Can you hide the credentials in the curl command f...

mux · ‎09-01-2016

I need to update ownership of searches after converting to a search head cluster environmen,t and from my understanding, we cannot edit the files anymore for replication to work, so I am doing it via the CLI commands using curl, but that does get syslogged which contains the Splunk creds. Is there a way to get it to prompt for a userid/password ?

sloshburch · ‎09-02-2016

Let's take a step back:

Why do you need to convert ownership? That shouldn't be a requirement of switching to SHC.
I believe the recommended approach is to bundle your SHP knowledge objects into an app that you put on the deployer. Then have the deployer push that out to the SHC.
Therefore, if you needed the owner changed, you could do it on the deployer's local.meta and that would address the challenge.

Let me know if you want to talk in real time offline. It sounds like there's a few implementation plan details worth talking our way through.

somesoni2 · ‎09-01-2016

You can write a wrapper script to prompt for credentials and run the curl command.

tomapatan · ‎04-18-2023

Sorry to bring up such an old topic, but would really appreciate if you could share an example.

Can you hide the credentials in the curl command from the CLI to prevent my Splunk credentials from getting syslogged?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases