Azure Key Vault Connector 1.1 Reference - Mule 4

Anypoint Connector for Azure Key Vault (Azure Key Vault Connector) enables you to retrieve secrets, keys, or certificates, and encrypt or decrypt content.

Configuration

Default Configuration for Azure Key Vault Connector.

Name	Type	Description	Required
Name	String	Name for this configuration. Connectors reference the configuration with this name.	x
Connection	Connection	Connection types for this configuration.	x
Name	String	ID used to reference this configuration.	x
Expiration Policy	Expiration Policy	Configures the minimum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration.

Name

Type

Description

Default Value

Required

Name

String

Name for this configuration. Connectors reference the configuration with this name.

Connection

Connection

Connection types for this configuration.

Name

String

ID used to reference this configuration.

Expiration Policy

Expiration Policy

Configures the minimum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration.

Connection - Connection Type

Uses a client ID, client secret, and cryptography client cache for authentication. Note that the connector configuration does not allow properties such as client_id and client_secret to be hard coded.

Name	Type	Description	Default Value	Required
Client Id	String	Client ID.		x
Tenant Id	String	Tenant ID.		x
Client Secret	String	Client secret.		x
Vault Name	String	Vault name.		x
Use Azure Default Credential	Boolean	Uses the authentication parameters taken from environment variables.	false
Uri Override	String	The URI override for the key vault. If you configure this field, then the value for the Vault Name field is not considered for the connection configuration. If the key vault is not located on Azure Commercial Cloud, then configure this field.
Cryptography Client Cache	Cached Cryptography Client Configuration	The cryptography client is created based on a key. If the key does not change (no new versions are created), the client is cached and the Encrypt Message and Decrypt Message operations take less time. When encrypting or decrypting a message, a key must be retrieved internally. Retrieving a key every time makes the operation take longer to execute. Enable Cryptography Client Cache to save time when retrieving the key.
Reconnection	Reconnection	Configures a reconnection strategy to use when a connector operation fails to connect to an external server.
Pooling Profile	Pooling Profile	Characteristics of the connection pool.

Name

Type

Description

Default Value

Required

Client Id

String

Client ID.

Tenant Id

String

Tenant ID.

Client Secret

String

Client secret.

Vault Name

String

Vault name.

Use Azure Default Credential

Boolean

Uses the authentication parameters taken from environment variables.

false

Uri Override

String

The URI override for the key vault. If you configure this field, then the value for the Vault Name field is not considered for the connection configuration. If the key vault is not located on Azure Commercial Cloud, then configure this field.

Cryptography Client Cache

Cached Cryptography Client Configuration

The cryptography client is created based on a key. If the key does not change (no new versions are created), the client is cached and the Encrypt Message and Decrypt Message operations take less time. When encrypting or decrypting a message, a key must be retrieved internally. Retrieving a key every time makes the operation take longer to execute. Enable Cryptography Client Cache to save time when retrieving the key.

Reconnection

Reconnection

Configures a reconnection strategy to use when a connector operation fails to connect to an external server.

Pooling Profile

Pooling Profile

Characteristics of the connection pool.

Decrypt Message

<azure-key-vault:decrypt-message>

Decrypts a message.

Name Type Description Default Value Required

Name	Type	Description	Default Value	Required
Configuration	String	Name of the configuration to use.		x
Algorithm	Enumeration, one of: RSA_OAEP RSA_OAEP_256 RSA1_5	Algorithm type.		x
Key Name	String	Key name.		x
Key Version	String	Key version.
Message	Any	Message to decrypt.	`#[payload]`
Config Ref	ConfigurationProvider	Name of the configuration to use to execute this component.		x
Target Variable	String	Name of the variable that stores the operation’s output.
Target Value	String	Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.	`#[payload]`
Reconnection Strategy	Reconnect Reconnect Forever	Retry strategy in case of connectivity errors.

Configuration

String

Name of the configuration to use.

Algorithm

Enumeration, one of:

RSA_OAEP
RSA_OAEP_256
RSA1_5

Algorithm type.

Key Name

String

Key name.

Key Version

String

Key version.

Message

Any

Message to decrypt.

