Contact Us 1-800-596-4880

Azure Key Vault Connector 1.1 Reference - Mule 4

Anypoint Connector for Azure Key Vault (Azure Key Vault Connector) enables you to retrieve secrets, keys, or certificates, and encrypt or decrypt content.

Configuration

Default Configuration for Azure Key Vault Connector.

Name Type Description Default Value Required

Name

String

Name for this configuration. Connectors reference the configuration with this name.

x

Connection

Connection types for this configuration.

x

Name

String

ID used to reference this configuration.

x

Expiration Policy

Configures the minimum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration.

Connection - Connection Type

Uses a client ID, client secret, and cryptography client cache for authentication. Note that the connector configuration does not allow properties such as client_id and client_secret to be hard coded.

Name Type Description Default Value Required

Client Id

String

Client ID.

x

Tenant Id

String

Tenant ID.

x

Client Secret

String

Client secret.

x

Vault Name

String

Vault name.

x

Use Azure Default Credential

Boolean

Uses the authentication parameters taken from environment variables.

false

Uri Override

String

The URI override for the key vault. If you configure this field, then the value for the Vault Name field is not considered for the connection configuration. If the key vault is not located on Azure Commercial Cloud, then configure this field.

Cryptography Client Cache

The cryptography client is created based on a key. If the key does not change (no new versions are created), the client is cached and the Encrypt Message and Decrypt Message operations take less time. When encrypting or decrypting a message, a key must be retrieved internally. Retrieving a key every time makes the operation take longer to execute. Enable Cryptography Client Cache to save time when retrieving the key.

Reconnection

Configures a reconnection strategy to use when a connector operation fails to connect to an external server.

Pooling Profile

Characteristics of the connection pool.

Operations

Decrypt Message

<azure-key-vault:decrypt-message>

Decrypts a message.

Name Type Description Default Value Required

Configuration

String

Name of the configuration to use.

x

Algorithm

Enumeration, one of:

  • RSA_OAEP

  • RSA_OAEP_256

  • RSA1_5

Algorithm type.

x

Key Name

String

Key name.

x

Key Version

String

Key version.

Message

Any

Message to decrypt.

#[payload]

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

x

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Retry strategy in case of connectivity errors.

Output

Type

Cryptography Result

Associated Configurations

Throws

  • AZURE-KEY-VAULT:CONNECTIVITY

  • AZURE-KEY-VAULT:DECRYPT_ERROR

  • AZURE-KEY-VAULT:ENCRYPT_ERROR

  • AZURE-KEY-VAULT:INVALID_CREDENTIALS

  • AZURE-KEY-VAULT:INVALID_VAULT

  • AZURE-KEY-VAULT:RESOURCE_NOT_FOUND

  • AZURE-KEY-VAULT:RETRY_EXHAUSTED

Encrypt Message

<azure-key-vault:encrypt-message>

Encrypts a message.

Name Type Description Default Value Required

Configuration

String

Name of the configuration to use.

x

Algorithm

Enumeration, one of:

  • RSA_OAEP

  • RSA_OAEP_256

  • RSA1_5

Algorithm type.

x

Key Name

String

Key name.

x

Key Version

String

Key version.

Message

Any

Message to encrypt.

#[payload]

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

x

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Retry strategy in case of connectivity errors.

Output

Type

Cryptography Result

Associated Configurations

Throws

  • AZURE-KEY-VAULT:CONNECTIVITY

  • AZURE-KEY-VAULT:DECRYPT_ERROR

  • AZURE-KEY-VAULT:ENCRYPT_ERROR

  • AZURE-KEY-VAULT:INVALID_CREDENTIALS

  • AZURE-KEY-VAULT:INVALID_VAULT

  • AZURE-KEY-VAULT:RESOURCE_NOT_FOUND

  • AZURE-KEY-VAULT:RETRY_EXHAUSTED

Get Certificate

<azure-key-vault:get-certificate>

Retrieves a certificate.

Name Type Description Default Value Required

Configuration

String

Name of the configuration to use.

x

Certificate Name

String

Certificate name.

x

Certificate Version

String

Certificate version.

