News and Events

News and Events

Custom Mulesoft Exchange Asset Loader Properties Provider Connector

πŸš€ Custom Mulesoft Properties Provider Connector for Exchange-Managed Keystores & Truststores! πŸ”

Managing keystores and truststores in Mulesoft applications can be a challenge, especially when they need frequent updates. Traditionally, these sensitive files are bundled inside application resources, requiring a redeployment every time they change.

We’ve developed a custom Mulesoft Properties Provider Connector that dynamically loads files from a custom Exchange asset, eliminating the need for manual updates within the application!

πŸ“Œ How It Works

βœ… Instead of storing keystores (.p12) or truststores inside Mulesoft application resources, our connector fetches them dynamically from Anypoint Exchange.
βœ… At startup, the connector downloads and unpacks the latest stable version of an Exchange asset into the CloudHub worker’s temp directory.
βœ… Files can be referenced locally, allowing Mule to load keystores and truststores dynamically.

βš™οΈ Key Features

πŸ”Ή Exchange-Managed Security Artifacts – No need to store keystores/truststores inside Mule apps. Manage them centrally in Exchange.
πŸ”Ή Dynamic Asset Loading – Fetches and extracts the latest version of a specified Exchange asset at runtime.
πŸ”Ή Secure & Configurable – Requires authentication using Connected App credentials with Exchange read permissions.
πŸ”Ή Flexible Deployment – Supports different Anypoint Platform hosts (default: US Commercial, but can be customized for GovCloud or other instances).

πŸ”‘ Required Configuration Parameters

To access Exchange assets, the connector requires:
βœ” Connected App Client ID
βœ” Connected App Client Secret
βœ” Group ID (Organization ID where the asset is stored)
βœ” (Optional) Anypoint Host (Default: anypoint.mulesoft.com)

πŸ“Œ Example Use Case: Loading a TLS Asset

In this example, we dynamically load “myapp-asset-tls” from Exchange. The asset is a .zip archive containing a tls folder with environment-specific keystores:

πŸ“‚ tls/
β”œβ”€β”€ dev.p12
β”œβ”€β”€ uat.p12
β”œβ”€β”€ prod.p12

During application startup, the asset is downloaded, extracted, and stored in the CloudHub temp directory, making it accessible as a local file.

Here’s how it’s configured in MuleSoft:

<dynamic-asset-loader-properties-provider:config name="Dynamic_Asset_Loader_Properties_Provider_Config" 
        doc:name="Dynamic Asset Loader Properties Provider Config" />

<tls:context name="https-tls-context" doc:name="TLS Context">
    <tls:trust-store />
    <tls:key-store type="pkcs12" path="${dynamic-asset::myapp-asset-tls/ssl/@(env).p12}" 
        alias="${tls.keystore.alias}"
        keyPassword="${secure::tls.keystore.keyPassword}" 
        password="${secure::tls.keystore.password}"/>
</tls:context>

πŸ“Œ The keystore path is dynamically resolved as:
➑ ${dynamic-asset::myapp-asset-tls/ssl/@(env).p12}
(For example, dev.p12 for dev, uat.p12 for uat environments)

πŸš€ Why This Matters

πŸ”Ή No More Manual File Management – Security artifacts are centrally managed in Exchange.
πŸ”Ή Zero-Downtime Keystore Updates – Change keystores/truststores without redeploying the application.
πŸ”Ή Enhanced Security – Removes sensitive files from the codebase and application resources.

This is a game-changer for teams looking to streamline TLS/SSL certificate management in Mulesoft applications. 🌟

πŸ’¬ What do you think about this approach? Would you like to see more dynamic asset management solutions for Mulesoft?