#[payload]

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Reconnect
Reconnect Forever

Retry strategy in case of connectivity errors.

Output

Type	Cryptography Result

Associated Configurations

Configuration

Throws

AZURE-KEY-VAULT:CONNECTIVITY
AZURE-KEY-VAULT:DECRYPT_ERROR
AZURE-KEY-VAULT:ENCRYPT_ERROR
AZURE-KEY-VAULT:INVALID_CREDENTIALS
AZURE-KEY-VAULT:INVALID_VAULT
AZURE-KEY-VAULT:RESOURCE_NOT_FOUND
AZURE-KEY-VAULT:RETRY_EXHAUSTED

Encrypt Message

<azure-key-vault:encrypt-message>

Encrypts a message.

Name Type Description Default Value Required

Name	Type	Description	Default Value	Required
Configuration	String	Name of the configuration to use.		x
Algorithm	Enumeration, one of: RSA_OAEP RSA_OAEP_256 RSA1_5	Algorithm type.		x
Key Name	String	Key name.		x
Key Version	String	Key version.
Message	Any	Message to encrypt.	`#[payload]`
Config Ref	ConfigurationProvider	Name of the configuration to use to execute this component.		x
Target Variable	String	Name of the variable that stores the operation’s output.
Target Value	String	Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.	`#[payload]`
Reconnection Strategy	Reconnect Reconnect Forever	Retry strategy in case of connectivity errors.

Configuration

String

Name of the configuration to use.

Algorithm

Enumeration, one of:

RSA_OAEP
RSA_OAEP_256
RSA1_5

Algorithm type.

Key Name

String

Key name.

Key Version

String

Key version.

Message

Any

Message to encrypt.

#[payload]

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Reconnect
Reconnect Forever

Retry strategy in case of connectivity errors.

Output

Type	Cryptography Result

Associated Configurations

Configuration

Throws

AZURE-KEY-VAULT:CONNECTIVITY
AZURE-KEY-VAULT:DECRYPT_ERROR
AZURE-KEY-VAULT:ENCRYPT_ERROR
AZURE-KEY-VAULT:INVALID_CREDENTIALS
AZURE-KEY-VAULT:INVALID_VAULT
AZURE-KEY-VAULT:RESOURCE_NOT_FOUND
AZURE-KEY-VAULT:RETRY_EXHAUSTED

Get Certificate

<azure-key-vault:get-certificate>

Retrieves a certificate.

Name Type Description Default Value Required

Name	Type	Description	Default Value	Required
Configuration	String	Name of the configuration to use.		x
Certificate Name	String	Certificate name.		x
Certificate Version	String	Certificate version.
Config Ref	ConfigurationProvider	Name of the configuration to use to execute this component.		x
Target Variable	String	Name of the variable that stores the operation’s output.
Target Value	String	Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.	`#[payload]`
Reconnection Strategy	Reconnect Reconnect Forever	Retry strategy in case of connectivity errors.

Configuration

String

Name of the configuration to use.

Certificate Name

String

Certificate name.

Certificate Version

String

Certificate version.

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Reconnect
Reconnect Forever

Retry strategy in case of connectivity errors.

Output

Type	Vault Certificate

Associated Configurations

Configuration

Throws

AZURE-KEY-VAULT:CONNECTIVITY
AZURE-KEY-VAULT:DECRYPT_ERROR
AZURE-KEY-VAULT:ENCRYPT_ERROR
AZURE-KEY-VAULT:INVALID_CREDENTIALS
AZURE-KEY-VAULT:INVALID_VAULT
AZURE-KEY-VAULT:RESOURCE_NOT_FOUND
AZURE-KEY-VAULT:RETRY_EXHAUSTED

Get Secret

<azure-key-vault:get-secret>

Retrieves a secret.

Name Type Description Default Value Required

Name	Type	Description	Default Value	Required
Configuration	String	Name of the configuration to use.		x
Secret Name	String	Secret name.		x
Secret Version	String	Secret version.
Config Ref	ConfigurationProvider	Name of the configuration to use to execute this component.		x
Target Variable	String	Name of the variable that stores the operation’s output.
Target Value	String	Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.	`#[payload]`
Reconnection Strategy	Reconnect Reconnect Forever	Retry strategy in case of connectivity errors.

