Protecting App Property Values
CloudHub 2.0 enables you to protect application property values by displaying the property name but not its value, in Anypoint Runtime Manager.
Additionally, the value is not viewable or retrievable by any user. CloudHub 2.0 resolves the property internally at runtime. These protected application values are encrypted and stored in the Anypoint Security secrets manager, which, in turn, is encrypted per user organization. Because the values are encrypted, you cannot view them in Anypoint Security secrets manager or Anypoint Runtime Manager.
Protected property values are separate from the encrypted Mule application properties stored in secure configuration files. See Secure Configuration Properties. |
Protect Property Values in Runtime Manager
Set protected properties via the table view for granular control over each property and value.
Although you can attempt to protect a single property more than once, Runtime Manager issues a warning and protects only the final instance of that property.
-
From Anypoint Platform, select Runtime Manager > Applications.
-
Click the app name.
-
In the navigation menu, click Settings.
-
On the Settings page, click the Properties tab.
-
Depending on how many properties you want to protect, choose either:
-
To protect properties one at a time, click Table view.
-
To protect multiple properties, use Text view to add the key-value pairs, switch to Table view, and continue to Step 8 to protect the properties.
-
-
In the New Key field, enter the property name to protect.
-
In the New Value field, enter the property value.
-
In the value field, click Protect and then click Protect value to confirm.
-
Depending on the deployment status, choose either:
-
If this application is deployed, click Apply Changes.
-
If you’re ready to deploy the application, click Deploy Application.
-
On the Properties tab, the values for properties that you just protected are now no longer visible to you or any other user.
In the following example, the values for birthdate
and password
are protected, but the value for username
is not:
After you commit the values and deploy the app, the protected property values don’t appear in the console and aren’t sent and received between the console and CloudHub.
Replace a Protected Property Value
After you set the property value, you can’t retrieve it. However, you can replace the protected property value with a new protected value:
-
From Anypoint Platform, select Runtime Manager > Applications.
-
Click the app name.
-
In the navigation menu, click Settings.
-
On the Settings page, click the Properties tab.
-
Click Table view.
-
Click … > Replace protected value:
-
Enter a new value in the field.
-
Click Apply, then Apply Changes.