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

x

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Retry strategy in case of connectivity errors.

Output

Type

Vault Certificate

Associated Configurations

Throws

  • AZURE-KEY-VAULT:CONNECTIVITY

  • AZURE-KEY-VAULT:DECRYPT_ERROR

  • AZURE-KEY-VAULT:ENCRYPT_ERROR

  • AZURE-KEY-VAULT:INVALID_CREDENTIALS

  • AZURE-KEY-VAULT:INVALID_VAULT

  • AZURE-KEY-VAULT:RESOURCE_NOT_FOUND

  • AZURE-KEY-VAULT:RETRY_EXHAUSTED

Get Secret

<azure-key-vault:get-secret>

Retrieves a secret.

Name Type Description Default Value Required

Configuration

String

Name of the configuration to use.

x

Secret Name

String

Secret name.

x

Secret Version

String

Secret version.

Config Ref

ConfigurationProvider

Name of the configuration to use to execute this component.

x

Target Variable

String

Name of the variable that stores the operation’s output.

Target Value

String

Expression that evaluates the operation’s output. The outcome of the expression is stored in the Target Variable field.

#[payload]

Reconnection Strategy

Retry strategy in case of connectivity errors.

Output

Type

Vault Secret

Associated Configurations

Throws

  • AZURE-KEY-VAULT:CONNECTIVITY

  • AZURE-KEY-VAULT:DECRYPT_ERROR

  • AZURE-KEY-VAULT:ENCRYPT_ERROR

  • AZURE-KEY-VAULT:INVALID_CREDENTIALS

  • AZURE-KEY-VAULT:INVALID_VAULT

  • AZURE-KEY-VAULT:RESOURCE_NOT_FOUND

  • AZURE-KEY-VAULT:RETRY_EXHAUSTED

Object Types

Cached Cryptography Client Configuration

Configures the cached cryptography client configuration.

The cryptography client is created based on a key. If the key does not change (no new versions are created), the client is cached and the Encrypt Message and Decrypt Message operations take less time.

When encrypting or decrypting a message, a key must be retrieved internally. Retrieving a key every time makes the operation take longer to execute. Enable Cryptography Client Cache to save time when retrieving the key.

Field Type Description Default Value Required

Cached Crypto Client Ttl

String

Cached crypto client time-to-live (TTL) value.

10

Unit

Enumeration, one of:

  • NANOSECONDS

  • MICROSECONDS

  • MILLISECONDS

  • SECONDS

  • MINUTES

  • HOURS

  • DAYS

Time unit for the Cached Crypto Client Ttl field.

MINUTES

Cryptography Result

Configures the cryptography result type.

Field Type Description Default Value Required

Data

Binary

Data.

Encryption Algorithm

Enumeration, one of:

  • RSA_OAEP

  • RSA_OAEP_256

  • RSA1_5

Encryption algorithm type.

Key

String

Key.

Expiration Policy

Configures an expiration policy strategy.

Field Type Description Default Value Required

Max Idle Time

Number

Configures the maximum amount of time that a dynamic configuration instance can remain idle before Mule considers it eligible for expiration.

Time Unit

Enumeration, one of:

  • NANOSECONDS

  • MICROSECONDS

  • MILLISECONDS

  • SECONDS

  • MINUTES

  • HOURS

  • DAYS

Time unit for the Max Idle Time field.

Pooling Profile

Configures the pooling profile type.

Field Type Description Default Value Required

Max Active

Number

Controls the maximum number of Mule components that can be borrowed from a session at one time. When set to a negative value, there is no limit to the number of components that are active at one time. When Max Active is exceeded, the pool is exhausted.

Max Idle

Number

Controls the maximum number of Mule components that sit idle in the pool at any time. When set to a negative value, there is no limit to the number of Mule components that are idle at one time.

Max Wait

Number

Specifies the number of milliseconds to wait for a pooled component to become available when the pool is exhausted and when Exhausted Action is set to WHEN_EXHAUSTED_WAIT.