Configuration

String

Name of the configuration to use.

Secret Name

String

Secret name.

Secret Version

String

Secret version.

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Reconnect
Reconnect Forever

Retry strategy in case of connectivity errors.

Output

Type	Vault Secret

Associated Configurations

Configuration

Throws

AZURE-KEY-VAULT:CONNECTIVITY
AZURE-KEY-VAULT:DECRYPT_ERROR
AZURE-KEY-VAULT:ENCRYPT_ERROR
AZURE-KEY-VAULT:INVALID_CREDENTIALS
AZURE-KEY-VAULT:INVALID_VAULT
AZURE-KEY-VAULT:RESOURCE_NOT_FOUND
AZURE-KEY-VAULT:RETRY_EXHAUSTED

Object Types

Cached Cryptography Client Configuration
Cryptography Result
Expiration Policy
Pooling Profile
Reconnect
Reconnect Forever
Reconnection
Vault Certificate
Vault Secret

Cached Cryptography Client Configuration

Configures the cached cryptography client configuration.

When encrypting or decrypting a message, a key must be retrieved internally. Retrieving a key every time makes the operation take longer to execute. Enable Cryptography Client Cache to save time when retrieving the key.

Field Type Description Default Value Required

Field	Type	Description	Default Value	Required
Cached Crypto Client Ttl	String	Cached crypto client time-to-live (TTL) value.	`10`
Unit	Enumeration, one of: NANOSECONDS MICROSECONDS MILLISECONDS SECONDS MINUTES HOURS DAYS	Time unit for the Cached Crypto Client Ttl field.	`MINUTES`

Cached Crypto Client Ttl

String

Cached crypto client time-to-live (TTL) value.

10

Unit

Enumeration, one of:

NANOSECONDS
MICROSECONDS
MILLISECONDS
SECONDS
MINUTES
HOURS
DAYS

Time unit for the Cached Crypto Client Ttl field.

MINUTES

Cryptography Result

Configures the cryptography result type.

Field	Type	Description
Data	Binary	Data.
Encryption Algorithm	Enumeration, one of: RSA_OAEP RSA_OAEP_256 RSA1_5	Encryption algorithm type.
Key	String	Key.

Field

Type

Description

Default Value

Required

Data

Binary

Data.

Encryption Algorithm

Enumeration, one of:

RSA_OAEP
RSA_OAEP_256
RSA1_5

Encryption algorithm type.

Key

String

Key.

Expiration Policy

Configures an expiration policy strategy.

Field	Type	Description	Default Value	Required
Max Idle Time	Number	Configures the maximum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration.
Time Unit	Enumeration, one of: NANOSECONDS MICROSECONDS MILLISECONDS SECONDS MINUTES HOURS DAYS	Time unit for the Max Idle Time field.

Field

Type

Description

Default Value

Required

Max Idle Time

Number

Configures the maximum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration.

Time Unit

Enumeration, one of:

NANOSECONDS
MICROSECONDS
MILLISECONDS
SECONDS
MINUTES
HOURS
DAYS

Time unit for the Max Idle Time field.

Pooling Profile

Configures the pooling profile type.

