Securing Application Data for MuleSoft Applications and providing an interface between MuleSoft and external secure property vaults is essential today. This is why and how we did it.
A consistent challenge companies face with today’s security-conscious environment is storing sensitive application data outside of a source control repository. At the same time, we need to enable a smooth, automated process for deploying applications. Products like CyberArk’s EPV and Microsoft’s Key Vault help companies manage application data like passwords and secrets. The trick is how to get Mule to interface with those products.
Our original objective was to create an interface between CyberArk’s EPV and Mule that would allow any application developer manager a set of sensitive properties. We need to accomplish this outside of standard Java property files. We also had to still continue to utilize Java property files for plain-text properties. Over time, we realized that this interface could be constructed as a template for other third-party products.
The EPV solution was developed in Mule 3 with the combination of a Spring configuration and a Java class that interacts with the underlying EPV agent. The EPV agent is installed on each Mule server as a daemon on the operating system. It communicates, securely, with the EPV server that manages the sensitive properties.
When Mule starts, the Spring configuration is loaded and the initialization of the Java class that interacts with the agent is started. As Mule continues its initialization process, the Java class builds a separate set of properties from a developer-defined list via the EPV agent.
<!-- Mule 4 configuration -->
With the introduction of Mule 4, the solution needed a redesign. Mule 4 utilizes custom modules built with the Mule SDK instead of loading configurations via Spring. While vastly different from Mule 3 implementation, the Mule 4 solution is very elegant and more easily consumed by developers.
While MuleSoft has a few ways to implement a solution for securing sensitive application properties, other products are much more suited to manage this data properly. By implementing custom modules that connect to third-party products like EPV and Key Vault, companies can manage application data securely and effectively. We found this was the best way for securing application data for mule applications
Should you have any questions, please feel free to reach out to me.