Jasypt is an open source Java library which provides basic
encryption capabilities using a high-level
API. This library can be used with Mule to avoid clear text passwords for
connectors and endpoints.First, download the latest
Jasypt distribution, unpack it and copy
icu4j and
jasypt jars to
MULE_HOME/lib/user directory.
Then add the following snippet to your Mule config file:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
<!-- --> <!-- Configuration for encryptor, based on environment variables. --> <!-- --> <!-- In this example, the encryption password will be read from an --> <!-- environment variable called "MULE_ENCRYPTION_PASSWORD" which, once --> <!-- the application has been started, could be safely unset. --> <!-- --> <spring:bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <spring:property name="algorithm" value="PBEWithMD5AndDES" /> <spring:property name="passwordEnvName" value="MULE_ENCRYPTION_PASSWORD" /> </spring:bean> <!-- --> <!-- The will be the encryptor used for decrypting configuration values. --> <!-- --> <spring:bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <spring:property name="config" ref="environmentVariablesConfiguration" /> </spring:bean> <!-- --> <!-- The EncryptablePropertyPlaceholderConfigurer will read the --> <!-- .properties files and make their values accessible as ${var} --> <!-- --> <!-- Our "configurationEncryptor" bean (which implements --> <!-- org.jasypt.encryption.StringEncryptor) is set as a constructor arg. --> <!-- --> <spring:bean id="propertyConfigurer" class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer"> <spring:constructor-arg ref="configurationEncryptor" /> <spring:property name="locations"> <spring:list> <spring:value>credentials.properties</spring:value> </spring:list> </spring:property> </spring:bean>
|
Next, you will need to encrypt your passwords using Jasypt command
line tools. For example, if your Mule application connects to the MySql
database using password “dbpassword”, encrypt it using the following
command:
1
|
$ ./encrypt.sh input="dbpassword" password=MyEncryptionPassword algorithm=PBEWithMD5AndDES
|
Where MyEncryptionPassword is your encryption key. This command will produce the following output:
ka56rcI0bDpUWoAhy5Y+PrVvqu/wMCnL
Now create a properties file that will list your encrypted passwords and
place it in your project src/main/resources directory, e.g.
credentials.properties:
1
|
database.password=ENC(ka56rcI0bDpUWoAhy5Y+PrVvqu/wMCnL)
|
Note the
ENC() around our encrypted password, this is a que for Jasypt that it is dealing with an encrypted value.
Add the name of this file to the list of locations in the
propertyConfigurer bean. Now you can use the property name in your data
source configuration:
1
2
3
4
5
6
7
|
<spring:bean id="jdbcDataSource" class="org.enhydra.jdbc.standard.StandardDataSource" destroy-method="shutdown"> <spring:property name="driverName" value="com.mysql.jdbc.Driver" /> <spring:property name="url" value="jdbc:mysql://localhost/db1" /> <spring:property name="user" value="dbuser" /> <spring:property name="password" value="${database.password}" /> </spring:bean>
|
Finally, create a system variable with the same name as the value of the passwordEnvName property in the first snippet, e.g.
MULE_ENCRYPTION_PASSWORD and set its value to the encryption key used for the
encrypting your password, e.g.:
1
|
$ export MULE_ENCRYPTION_PASSWORD=MyEncryptionPassword
|
Thats it. You can now encrypt all passwords or any other values and Mule can read them and it starts up.
source : http://blogs.mulesoft.org/encrypting-passwords-in-mule/