Field Type Description Default Value Required

Field	Type	Description
Max Active	Number	Controls the maximum number of Mule components that can be borrowed from a session at one time. When set to a negative value, there is no limit to the number of components that are active at one time. When Max Active is exceeded, the pool is exhausted.
Max Idle	Number	Controls the maximum number of Mule components that sit idle in the pool at any time. When set to a negative value, there is no limit to the number of Mule components that are idle at one time.
Max Wait	Number	Specifies the number of milliseconds to wait for a pooled component to become available when the pool is exhausted and when Exhausted Action is set to `WHEN_EXHAUSTED_WAIT`.
Min Eviction Millis	Number	Determines the minimum amount of time an object sits idle in the pool before the object is eligible for eviction. When non-positive, no objects are evicted from the pool due to idle time alone.
Eviction Check Interval Millis	Number	Specifies the number of milliseconds between runs of the object evictor. When non-positive, no object evictor is executed.
Exhausted Action	Enumeration, one of: WHEN_EXHAUSTED_GROW WHEN_EXHAUSTED_WAIT WHEN_EXHAUSTED_FAIL	Specifies the behavior of the Mule component pool when the pool is exhausted: `WHEN_EXHAUSTED_FAIL` Throws a `NoSuchElementException` `WHEN_EXHAUSTED_WAIT` Blocks by invoking Object.wait(long) until a new or idle object is available `WHEN_EXHAUSTED_GROW` Creates a new Mule instance and returns it, essentially making Max Active meaningless. If Max Wait is positive, `WHEN_EXHAUSTED_GROW` blocks for at most that many milliseconds, after which a `NoSuchElementException` is thrown. If Max Wait is negative, `WHEN_EXHAUSTED_GROW` blocks indefinitely.
Initialisation Policy	Enumeration, one of: INITIALISE_NONE INITIALISE_ONE INITIALISE_ALL	Determines how components in a pool should be initialized: `INITIALISE_NONE` Does not load any components into the pool on startup `INITIALISE_ONE` Loads one initial component into the pool on startup `INITIALISE_ALL` Loads all components in the pool on startup
Disabled	Boolean	Specifies whether pooling is disabled or not.

Max Active

Number

Controls the maximum number of Mule components that can be borrowed from a session at one time. When set to a negative value, there is no limit to the number of components that are active at one time. When Max Active is exceeded, the pool is exhausted.

Max Idle

Number

Controls the maximum number of Mule components that sit idle in the pool at any time. When set to a negative value, there is no limit to the number of Mule components that are idle at one time.

Max Wait

Number

Specifies the number of milliseconds to wait for a pooled component to become available when the pool is exhausted and when Exhausted Action is set to WHEN_EXHAUSTED_WAIT.

Min Eviction Millis

Number

Determines the minimum amount of time an object sits idle in the pool before the object is eligible for eviction. When non-positive, no objects are evicted from the pool due to idle time alone.

Eviction Check Interval Millis

Number

Specifies the number of milliseconds between runs of the object evictor. When non-positive, no object evictor is executed.

Exhausted Action

Enumeration, one of:

WHEN_EXHAUSTED_GROW
WHEN_EXHAUSTED_WAIT
WHEN_EXHAUSTED_FAIL

Specifies the behavior of the Mule component pool when the pool is exhausted:

WHEN_EXHAUSTED_FAIL

Throws a NoSuchElementException
WHEN_EXHAUSTED_WAIT

Blocks by invoking Object.wait(long) until a new or idle object is available
WHEN_EXHAUSTED_GROW

Creates a new Mule instance and returns it, essentially making Max Active meaningless. If Max Wait is positive, WHEN_EXHAUSTED_GROW blocks for at most that many milliseconds, after which a NoSuchElementException is thrown. If Max Wait is negative, WHEN_EXHAUSTED_GROW blocks indefinitely.

Initialisation Policy

Enumeration, one of:

INITIALISE_NONE
INITIALISE_ONE
INITIALISE_ALL

Determines how components in a pool should be initialized:

INITIALISE_NONE

Does not load any components into the pool on startup
INITIALISE_ONE

Loads one initial component into the pool on startup
INITIALISE_ALL

Loads all components in the pool on startup

Disabled

Boolean

Specifies whether pooling is disabled or not.

Reconnect

Configures a standard reconnection strategy, which specifies how often to reconnect and how many reconnection attempts the connector source or operation can make.

Field Type Description Default Value Required

Field	Type	Description
Frequency	Number	How often to attempt to reconnect, in milliseconds.
Blocking	Boolean	If `false`, the reconnection strategy runs in a separate, non-blocking thread.
Count	Number	How many reconnection attempts the Mule app can make.

Frequency

Number

How often to attempt to reconnect, in milliseconds.

Blocking

Boolean

If false, the reconnection strategy runs in a separate, non-blocking thread.

Count

Number

How many reconnection attempts the Mule app can make.

Reconnect Forever

Configures a forever reconnection strategy by which the connector source or operation attempts to reconnect at a specified frequency for as long as the Mule app runs.

