Author: Jitendra Bafna
Introduction
It is very important to store the confidential and sensitive data in properties file encrypted. MuleSoft provides capabilities where you can encrypt single property or entire file.
- Create a secure configuration properties file.
- Define secure properties in the file by enclosing the encrypted values between the sequence ![value].
- Configure the file in the project with the Mule Secure Configuration Properties Extension module. The file must point to or include the decryption key.
MuleSoft provides utility (secure-properties-tool.jar) that can be downloaded from here. This jar file is used to encrypt or decrypt the string or file.
Attributes
Before we create the properties file lets understand some of the attributes which are important.
Attribute Name | Description |
Name | A unique name for your global secure configuration properties. |
Key | A word or phrase that you specify to unlock the properties value. |
File | The location of the file that the key unlocks. |
Encoding | Encoding of the file that the key unlocks. The default value is UTF-8. |
File Level Encryption | Set to true if the file itself is entirely encrypted. Default value is false. |
Algorithm | The type of algorithm you use to encrypt the content of the property. |
Mode | The procedure that allows the Mule runtime engine to repeatedly use a block cipher with a single key. |
Setting Up Mule Secure Configuration Property Extension
By default, you will not find Mule Secure Configuration Property extension in Anypoint Studio. You can install it from Exchange into your Anypoint Studio.

Create a Secure Configuration Properties File
The first step is to create a secure properties file and it can be .properties or .yaml file. MuleSoft recommends using a YAML configuration file, because it allows the addition of type validations and autocompletion. The Mule Secure Configuration Properties Extension module enables you to configure these.yamlor .properties file types.
You can create secure configuration properties files either in src/main/resources in your Mule project, or by using absolute paths.
Example YAML Properties FileÂ
smtp:  email:    port: “587”    host: “smtp.gmail.com”    username: “no.reply@gmail.com”     password: “
Encrypted value needs to be added to the properties file as shown below
![encryptedpassword]
This will tell runtime that this particular value needs to decrypt.
We need to use the same key, algorithm and mode for decrypting the data.
java -jar secure-properties-tool.jar string decrypt Blowfish CBC mulesoft WXDKlr6GZfs=

Create Secure Configuration Property in Global Configuration
To create Secure Properties Config, you can create using Global Configuration.

Provide Properties File location, Key (Key can be used to decrypt the text and that is used for encrypt the text), Algorithm can be Blowfish and Mode To CBC.

Accessing Secure Property in MuleSoft Components
Secure property can be accessed to connector, dataweave etc.
To access property, we can use ${secure::propertyName}.

Supported Algorithms
AES (default), Blowfish, DES, DESede, RC2, RCA
The following algorithms can be used only if you configure a Java Cryptography Extension (JCE) Provider that adds support for them:
Camellia, CAST5, CAST6, Noekeon, Rijndael,SEED, Serpent, Skipjack, TEA, Twofish, XTEA, RC5, RC6
Supported Modes
CBC (default), CFB, ECB, OFB
Best Practices
- It is recommended to keep separate properties file for each environment (eg. appName-dev.yaml, appName-test.yaml, appName-prod.yaml).Â
- It is recommended by MuleSoft to use .yaml file instead of .properties file.
- It is recommended to declare global property for environment (eg. mule.env).
- Do not change mule.env property to prod or test but instead of that you can pass as argument in CI/CD pipeline maven command.
mvn deploy -DmuleDeploy -Dmule.env=prod
- All sensitive and confidential data like passwords, keys needs to be encrypted before storing in the property file.
- Keep all connections and other properties in global.xml.
Now, you know how to encrypt the sensitive and confidential data before storing it to Mule Properties File.