camel harden
Suggest security hardening for Camel routes using AI/LLM
Options
| Option | Description | Default | Type |
|---|---|---|---|
| API key for authentication. Also reads OPENAI_API_KEY or LLM_API_KEY env vars | String | |
| API type: 'ollama' or 'openai' (OpenAI-compatible) | ollama | ApiType |
| Include Camel Catalog descriptions in the prompt | boolean | |
| Output format: text, markdown | text | String |
| Model to use | DEFAULT_MODEL | String |
| Show the prompt sent to the LLM | boolean | |
| Stream the response as it’s generated (shows progress) | true | boolean |
| Custom system prompt | String | |
| Temperature for response generation (0.0-2.0) | 0.7 | double |
| Timeout in seconds for LLM response | 120 | int |
| LLM API endpoint URL. Auto-detected from 'camel infra' for Ollama if not specified. | String | |
| Include detailed security recommendations with code examples | boolean | |
| Display the help and sub-commands | boolean |
Examples
The camel harden command uses AI/LLM to analyze Camel routes and provide security hardening recommendations. It supports multiple LLM providers including Ollama (local), OpenAI, Azure OpenAI, vLLM, LM Studio, and LocalAI.
Basic Usage
Analyze a YAML route for security issues:
camel harden my-route.yamlAnalyze a Java route:
camel harden OrderRoute.javaAnalyze multiple route files:
camel harden route1.yaml route2.xml MyRoute.javaSecurity Analysis Focus
The harden command analyzes routes for these security concerns:
-
Authentication & Authorization - Missing or weak authentication, credential exposure
-
Encryption & Data Protection - TLS/SSL configuration, data in transit security
-
Secrets Management - Hardcoded credentials, vault integration recommendations
-
Input Validation & Injection Prevention - SQL, command, and path traversal vulnerabilities
-
Secure Component Configuration - Insecure defaults, missing security headers
-
Logging & Monitoring - Sensitive data in logs, audit trail recommendations
Output Options
Use verbose mode for detailed recommendations with code examples:
camel harden my-route.yaml --verboseOutput as Markdown for documentation:
camel harden my-route.yaml --format=markdownPrompt Options
Include Camel Catalog descriptions for component-specific security advice:
camel harden my-route.yaml --catalog-contextShow the prompt sent to the LLM (useful for debugging):
camel harden my-route.yaml --show-promptUse a custom system prompt:
camel harden my-route.yaml --system-prompt="Focus on OWASP Top 10 vulnerabilities."LLM Configuration
Use OpenAI or compatible services:
camel harden my-route.yaml --url=https://api.openai.com --api-type=openai --api-key=sk-...Use environment variables for the API key:
export OPENAI_API_KEY=sk-...
camel harden my-route.yaml --url=https://api.openai.com --api-type=openaiUse a specific model:
camel harden my-route.yaml --model=llama3.1:70bAdvanced Options
Disable streaming (wait for complete response):
camel harden my-route.yaml --stream=falseAdjust temperature (0.0 = deterministic, 2.0 = creative):
camel harden my-route.yaml --temperature=0.3Set a custom timeout (in seconds):
camel harden my-route.yaml --timeout=300Security Findings Severity Levels
The harden command categorizes findings by severity:
-
Critical - Immediate security risks (command injection, hardcoded credentials, disabled TLS)
-
High - Significant security concerns (HTTP instead of HTTPS, SQL injection risk, plain FTP)
-
Medium - Moderate security issues (missing authentication hints, path validation concerns)
-
Low - Minor security improvements (missing optional security headers)
Example Workflow
A typical security review workflow:
# 1. First, understand what the route does
camel explain my-route.yaml
# 2. Perform security analysis
camel harden my-route.yaml
# 3. Get detailed recommendations with code examples
camel harden my-route.yaml --verbose --format=markdown
# 4. Full analysis with catalog context
camel harden my-route.yaml --catalog-context --verbose