This mule custom properties extension allows Mule applications to retrieve sensitive configuration properties such as keystore passwords, database password etc directly from AWS secrets manager. The key benifit of this approach is that you don't have to put these sensitive property value in clear text in the configuration files, which is a major security issue. Some of the other benefit of this approach are:
- You can make use of life cycle lambda functions or any other custom process to rotate the secrets in an automated way
- No need to manage encryption keys as we have to if we use secure configuration properties
The down side is ofcourse this solution requires access to AWS secrets manager
Below example illustrates the usage.
The keyPassword "${aws-sm-getSecretValue::keystoreCred:keyPassword}
** and keystore pasword "${aws-sm-getSecretValue::keystoreCred:keystorePassword}"
refer to the secret manager defined prefix to fetch the secret from the Secrets manager.
<http:listener-config name="HTTP_Listener_config" doc:name="HTTP Listener config" doc:id="cdd1c593-0d92-4d51-a5cc-1ac3acd60496" >
<http:listener-connection protocol="HTTPS" host="0.0.0.0" port="8081" >
<tls:context >
<tls:key-store type="jks" keyPassword="${aws-sm-getSecretValue::keystoreCred:keyPassword}" password="${aws-sm-getSecretValue::keystoreCred:keystorePassword}" path="keystore.jks"/>
</tls:context>
</http:listener-connection>
</http:listener-config>
Use the following format to get the secret manager specific secret key value
"${aws-sm-getSecretValue::secretName:secretKey}"
Follow these steps to customize the extension package name:
-
Import the Secrets Manager Properties Provider project into your favorite IDE.
-
Open the
pom.xml
file:-
Define the GAV (
groupId
,artifactId
, andversion
) of your module. -
Define the
name
of your module.
-
-
Change the package name (
com.sandiindia.mule.provider
) of your code.
Install the module locally using mvn clean install
to make the module accessible from Studio.
To use the custom properties provider:
-
Create an application in Studio.
-
Add the dependency to you new module:
-
Open the
pom.xml
file. -
Within the
<dependencies>
tag, add a new dependency using the GAV that you put in your module. -
Remember to add
<classifier>mule-plugin</classifier>
because it is a Mule module. -
Save your changes.
-
Now, open the application XML file and in the Global Elements tab and click Create. Under Connector Configuration, you should see an option for selecting the configuration from your custom module, for example
You can now configure your new component and start using properties with the prefix defined in your module.