How to Hide CloudHub Properties?
Main points:
- property values can be hidden in Runtime Manager
- property names must be listed in the
mule-artifact.xmlfile - property values can be edited manually and will remain masked
- values remain masked even if removed from
mule-artifact.xmlfile
CloudHub Properties
CloudHub supports the hiding of application properties in Anypoint Runtime Manager. The property name is displayed but the value is masked with asterisks, although it can be edited manually via the Properties tab.
Configure a property file
Firstly, you will need to configure a property file. There are three parts to that configuration:
- The property file in which the properties are defined
- The Configuration Property set in the application’s global elements
- The use of the property placeholders in the applications configuration
To learn more, read the blog post How to configure Property Files in Mule 4.
Configure properties to hide
Add the name of the properties you want to be obscured in Runtime Manager to the mule-artifact.json file to the secureProperties array. You will find it located at the root of the Mule application project.
{
"secureProperties": [
"database.mysql-password",
"certificate.encypt-code" ],
"minMuleVersion": "4.3.0"
}
Fig 1: the mule-artifact.json for the my-mule-application
In the above mule-artifact.json file, the values assigned to the properties mysql-password and encrypt-code will be hidden from view in the application’s settings as can be seen in the screenshot below.
Deploy the Mule application to CloudHub
Fig 2: The properties tab in Anypoint Runtime Manager show masked property values
Once your application has been deployed, the hidden properties (name and value) will not be listed in the Properties tab. It won’t be until the name and value of a property are overridden, by adding them manually to the property tab, that the property’s value will be displayed and masked.
database: mysql-username: "admin" mysql-password: "password123" certificate: encypt-code: "qwerty123"
Fig 3: the properties.yaml file
When referring to Mule application properties you can use either the ANT-style notation ${database.mysql-username}, or DataWeave’s Mule::p function, #[p('database.mysql-username')].
Hidden properties
The hidden properties are not output in the console or sent/received between the CloudHub server and the console.
After you set the property, it cannot be retrieve it; however, you can overwrite the property with a new value. To update a value, enter a new value into the field.
If you remove the property name from the secureProperties definitions in your mule-artifact.json file and then redeploy to CloudHub, the secure properties remain masked.
Encrypting Mule 4 properties
Once you have hidden properties from view in CloudHub you might consider encrypting those properties as well. The encryption will ensure that the property values are not visual by anyone, other than the person who performed the encryption, even the developer that uses those properties will not see the values. You can learn how to encrypt Mule 4 Properties in my blog post.
Other posts about Mule
- How to design an MuleSoft RESTful API
- Four ways to specify examples in a RAML API specification
How do you unhide it? Removing it still leaves ******* after the fact.