How to hide credentials used in mediation configuration using Secure Vault in WSO2 ESB

Eventhough we use secure vault to encrypt password, it is not possible to use secure vault directly in the mediation configuration. As an example imagine you need to hide a password given in a proxy.

All you have to do is using Secure Vault Password Management screen in WSO2 ESB.


1. Run sh ciphertool.sh -Dconfigure and enable secure vault
2. Start the WSO2 ESB with
3. Go to  Manage -> Secure Vault Tool and then click Manage Passwords
4. You will see the below screen.

5. Click on Add New Password to encrypt and store and specify values.

Vault Key - The alias for the password. E.g., sfpassword
Password -  The actual password.
Re-enter password - Re enter the password.

6. Once you save you will be able to save the newly created vault key.

7. Now you can use it in your proxy or any other mediation configuration as below.

E.g.,

   <inSequence>  
      <property name="password" expression="wso2:vault-lookup('sfpassword')"/>  
      <log level="custom">  
       <property name="InMsg" value="Invoking the proxy"/>  
       <property name="pickPassword" expression="get-property('password')"/>  
      </log>  
      <property name="OUT_ONLY" value="true"/>  
      <send/>  
    </inSequence>  

8. If you want to hide the salesforce password,

Salesforce Configuration :

  <salesforce.getUserInfo configKey="MySFConfig"/>   
    <salesforce.query>   
    <batchSize>1</batchSize>   
    <queryString>{$ctx:CompleteLeadQuery}</queryString>   
  </salesforce.query>   

MySFConfig with salesforce connection details :

 <salesforce.init>  
   <username>xxxx@abc.com</username>  
   <password>{wso2:vault-lookup('sfpassword')}</password>  
   <loginUrl>https://login.salesforce.com/services/Soap/u/27.0</loginUrl>  
   <blocking>false</blocking>  
 </salesforce.init>