Skip Navigation
Show nav
Heroku Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
View categories

Categories

  • Heroku Architecture
    • Dynos (app containers)
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Command Line
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery
    • Continuous Integration
  • Language Support
    • Node.js
    • Ruby
      • Working with Bundler
      • Rails Support
    • Python
      • Background Jobs in Python
      • Working with Django
    • Java
      • Working with Maven
      • Java Database Operations
      • Working with Spring Boot
      • Java Advanced Topics
    • PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
    • Heroku Data For Redis
    • Apache Kafka on Heroku
    • Other Data Stores
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
    • Compliance
  • Heroku Enterprise
    • Private Spaces
      • Infrastructure Networking
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
    • Single Sign-on (SSO)
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Databases & Data Management
  • Connecting Heroku Data Services to MuleSoft

Connecting Heroku Data Services to MuleSoft

English — 日本語に切り替える

Last updated December 12, 2022

Table of Contents

  • Common Integration Use Cases
  • Configuring MuleSoft Connectors for the Common Runtime
  • Configuring MuleSoft Connectors for Private and Shield Heroku Services

This article is about accessing Heroku Data Services through MuleSoft. To use MuleSoft as an integration layer that connects external services to a Heroku App, see Integrating Heroku and the Salesforce Platform.

MuleSoft is an Integration Platform as a Service (IPaaS) for connecting multiple systems and services together so they can be accessed and managed from one central interface. This article describes how to connect Heroku Data Services (Heroku Postgres, Apache Kafka on Heroku, and Heroku Data for Redis) to the MuleSoft platform.

Common Integration Use Cases

There are many reasons you want to connect your Heroku data to MuleSoft. The most common use case is for users who are using Heroku Connect and Heroku Postgres to store and manage customer data from Salesforce. By connecting these Heroku data services to MuleSoft, you can access this data and integrate it with other services also connected to the MuleSoft platform. By using Heroku and MuleSoft together, you can take advantage of the data management flexibility on Heroku while still using any external services your app requires.

Configuring MuleSoft Connectors for the Common Runtime

Heroku data services like Redis, Apache Kafka, and Postgres can be integrated into MuleSoft using specific Connectors. This section highlights the three connectors necessary for connecting to Heroku data services running on the Common Runtime.

If you’re running Heroku Postgres in a private space, first read the next section: Configuring MuleSoft connectors for Private and Shield Heroku services.

Database Connector

The Database Connector allows you to connect to any JDBC-compliant database, which includes Heroku Postgres. To set up a Database Connector on the MuleSoft side, follow the instructions found in this MuleSoft article, “How to connect to Heroku Postgres using the MuleSoft Database Connector”.

Redis Connector

The Redis Connector allows you to connect to any Remote Dictionary Server, including Heroku Data for Redis. To set up a Redis Connector on the MuleSoft side, follow the instructions found in the Redis Connector documentation. The following information is necessary to configure the connector:

  • Connection: From the dropdown menu, select “NonClustered”
  • Host, Port, Password: These three fields are all in the REDIS_URL configuration variable for your application. The value for REDIS_URL is in the following format: rediss://h:<password>@<hostname>:<port>. Use these values when configuring the Redis Connector in MuleSoft.

This connector only works if you’re using Heroku Data for Redis in the Common Runtime. If you’re running Redis in a Private Space, see Configuring MuleSoft connectors for Private and Shield Heroku services.

Apache Kafka Connector

The Kafka Connector allows you to connect your Apache Kafka on Heroku cluster to the MuleSoft platform. To set up the Kafka Connector on the MuleSoft side, follow the instructions found in this MuleSoft article, “How to connect to Apache Kafka on Heroku using the MuleSoft Kafka Connector”.

This connector only works if you’re using Apache Kafka on Heroku in the Common Runtime. If you’re running Kafka in a Private Space, see Configuring MuleSoft connectors for Private and Shield Heroku services.

Configuring MuleSoft Connectors for Private and Shield Heroku Services

If you’re running Heroku Postgres, Heroku Data for Redis, or Apache Kafka on Heroku in a Private or Shield Private space, there’s additional configuration required to set up a secure and mutually authenticated channel between MuleSoft and Heroku. This section provides the additional information necessary to connect Heroku data services to MuleSoft when running in Private or Shield Private spaces.

Database Connector

Take these steps first, then configure the database connector as described earlier.

Allowlist Static External IPs

In order for Heroku Postgres to connect successfully to your MuleSoft application, you must add the MuleSoft application’s static external IP address to the allowlist in the Heroku mTLS configuration. Adding this IP to the allowlist enables MuleSoft access to connect to your Private Heroku Postgres database.

  1. Use the instructions from MuleSoft’s documentation, allocate a static IP for your application.
  2. Add the generated static IP to your mTLS allowlist following the instructions in this article, Connecting to a Private or Shield Heroku Postgres Database from an External Resource.

You can use your local machine’s public IP while developing locally in Anypoint Studio.

Download Client-Side Certificates

Use the Heroku CLI to download client-side certificates that authorize a connection between MuleSoft and Heroku. This process is described in Connecting to a Private or Shield Heroku Postgres Database from an External Resource.

Convert Client Private Key to Java-Understandable Format

If you followed the commands in the previous step, you now have a directory in your project called folder. One of the files in that folder is the client private key, which MuleSoft must know about in order to connect. In order for MuleSoft to be able to read that key, you must convert it to a Java-like format that MuleSoft is able to use.

To convert the key to its required format, you can run the following command from within your project directory. Before you run the command:

  • Make sure openssl is installed on your command line, otherwise this command returns an error.
  • Change <CLIENT_PRIVATE_KEY> to the name of the *.key file in your folder directory, usually something like PREFIX_postgresql.key.
$ openssl pkcs8 -topk8 -inform PEM -in <CLIENT_PRIVATE_KEY> -outform DER -nocrypt -out postgresql.key.der

Import Certificates to Your MuleSoft Application

In order for MuleSoft to access the certificates for the Heroku connection, it’s best to embed them within your MuleSoft application. Move all three files that were downloaded in folder into the src/main/resources directory of your MuleSoft application.

Configure Database Connection URL

After you’ve completed the steps above, you can create a connection URL to use with the MuleSoft database connector. The URL can be constructed using the following format:

jdbc:postgresql://<DB_HOST>:<DB_PORT>/<DB_NAME>?sslmode=verify-ca&sslcert=${mule.home}/apps/${app.name}/PREFIX_postgresql.crt&sslkey=${mule.home}/apps/${app.name}/postgresql.key.der&sslrootcert=${mule.home}/apps/${app.name}/PREFIX_root.crt
  • Replace <DB_HOST>, <DB_PORT>, and <DB_NAME> with values from your Heroku Postgres dashboard.
  • Leave ${mule.home} and ${app.name} as-is to be replaced at runtime by the Connector.

The Database Connector also asks for a Username and Password, which can both also be found in the Heroku Postgres dashboard.

Kafka Connector

Heroku Kafka running in a Private or Shield Space supports mutual TLS connection from external sources. If you wish to connect your Private or Shield Heroku Kafka with MuleSoft, you must add the external static IP of the MuleSoft application to the allowlist of mTLS configuration before following the instructions earlier for Kafka Connector.

Redis Connector

Heroku Data for Redis running in a Private Space only supports trusted connections from resources using AWS PrivateLink, which isn’t supported by MuleSoft. If you wish to connect your Private Heroku Data for Redis with MuleSoft, you must add the external static IP of the MuleSoft application to the allowlist of your Private Space before following the instructions earlier for Redis Connector. For more information on this service, see Trusted IP ranges for data services.

Keep reading

  • Databases & Data Management

Feedback

Log in to submit feedback.

PostgreSQL, libpq5.12.1, and Breaking Changes Impacting Connection Behavior Data Maintenance CLI Plugin Commands

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Podcasts
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing

Subscribe to our monthly newsletter

Your email address:

  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Heroku Podcasts
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Facebook
  • Instagram
  • Github
  • LinkedIn
  • YouTube
Heroku is acompany

 © Salesforce.com

  • heroku.com
  • Terms of Service
  • Privacy
  • Cookies
  • Cookie Preferences