Field Type Description Default Value Required

Field	Type	Description	Default Value	Required
Frequency	Number	How often to attempt to reconnect, in milliseconds.
Blocking	Boolean	If `false`, the reconnection strategy runs in a separate, non-blocking thread.

Frequency

Number

How often to attempt to reconnect, in milliseconds.

Blocking

Boolean

If false, the reconnection strategy runs in a separate, non-blocking thread.

Reconnection

Configures a reconnection strategy for an operation.

Field	Type	Description	Default Value	Required
Fails Deployment	Boolean	Configures a reconnection strategy to use when a connector operation fails to connect to an external server.
Reconnection Strategy	Reconnect Reconnect Forever	Reconnection strategy to use.

Field

Type

Description

Default Value

Required

Fails Deployment

Boolean

Configures a reconnection strategy to use when a connector operation fails to connect to an external server.

Reconnection Strategy

Reconnect
Reconnect Forever

Reconnection strategy to use.

Vault Certificate

Configures the vault certificate type.

Field	Type	Description
Certificate	Binary	Certificate.
Certificate Content Type	String	Certificate content type.
Certificate Key Type	String	Certificate key type.
Certificate Secret	Vault Secret	Certificate secret.
Certificate Type	String	Certificate type.
Created On	DateTime	Date the vault certificate is created.
Enabled	Boolean	Specifies whether the vault certificate is enabled.
Expires On	DateTime	Specifies the expiration of the vault certificate.
Key Id	String	Key ID.
Name	String	Name.
Not Before	DateTime	Specifies which DateTime the vault certificate must be not before.
Recovery Level	String	Recovery level.
Secret Id	String	Secret ID.
Updated On	DateTime	Specifies which DateTime the vault certificate is updated on.
Version	String	Version of the vault certificate.

Field

Type

Description

Default Value

Required

Certificate

Binary

Certificate.

Certificate Content Type

String

Certificate content type.

Certificate Key Type

String

Certificate key type.

Certificate Secret

Vault Secret

Certificate secret.

Certificate Type

String

Certificate type.

Created On

DateTime

Date the vault certificate is created.

Enabled

Boolean

Specifies whether the vault certificate is enabled.

Expires On

DateTime

Specifies the expiration of the vault certificate.

Key Id

String

Key ID.

Name

String

Name.

Not Before

DateTime

Specifies which DateTime the vault certificate must be not before.

Recovery Level

String

Recovery level.

Secret Id

String

Secret ID.

Updated On

DateTime

Specifies which DateTime the vault certificate is updated on.

Version

String

Version of the vault certificate.

Vault Secret

Configures the vault secret type.

Field	Type	Description
Content Type	String	Content type.
Created On	DateTime	Date the vault secret is created.
Enabled	Boolean	Specifies whether the vault secret is enabled.
Expires On	DateTime	Specifies the expiration of the vault secret.
Id	String	ID.
Name	String	Name.
Not Before	DateTime	Specifies which DateTime the vault secret must be not before.
Recovery Level	String	Recovery level.
Updated On	DateTime	Specifies which DateTime the vault secret is updated on.
Value	String	Value.
Version	String	Version of the vault secret.

Field

Type

Description

Default Value

Required

Content Type

String

Content type.

Created On

DateTime

Date the vault secret is created.

Enabled

Boolean

Specifies whether the vault secret is enabled.

Expires On

DateTime

Specifies the expiration of the vault secret.

String

ID.

Name

String

Name.

Not Before

DateTime

Specifies which DateTime the vault secret must be not before.

Recovery Level

String

Recovery level.

Updated On

DateTime

Specifies which DateTime the vault secret is updated on.

Value

String

Value.

Version

String

Version of the vault secret.

Azure Key Vault Connector 1.1 Reference - Mule 4

Configuration

Connection - Connection Type

Operations

Decrypt Message

Output

Associated Configurations

Throws

Encrypt Message

Output

Associated Configurations

Throws

Get Certificate

Output

Associated Configurations

Throws

Get Secret

Output

Associated Configurations

Throws

Object Types

Cached Cryptography Client Configuration

Cryptography Result

Expiration Policy

Pooling Profile

Reconnect

Reconnect Forever

Reconnection

Vault Certificate

Vault Secret

See Also