Connecting Heroku Data Services to MuleSoft

Last updated December 12, 2022

This article is about accessing Heroku Data Services through MuleSoft. To use MuleSoft as an integration layer that connects external services to a Heroku App, see Integrating Heroku and the Salesforce Platform.

MuleSoft is an Integration Platform as a Service (IPaaS) for connecting multiple systems and services together so they can be accessed and managed from one central interface. This article describes how to connect Heroku Data Services (Heroku Postgres, Apache Kafka on Heroku, and Heroku Data for Redis) to the MuleSoft platform.

Common Integration Use Cases

There are many reasons you want to connect your Heroku data to MuleSoft. The most common use case is for users who are using Heroku Connect and Heroku Postgres to store and manage customer data from Salesforce. By connecting these Heroku data services to MuleSoft, you can access this data and integrate it with other services also connected to the MuleSoft platform. By using Heroku and MuleSoft together, you can take advantage of the data management flexibility on Heroku while still using any external services your app requires.

Configuring MuleSoft Connectors for the Common Runtime

Heroku data services like Redis, Apache Kafka, and Postgres can be integrated into MuleSoft using specific Connectors. This section highlights the three connectors necessary for connecting to Heroku data services running on the Common Runtime.

If you’re running Heroku Postgres in a private space, first read the next section: Configuring MuleSoft connectors for Private and Shield Heroku services.

Database Connector

The Database Connector allows you to connect to any JDBC-compliant database, which includes Heroku Postgres. To set up a Database Connector on the MuleSoft side, follow the instructions found in this MuleSoft article, “How to connect to Heroku Postgres using the MuleSoft Database Connector”.

Redis Connector

The Redis Connector allows you to connect to any Remote Dictionary Server, including Heroku Data for Redis. To set up a Redis Connector on the MuleSoft side, follow the instructions found in the Redis Connector documentation. The following information is necessary to configure the connector:

  • Connection: From the dropdown menu, select “NonClustered”
  • Host, Port, Password: These three fields are all in the REDIS_URL configuration variable for your application. The value for REDIS_URL is in the following format: rediss://h:<password>@<hostname>:<port>. Use these values when configuring the Redis Connector in MuleSoft.

This connector only works if you’re using Heroku Data for Redis in the Common Runtime. If you’re running Redis in a Private Space, see Configuring MuleSoft connectors for Private and Shield Heroku services.

Apache Kafka Connector

The Kafka Connector allows you to connect your Apache Kafka on Heroku cluster to the MuleSoft platform. To set up the Kafka Connector on the MuleSoft side, follow the instructions found in this MuleSoft article, “How to connect to Apache Kafka on Heroku using the MuleSoft Kafka Connector”.

This connector only works if you’re using Apache Kafka on Heroku in the Common Runtime. If you’re running Kafka in a Private Space, see Configuring MuleSoft connectors for Private and Shield Heroku services.

Configuring MuleSoft Connectors for Private and Shield Heroku Services

If you’re running Heroku Postgres, Heroku Data for Redis, or Apache Kafka on Heroku in a Private or Shield Private space, there’s additional configuration required to set up a secure and mutually authenticated channel between MuleSoft and Heroku. This section provides the additional information necessary to connect Heroku data services to MuleSoft when running in Private or Shield Private spaces.

Database Connector

Take these steps first, then configure the database connector as described earlier.

Allowlist Static External IPs

In order for Heroku Postgres to connect successfully to your MuleSoft application, you must add the MuleSoft application’s static external IP address to the allowlist in the Heroku mTLS configuration. Adding this IP to the allowlist enables MuleSoft access to connect to your Private Heroku Postgres database.

  1. Use the instructions from MuleSoft’s documentation, allocate a static IP for your application.
  2. Add the generated static IP to your mTLS allowlist following the instructions in this article, Connecting to a Private or Shield Heroku Postgres Database from an External Resource.

You can use your local machine’s public IP while developing locally in Anypoint Studio.

Download Client-Side Certificates

Use the Heroku CLI to download client-side certificates that authorize a connection between MuleSoft and Heroku. This process is described in Connecting to a Private or Shield Heroku Postgres Database from an External Resource.

Convert Client Private Key to Java-Understandable Format

If you followed the commands in the previous step, you now have a directory in your project called folder. One of the files in that folder is the client private key, which MuleSoft must know about in order to connect. In order for MuleSoft to be able to read that key, you must convert it to a Java-like format that MuleSoft is able to use.

To convert the key to its required format, you can run the following command from within your project directory. Before you run the command:

  • Make sure openssl is installed on your command line, otherwise this command returns an error.
  • Change <CLIENT_PRIVATE_KEY> to the name of the *.key file in your folder directory, usually something like PREFIX_postgresql.key.
$ openssl pkcs8 -topk8 -inform PEM -in <CLIENT_PRIVATE_KEY> -outform DER -nocrypt -out postgresql.key.der

Import Certificates to Your MuleSoft Application

In order for MuleSoft to access the certificates for the Heroku connection, it’s best to embed them within your MuleSoft application. Move all three files that were downloaded in folder into the src/main/resources directory of your MuleSoft application.

Configure Database Connection URL

After you’ve completed the steps above, you can create a connection URL to use with the MuleSoft database connector. The URL can be constructed using the following format:

jdbc:postgresql://<DB_HOST>:<DB_PORT>/<DB_NAME>?sslmode=verify-ca&sslcert=${mule.home}/apps/${app.name}/PREFIX_postgresql.crt&sslkey=${mule.home}/apps/${app.name}/postgresql.key.der&sslrootcert=${mule.home}/apps/${app.name}/PREFIX_root.crt
  • Replace <DB_HOST>, <DB_PORT>, and <DB_NAME> with values from your Heroku Postgres dashboard.
  • Leave ${mule.home} and ${app.name} as-is to be replaced at runtime by the Connector.

The Database Connector also asks for a Username and Password, which can both also be found in the Heroku Postgres dashboard.

Kafka Connector

Heroku Kafka running in a Private or Shield Space supports mutual TLS connection from external sources. If you wish to connect your Private or Shield Heroku Kafka with MuleSoft, you must add the external static IP of the MuleSoft application to the allowlist of mTLS configuration before following the instructions earlier for Kafka Connector.

Redis Connector

Heroku Data for Redis running in a Private Space only supports trusted connections from resources using AWS PrivateLink, which isn’t supported by MuleSoft. If you wish to connect your Private Heroku Data for Redis with MuleSoft, you must add the external static IP of the MuleSoft application to the allowlist of your Private Space before following the instructions earlier for Redis Connector. For more information on this service, see Trusted IP ranges for data services.

Feedback

Log in to submit feedback.