Encrypting passwords in Mule
Eugene Berman on Friday, October 21, 2011
Jasypt is an open source Java library which provides basic encryption capabilities using a high-level API. This library can be used with Mule to avoid clear text passwords for connectors and endpoints.First, download the latest Jasypt distribution, unpack it and copy icu4j and jasypt jars to MULE_HOME/lib/user directory.
Then add the following snippet to your Mule config file:
Next, you will need to encrypt your passwords using Jasypt command line tools. For example, if your Mule application connects to the MySql database using password “dbpassword”, encrypt it using the following command:
Where MyEncryptionPassword is your encryption key. This command will produce the following output:
ka56rcI0bDpUWoAhy5Y+PrVvqu/wMCnL
Now create a properties file that will list your encrypted passwords and place it in your project src/main/resources directory, e.g. credentials.properties:
Note the ENC() around our encrypted password, this is a que for Jasypt that it is dealing with an encrypted value.
Add the name of this file to the list of locations in the propertyConfigurer bean. Now you can use the property name in your data source configuration:
Finally, create a system variable with the same name as the value of the passwordEnvName property in the first snippet, e.g. MULE_ENCRYPTION_PASSWORD and set its value to the encryption key used for the encrypting your password, e.g.:
Thats it. You can now encrypt all passwords or any other values and Mule can read them and it starts up.
Related posts:
Can we able to decrypt the ENC(password) stored in property file? Is this secure ?
@Areev: It is a password-based encryption and values are decrypted at the runtime – so technically yes, anyone with the password would be able to decrypt it. There’s no way around it.