camel harden
Suggest security hardening for Camel routes using AI/LLM
Options
| Option | Description | Default | Type |
|---|---|---|---|
|
API key for authentication. Also reads OPENAI_API_KEY or LLM_API_KEY env vars |
String |
|
|
API type: 'ollama' or 'openai' (OpenAI-compatible) |
ollama |
ApiType |
|
Include Camel Catalog descriptions in the prompt |
boolean |
|
|
Output format: text, markdown |
text |
String |
|
Model to use |
DEFAULT_MODEL |
String |
|
Show the prompt sent to the LLM |
boolean |
|
|
Stream the response as it’s generated (shows progress) |
true |
boolean |
|
Custom system prompt |
String |
|
|
Temperature for response generation (0.0-2.0) |
0.7 |
double |
|
Timeout in seconds for LLM response |
120 |
int |
|
LLM API endpoint URL. Auto-detected from 'camel infra' for Ollama if not specified. |
String |
|
|
Include detailed security recommendations with code examples |
boolean |
|
|
Display the help and sub-commands |
boolean |
Examples
The camel harden command uses AI/LLM to analyze Camel routes and provide security hardening recommendations.
It supports multiple LLM providers including Ollama (local), OpenAI, Azure OpenAI, vLLM, LM Studio, and LocalAI.
Basic Usage
Analyze a YAML route for security issues:
camel harden my-route.yamlAnalyze a Java route:
camel harden OrderRoute.javaAnalyze multiple route files:
camel harden route1.yaml route2.xml MyRoute.javaSecurity Analysis Focus
The harden command analyzes routes for these security concerns:
-
Authentication & Authorization - Missing or weak authentication, credential exposure
-
Encryption & Data Protection - TLS/SSL configuration, data in transit security
-
Secrets Management - Hardcoded credentials, vault integration recommendations
-
Input Validation & Injection Prevention - SQL, command, and path traversal vulnerabilities
-
Secure Component Configuration - Insecure defaults, missing security headers
-
Logging & Monitoring - Sensitive data in logs, audit trail recommendations
Output Options
Use verbose mode for detailed recommendations with code examples:
camel harden my-route.yaml --verboseOutput as Markdown for documentation:
camel harden my-route.yaml --format=markdownPrompt Options
Include Camel Catalog descriptions for component-specific security advice:
camel harden my-route.yaml --catalog-contextShow the prompt sent to the LLM (useful for debugging):
camel harden my-route.yaml --show-promptUse a custom system prompt:
camel harden my-route.yaml --system-prompt="Focus on OWASP Top 10 vulnerabilities."LLM Configuration
Use OpenAI or compatible services:
camel harden my-route.yaml --url=https://api.openai.com --api-type=openai --api-key=sk-...Use environment variables for the API key:
export OPENAI_API_KEY=sk-...
camel harden my-route.yaml --url=https://api.openai.com --api-type=openaiUse a specific model:
camel harden my-route.yaml --model=llama3.1:70bAdvanced Options
Disable streaming (wait for complete response):
camel harden my-route.yaml --stream=falseAdjust temperature (0.0 = deterministic, 2.0 = creative):
camel harden my-route.yaml --temperature=0.3Set a custom timeout (in seconds):
camel harden my-route.yaml --timeout=300Security Findings Severity Levels
The harden command categorizes findings by severity:
-
Critical - Immediate security risks (command injection, hardcoded credentials, disabled TLS)
-
High - Significant security concerns (HTTP instead of HTTPS, SQL injection risk, plain FTP)
-
Medium - Moderate security issues (missing authentication hints, path validation concerns)
-
Low - Minor security improvements (missing optional security headers)
Example Workflow
A typical security review workflow:
# 1. First, understand what the route does
camel explain my-route.yaml
# 2. Perform security analysis
camel harden my-route.yaml
# 3. Get detailed recommendations with code examples
camel harden my-route.yaml --verbose --format=markdown
# 4. Full analysis with catalog context
camel harden my-route.yaml --catalog-context --verbose