News Ticker

How to Hide CloudHub Properties?

hidden-properties-cloudhub

Main points:

  • property values can be hidden in Runtime Manager
  • property names must be listed in the mule-artifact.xml file
  • property values can be edited manually and will remain masked
  • values remain masked even if removed from mule-artifact.xml file

CloudHub Properties

CloudHub supports the hiding of application properties in Anypoint Runtime Manager. The property name is displayed but the value is masked with asterisks, although it can be edited manually via the Properties tab.

Configure a property file

Firstly, you will need to configure a property file. There are three parts to that configuration:

  1. The property file in which the properties are defined
  2. The Configuration Property set in the application’s global elements
  3. The use of the property placeholders in the applications configuration

To learn more, read the blog post How to configure Property Files in Mule 4.

Configure properties to hide

Add the name of the properties you want to be obscured in Runtime Manager to the mule-artifact.json file to the secureProperties array. You will find it located at the root of the Mule application project.

{
  "secureProperties": [
     "database.mysql-password",
     "certificate.encypt-code" ],
   "minMuleVersion": "4.3.0" 
}

Fig 1: the mule-artifact.json for the my-mule-application

In the above mule-artifact.json file, the values assigned to the properties mysql-password and encrypt-code will be hidden from view in the application’s settings as can be seen in the screenshot below.

Deploy the Mule application to CloudHub

Fig 2: The properties tab in Anypoint Runtime Manager show masked property values

Once your application has been deployed, the hidden properties (name and value) will not be listed in the Properties tab. It won’t be until the name and value of a property are overridden, by adding them manually to the property tab, that the property’s value will be displayed and masked.

database:
  mysql-username: "admin"
  mysql-password: "password123" 
certificate: 
  encypt-code: "qwerty123"

Fig 3: the properties.yaml file

When referring to Mule application properties you can use either the ANT-style notation ${database.mysql-username}, or DataWeave’s Mule::p function, #[p('database.mysql-username')].

Hidden properties

The hidden properties are not output in the console or sent/received between the CloudHub server and the console.

After you set the property, it cannot be retrieve it; however, you can overwrite the property with a new value. To update a value, enter a new value into the field.

If you remove the property name from the secureProperties definitions in your mule-artifact.json file and then redeploy to CloudHub, the secure properties remain masked.

Encrypting Mule 4 properties

Once you have hidden properties from view in CloudHub you might consider encrypting those properties as well. The encryption will ensure that the property values are not visual by anyone, other than the person who performed the encryption, even the developer that uses those properties will not see the values. You can learn how to encrypt Mule 4 Properties in my blog post.

Other posts about Mule

2 Trackbacks / Pingbacks

  1. How to Encrypt and Secure Properties in Mule 4
  2. Setup Anypoint Studio for Java development

Leave a Reply

%d bloggers like this: