Secure Properties: 3 ways to protect your properties in MuleSoft!

Why do we secure properties?

The best practices of the industry state that we must not save passwords or sensitive configuration properties inside a project. Despite that, we are sometimes forced to store some of such properties inside our applications. In this scenario, our best bet is to secure these properties. Securing these properties can prevent unauthorized access to sensitive information and protect against potential data breaches. Storing passwords in plain text in your code makes it easy for malicious actors to obtain them, which can lead to unauthorized access to your accounts, systems, and data. Encryptions scramble the properties, using a unique secure key and a security algorithm, so it becomes unreadable.

Prerequisites

• Have a predefined ‘.yaml’ or ‘.properties’ file in your project
• Have a secure key and algorithm chosen to encrypt the properties
• Have installed ‘Anypoint Enterprise Security’. Follow the steps here

Secure properties in MuleSoft

In MuleSoft, there are several ways one can secure the configuration properties in .properties file. In this article, we will discuss 3 ways of securing the properties.

Using Mule properties editor

• Ensure you have Anypoint Enterprise Security installed in your local Anypoint studio. To install follow the steps mentioned in the prerequisites.
• Go to your Project Folder> src/main/resources/ <your config file> and right-click, go to Open with > Mule Properties Editor, and double-click on it.

• If you do not see the Mule Properties Editor, right-click on your configuration file and go to Open with > other

• Search for Mule Properties Editor, you will see it below if Anypoint Enterprise Security is installed correctly.

• Double-click on the property name you want to encrypt. a window will pop up, Click encrypt and OK.

• Choose the algorithm of your choice and enter the secure key authorized by your organization.

• An encrypted configuration property is ready to be used. Click OK and the value is automatically replaced with the new encrypted value.

• You can decrypt your value in a similar fashion, by clicking the decrypt option.

Using Secure Properties Tool

To Encrypt the values inside the properties file, you can use the secure properties tool provided by MuleSoft.

• Download the tool jar file using this link.
• Now open the command prompt and navigate to the location of the tool.
• To encrypt the values, use the following syntax:
  `java -cp secure-properties-tool.jar `com.mulesoft.tools.SecurePropertiesTool \ <method> \ <operation> \ `<algorithm> \ <mode> \ <key> \ <value> \ — use-random-iv [optional]

• Set <method> to string and specify other parameters as desired.
• To escape special characters in your password use a backward slash (\) before the special characters.
• You can decrypt the value by using <decrypt> instead of <operation> in the above command.
• This value can now be used in your properties file to encrypt your values.

Using Secure Properties Generator

• This is probably the easiest and quickest way to encrypt your properties. This provides you to do the exact same thing but online, without writing commands and downloading software.
• This is a tool provided by MuleSoft + Salesforce, where you can encrypt not only string values but complete files as well!
• Navigate here and fill in the details as mentioned in the above methods.
• Choose the Operation, Algorithm, and State from the drop-down. Enter your security key and Vvlaue to be encrypted/decrypted. Click on generate, and voila, your encrypted key is ready.
• NOTE: In many cases, it is not secure to cross your firewall and use an online encryption portal. Keep this in mind while using the third method to encrypt the properties. This method has its pros and cons and it depends on your case scenario if it can be deemed a safe way to encrypt configuration properties.

Summary

In conclusion, we can secure our configuration properties using any method, but what is important is that we do it. Securing the properties provide extra layered protection for our application. Security is amongst the most important non-functional requirements and is on an all-time rise!
To explore a follow-along video tutorial on YOUTUBE, check this out!