This article was contributed by the Customer Solutions Architecture team

Part of Heroku Developer Support, CSA helps Enterprise customers optimize and scale their applications on Heroku.

Connecting Heroku Data Services to MuleSoft

Last updated 04 November 2020

This article is about accessing Heroku Data Services through MuleSoft. To use MuleSoft as an integration layer that connects external services to a Heroku App, see Integrating Heroku and the Salesforce Platform.

MuleSoft is an Integration Platform as a Service (IPaaS) for connecting multiple systems and services together so they can be accessed and managed from one central interface. This article describes how to connect Heroku Data Services (Heroku Postgres, Apache Kafka on Heroku, and Heroku Redis) to the MuleSoft platform.

Heroku Enterprise customers can request in-depth guidance on this topic from the Customer Solutions Architecture team.

Common integration use cases

There are many reasons you might want to connect your Heroku data to MuleSoft, but the most common use case is users who are using Heroku Connect and Heroku Postgres to store and manage customer data from Salesforce. By connecting these Heroku data services to MuleSoft, you can access this data and integrate it with other services also connected to the MuleSoft platform. By using Heroku and MuleSoft together, you can take advantage of the data management flexibility on Heroku while still using any external services your app requires.

Configuring MuleSoft connectors for the Common Runtime

Heroku data services like Redis, Apache Kafka, and Postgres can be integrated into MuleSoft using specific Connectors. This section highlights the three connectors necessary for connecting to Heroku data services running on the Common Runtime.

If you are running Heroku Postgres in a private space, first read the next section: “Configuring MuleSoft connectors for Private and Shield Heroku services”.

Database Connector

The Database Connector allows you to connect to any JDBC-compliant database, which includes Heroku Postgres. To set up a Database Connector on the MuleSoft side, follow the instructions found in this MuleSoft article, “How to connect to Heroku Postgres using the MuleSoft Database Connector”.

Redis Connector

The Redis Connector allows you to connect to any Remote Dictionary Server, including Heroku Redis. To set up a Redis Connector on the MuleSoft side, follow the instructions found in the Redis Connector documentation. The following information will be necessary to configure the connector:

  • Connection: From the drop-down menu, select “NonClustered”
  • Host, Port, Password: These three fields are all located in the REDIS_URL configuration variable for your application. The value for REDIS_URL is in the following format: rediss://h:<password>@<hostname>:<port>. Use these values when configuring the Redis Connector in MuleSoft.

This connector will only work if you’re using Heroku Redis in the Common Runtime — if you’re running Redis in a Private Space, see Configuring MuleSoft connectors for Private and Shield Heroku services.

Apache Kafka Connector

The Kafka Connector allows you to connect your Apache Kafka on Heroku cluster to the MuleSoft platform. To set up the Kafka Connector on the MuleSoft side, follow the instructions found in this MuleSoft article, “How to connect to Apache Kafka on Heroku using the MuleSoft Kafka Connector”.

This connector will only work if you’re using Apache Kafka on Heroku in the Common Runtime — if you’re running Kafka in a Private Space, see see Configuring MuleSoft connectors for Private and Shield Heroku services.

Configuring MuleSoft connectors for Private and Shield Heroku services

If you are running Heroku Postgres, Heroku Redis, or Apache Kafka on Heroku in a Private or Shield Private space, there is additional configuration required to set up a secure and mutually-authenticated channel between MuleSoft and Heroku. This section provides the additional information necessary to connect Heroku data services to MuleSoft when running in Private or Shield Private spaces.

Database Connector

Take these steps first, then configure the database connector as described above

Whitelist static external IPs

In order for Heroku Postgres to connect successfully to your MuleSoft application, you must add the MuleSoft application’s static external IP address to the allowlist in Heroku mTLS configuration. Adding this IP to the allowlist will enable MuleSoft access to connect to your Private Heroku Postgres database.

  1. Using the instructions from MuleSoft’s documentation, allocate a static IP for your application.
  2. Add the generated static IP to your mTLS allowlist following the instructions in this article, Connecting to a Private or Shield Heroku Postgres Database from an External Resource

You can use your local machine’s public IP while developing locally in Anypoint Studio.

Download client-side certificates

Use the Heroku CLI to download client-side certificates that will authorize a connection between MuleSoft and Heroku. This process is described in Connecting to a Private or Shield Heroku Postgres Database from an External Resource.

Convert client private key to Java-understandable format

If you followed the commands in the previous step, you should now have a directory in your project called folder. One of the files in that folder is the client private key, which MuleSoft needs to know about in order to connect. In order for MuleSoft to be able to read that key, you need to convert it to a Java-like format that MuleSoft will be able to use.

To convert the key to its required format, you can run the following command from within your project directory. Before you run the command:

  • Make sure openssl is installed on your command line, otherwise this command will error.
  • Change <CLIENT_PRIVATE_KEY> to the name of the *.key file in your folder directory, usually something like PREFIX_postgresql.key
$ openssl pkcs8 -topk8 -inform PEM -in <CLIENT_PRIVATE_KEY> -outform DER -nocrypt -out postgresql.key.der

Import certificates to your MuleSoft application

In order for MuleSoft to access the certificates for the Heroku connection, it is best to embed them within your MuleSoft application. Move all three files that were downloaded in folder into the src/main/resources directory of your MuleSoft application.

Configure database connection URL

Once you’ve completed the steps above, you can create a connection URL to use with the MuleSoft database connector. The URL can be constructed using the following format.

jdbc:postgresql://<DB_HOST>:<DB_PORT>/<DB_NAME>?sslmode=verify-ca&sslcert=${mule.home}/apps/${app.name}/PREFIX_postgresql.crt&sslkey=${mule.home}/apps/${app.name}/postgresql.key.der&sslrootcert=${mule.home}/apps/${app.name}/PREFIX_root.crt
  • Replace <DB_HOST>, <DB_PORT>, and <DB_NAME> with values from your Heroku Postgres dashboard.
  • Leave ${mule.home} and ${app.name} as-is to be replaced at runtime by the Connector

The Database Connector will also ask for a Username and Password, which can both also be found in the Heroku Postgres dashboard.

Kafka Connector

Heroku Kafka running in a Private or Shield Space supports mutual TLS connection from external sources. If you wish to connect your Private or Shield Heroku Kafka with MuleSoft, you must add the external static IP of the MuleSoft application to the allowlist of mTLS configuration before following the instructions above for Kafka Connector.

Redis Connector

Heroku Redis running in a Private Space will only support trusted connections from resources using AWS PrivateLink, which is not supported by MuleSoft. If you wish to connect your Private Heroku Redis with MuleSoft, you must add the external static IP of the MuleSoft application to the allowlist of your Private Space before following the instructions above for Redis Connector. For more information on this service, see Trusted IP ranges for data services.

Feedback

Log in to submit feedback.