Browser Tool · Free · No Signup

Secure Properties Tool

Encrypt and decrypt MuleSoft secure properties directly in your browser. Generate production-ready encrypted values for your Mule application properties files without installing anything.

⚡ Client-side only 🔒 Keys never leave your browser 🛡️ AES, Blowfish, DES, 3DES ✓ Mule 4 compatible
100%
Client-side
0
Data sent to server
Free
Forever

What are Secure Properties?

MuleSoft Secure Properties (formerly Secure Configuration Properties) allow you to store sensitive configuration values — database passwords, API keys, certificates — in encrypted form inside your Mule application's properties files. At runtime, the Mule Runtime decrypts them using a key you provide via a system property, keeping secrets out of your source code.

This tool replicates the encryption logic of the official MuleSoft Secure Properties Tool entirely in JavaScript, so you can encrypt values and generate ready-to-paste ![encrypted-value] strings without leaving your browser — and without the Java installation the official CLI requires.

🔐
Encrypt secrets Database passwords, API keys
🔓
Decrypt to verify Confirm encryption is correct
📋
Copy-paste ready Output in ![value] format
⚙️
Multiple algorithms AES, Blowfish, DES, 3DES

Encrypt / Decrypt

Secure Properties Generator

Encrypt and decrypt MuleSoft configuration properties. All operations run locally in your browser — nothing is sent to any server.


Operation
Algorithm
Mode


Encryption Key


Value to Encrypt

Result
Output will appear here…

i

AES-CBC — the default MuleSoft algorithm. Key is padded or truncated to 16 bytes. Output is Base64-encoded, compatible with the secure-properties module.

How to use in MuleSoft

Step 1
Encrypt your value
Enter your secret key and the plaintext value, then click Generate.

Step 2
Use in YAML config
Wrap the result: ![ENC~result] inside your config.yaml.

Step 3
Configure the module
Set the key in secure-properties:config in your Mule app XML.

Step 4
Deploy and run
MuleSoft auto-decrypts values at runtime using the provided key.

How to Use in Your Mule App

01
Choose algorithm and enter your key

Select your encryption algorithm (AES recommended for Mule 4). Enter the same key you'll pass to the Mule runtime via -Dsecure.key=yourkey.

02
Encrypt your secret value

Paste the plaintext value (password, API key, etc.) and click Encrypt. Copy the ![encrypted-value] output.

03
Paste into your properties file

In your config.yaml or .properties file, use the encrypted value: db.password: "![AbCdEf...]". Add the Secure Properties Config element in your Mule XML.

04
Pass the key at runtime

When deploying to CloudHub or Runtime Manager, add secure.key as an encrypted application property. Never commit the key to source control.

Related MuleSoft Guides

All MuleSoft →
API Governance in CloudHub 2.0 — Rulesets, Profiles & Custom Governance at Scale
MuleSoft
· 12 min read
MuleSoft Mastery: From Zero to Hero | Ch.14
How Anypoint API Governance enforces consistency, security, and compliance across a whole API portfolio: reading the governance dashboard and conformance severity, applying MuleSoft-provided rulesets (built on AMF), targeting APIs with profiles and selection criteria, remediating nonconformance, and authoring, validating, documenting, and publishing custom rulesets with the Anypoint CLI. Includes a PCI-compliance case study across 50+ APIs. Chapter 14 of MuleSoft from Zero to Hero.
Ch.13: Comprehensive Observability — Metrics, Logs & Traces Across Any Platform
MuleSoft
· 12 min read
MuleSoft Mastery: From Zero to Hero | Ch.13
Observability for MuleSoft across the three pillars: Anypoint Monitoring dashboards and alerts, custom business metrics via the Custom Metrics connector (custom-metrics:send), log forwarding to Splunk, ELK and Azure with asynchronous Log4j2 appenders and MDC correlation, and distributed tracing with OpenTelemetry — the Direct Telemetry Stream (Mule 4.11+), W3C Trace Context propagation, and an OpenTelemetry Collector fan-out. Includes a payment-gateway troubleshooting case study across all three pillars. Chapter 13 of MuleSoft from Zero to Hero.
Ch.12: Security & Compliance — Securing Integrations & Meeting Regulations
MuleSoft
· 14 min read
MuleSoft Mastery: From Zero to Hero | Ch.12
Defense-in-depth for MuleSoft integrations: TLS for data in transit, the Secure Configuration Properties module and external vaults for secrets, the Cryptography module (JCE and PGP) for message-level encryption, API Manager policies for access control, and the compliance practices — audit logging, data masking, and right-to-erasure — that satisfy GDPR, HIPAA and PCI-DSS. Includes a HIPAA-compliant patient-data API case study. Chapter 12 of MuleSoft from Zero to Hero.