Enterprise Integration Zone is brought to you in partnership with:

Ross founded the open source Mule® project in 2003. Frustrated by integration "donkey work," he set out to create a new platform that emphasized ease of development and re-use of components. He started the Mule project to bring a modern approach, one of assembly, rather than repetitive coding, to developers worldwide. He is now the Founder and CTO of Mulesoft. Ross is a DZone MVB and is not an employee of DZone and has posted 94 posts at DZone. You can read more from them at their website. View Full User Profile

Data encryption with Mule Enterprise Security

  • submit to reddit
Originally authored by Fernando Federico

Mule Enterprise Security is a set of capabilities that build on top of Mule Enterprise’s existing security capabilities, including:

  • Secure Token Service and OAuth 2.0 Provider
  • Digital signing and data encryption
  • Credentials vault
  • Security filters

In this post we are going to look at how to use the data  capabilities in Mule Studio. We’re going to be using Mule Enterprise. Consider the following flow

We want to return the xml sensitive information  in a way only authorised recipients can see it (encrypted).  With the new mule enterprise security module, encrypting information is easy, just follow 3 steps:

1)  Insert the encryption module into your flow:

2) Create your config reference  (click on + and then Ok):

3) Write your encryption key:

And you are done!

What else could you do with this module?

1) Select three encryption strategies:

  • JCE Encryption – with over 18 encryption algorithms, plus 4 encryption modes
  • PGP Encryption – simplified, just add your credentials are your are ready to rock!
  • XML Encryption – supporting the JCE-106 specification
2) Use keystores to store your keys
3) Change your encryption configuration at runtime
4) Use multiple encryptions strategies with the same module
Enterprise integrations running across trust boundaries demand robust security solutions. Mule Enterprise Security provides end-to-end protection of your integration ecosystem.  Data encryption is just one step towards bullet proof integration.
Published at DZone with permission of Ross Mason, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)