden property values are not copied to new environment only the name of the property is copied
- Safely hidden application properties are encrypted and stored in a MuleSoft-managed CloudHub properties database
- When the application is deployed, the value of the encrypted property names is hidden in the Runtime Manager Properties tab with decrypted properties and decrypted values are stored securely in the Mule worker’s memory the decrypted values are never stored in any CloudHub worker’s files
- If you want to update the encrypted property which is safely hidden, you can replace the encrypted property with text value then the text value will be stored securely in cloudhub property database and when the app is deployed on cloudhub it will be hidden again and can not be visible
To demonstrate this we will create a sample dev.yaml file under src/main/resources and configure the mule-artifact.json for both unencrypted value as well encrypted value which is defined using secure property placeholder
dev.yaml file: we have defined username,port and secured password in dev.yaml
db: username:admin port:8001 password:"![kiwQK955ycpgW9LT1kzXzA==]"
mule-artifact.json
we have defined db.username,secure.key and encrypted db.password which will accessed using secure::
{ "configs": [ "sampleproject.xml" ], "secureProperties": ["secure::db.password", "mule.key","db.username"], "redeploymentEnabled": true, "name": "secure-properties", "minMuleVersion": "4.3.0", "requiredProduct": "MULE_EE", "classLoaderModelLoaderDescriptor": { "id": "mule", "attributes": { "exportedResources": [] } }, "bundleDescriptorLoader": { "id": "mule", "attributes": {} } }