Min Eviction Millis

Number

Determines the minimum amount of time an object sits idle in the pool before the object is eligible for eviction. When non-positive, no objects are evicted from the pool due to idle time alone.

Eviction Check Interval Millis

Number

Specifies the number of milliseconds between runs of the object evictor. When non-positive, no object evictor is executed.

Exhausted Action

Enumeration, one of:

  • WHEN_EXHAUSTED_GROW

  • WHEN_EXHAUSTED_WAIT

  • WHEN_EXHAUSTED_FAIL

Specifies the behavior of the Mule component pool when the pool is exhausted:

  • WHEN_EXHAUSTED_FAIL

    Throws a NoSuchElementException

  • WHEN_EXHAUSTED_WAIT

    Blocks by invoking Object.wait(long) until a new or idle object is available

  • WHEN_EXHAUSTED_GROW

    Creates a new Mule instance and returns it, essentially making Max Active meaningless. If Max Wait is positive, WHEN_EXHAUSTED_GROW blocks for at most that many milliseconds, after which a NoSuchElementException is thrown. If Max Wait is negative, WHEN_EXHAUSTED_GROW blocks indefinitely.

Initialisation Policy

Enumeration, one of:

  • INITIALISE_NONE

  • INITIALISE_ONE

  • INITIALISE_ALL

Determines how components in a pool should be initialized:

  • INITIALISE_NONE

    Does not load any components into the pool on startup

  • INITIALISE_ONE

    Loads one initial component into the pool on startup

  • INITIALISE_ALL

    Loads all components in the pool on startup

Disabled

Boolean

Specifies whether pooling is disabled or not.

Reconnect

Configures a standard reconnection strategy, which specifies how often to reconnect and how many reconnection attempts the connector source or operation can make.

Field Type Description Default Value Required

Frequency

Number

How often to attempt to reconnect, in milliseconds.

Blocking

Boolean

If false, the reconnection strategy runs in a separate, non-blocking thread.

Count

Number

How many reconnection attempts the Mule app can make.

Reconnect Forever

Configures a forever reconnection strategy by which the connector source or operation attempts to reconnect at a specified frequency for as long as the Mule app runs.

Field Type Description Default Value Required

Frequency

Number

How often to attempt to reconnect, in milliseconds.

Blocking

Boolean

If false, the reconnection strategy runs in a separate, non-blocking thread.

Reconnection

Configures a reconnection strategy for an operation.

Field Type Description Default Value Required

Fails Deployment

Boolean

Configures a reconnection strategy to use when a connector operation fails to connect to an external server.

Reconnection Strategy

Reconnection strategy to use.

Vault Certificate

Configures the vault certificate type.

Field Type Description Default Value Required

Certificate

Binary

Certificate.

Certificate Content Type

String

Certificate content type.

Certificate Key Type

String

Certificate key type.

Certificate Secret

Certificate secret.

Certificate Type

String

Certificate type.

Created On

DateTime

Date the vault certificate is created.

Enabled

Boolean

Specifies whether the vault certificate is enabled.

Expires On

DateTime

Specifies the expiration of the vault certificate.

Key Id

String

Key ID.

Name

String

Name.

Not Before

DateTime

Specifies which DateTime the vault certificate must be not before.

Recovery Level

String

Recovery level.

Secret Id

String

Secret ID.

Updated On

DateTime

Specifies which DateTime the vault certificate is updated on.

Version

String

Version of the vault certificate.

Vault Secret

Configures the vault secret type.

Field Type Description Default Value Required

Content Type

String

Content type.

Created On

DateTime

Date the vault secret is created.

Enabled

Boolean

Specifies whether the vault secret is enabled.

Expires On

DateTime

Specifies the expiration of the vault secret.

Id

String

ID.

Name

String

Name.

Not Before

DateTime

Specifies which DateTime the vault secret must be not before.

Recovery Level

String

Recovery level.

Updated On

DateTime

Specifies which DateTime the vault secret is updated on.

Value

String

Value.

Version

String

Version of the vault secret.

View on GitHub