Getting Data In

How to access encrypted credentials (API: storage/passwords) from modular input script

lukasz92
Communicator

I am writing a modular input Python script, and need to access encrypted credentials.
How to do it?

If I have a cherrypy sessionkey (and other API data), I could do an REST API request.
I tried to understand how it was done in DBConnect app, but I didn't get the idea.

1 Solution

Damien_Dallimor
Ultra Champion

The REST session key is passed to the Mod Input runtime at invocation via STDIN in an XML document in the session_key element :

alt text

Have a look at this code to see how I obtained the session key and used it to do a rest callback (Just search the source for "session_key" and follow the logic).

View solution in original post

Damien_Dallimor
Ultra Champion

The REST session key is passed to the Mod Input runtime at invocation via STDIN in an XML document in the session_key element :

alt text

Have a look at this code to see how I obtained the session key and used it to do a rest callback (Just search the source for "session_key" and follow the logic).

awurster
Contributor

Damien -

two follow up questions to this...

  1. how do you encrypt the credentials in the first place (using python)?

i've got password (among other vars) stored in a local/input.conf in the clear which i'd like to encrypt using splunk's server key. i have my .xml setup page, custom input.conf.spec written, and modular input script all working - just need to encrypt the password now.

  1. how do i force the "inputs.conf" to be written into my local app once created in modular inputs instead of going to the default search/local directory?
0 Karma

Damien_Dallimor
Ultra Champion

Regarding the inputs.conf directory...ensure that you browse to the "Data Inputs" page within the context of your target app , and not the search app.

ie:

http://localhost:8000/en-US/manager/YOURAPPNAME/datainputstats

halr9000
Motivator
  1. You can use setup.xml w/input field type "password" to have Splunk do the encryption (see this old example).

Note that this technique does not work across systems, as the splunk server key is unique per system. So, in a SHC for example, this might be a problem. Otherwise, you could use Python or whatever to do the encryption using another technique, but then you have to do more work yourself.

0 Karma

awurster
Contributor

thanks hal. is it possible to combine this approach with modular inputs however?

i am using inputs.conf.spec and modinput.xml to control setup and config values, rather than the setup.xml you mentioned.

http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ModInputsSpec

i have the following in my modinput.xml:

<element name="password" type="password" label="Password">
  <view name="edit"/>
  <view name="create"/>
  <key name="exampleText">Password of the account to authenticate with (i.e. 'Abc123!').  This gets obfuscated using the built-in Splunk auth facilities. No Defaults.</key>
</element>

can i make it work with the modular inputs config approach??

0 Karma

Damien_Dallimor
Ultra Champion

Currently you would need to write some custom code in the Modular Input to access the stored credentials as per the link Hal posted as the encryption/decryption of password fields is not handled within the Modular Inputs framework currently (but it would be a nice feature to have)

awurster
Contributor

hey @Damien Dallimore - similar question.. but this time for a django-based app. anyway we can easily save credentials in encrypted if using django?

the following example discussed masking the passwords to the end-user for display, but does not encrypt in-file.

http://dev.splunk.com/view/webframework-djangobindings/SP-CAAAETW

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...