All Apps and Add-ons

Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

desmondpigott
Explorer

We got the Add-on for JIRA for Splunk Enterprise working ( https://splunkbase.splunk.com/app/1438/ ) however it requires us to authenticate using credentials that are stored in clear text in C:\Program Files\Splunk\etc\apps\jira\local\config.ini, according to the instructions.

Is there some way to avoid that, and have the Splunk end user SSO against it instead? We require this for 2 reasons:
1. For obvious security reasons, we don't want to store the password in plain text on the file system.
2. The account used in config.ini will not necessarily have access to all the JIRA projects anyway, and as a result not return all stories/issues that we're querying for. Each user will be querying for issues in JIRA projects that other users may not have access to. We could use a JIRA admin account, but then refer to point #1 above.

Bonus question: Is there a way to query multiple JIRA instances? We have a few instances that we'd like to reach into at the same time.

0 Karma

Flynt
Splunk Employee
Splunk Employee

So the answer to this is yes and no. In its current iteration, the command cannot do multiple instances and accounts without further modification.

I do however have an unpublished version that encrypts the passwords and allows for different instances. If you're interested in evaluating the version, please contact me for further details. Note that the evaluation version is just that and not fully tested as of yet.

pradeepkumarg
Influencer

Hi @Flynt Any update on general availability for this? If not, I am interested in the unpublished version that has encryption and supports multiple instances.

0 Karma

nil00051
New Member

Hi Flynt, is it planned to be upgraded on the Splunk Base as new version any time soon? Can you send me the test version of the app unless you have identified significant issue with the version by now.

0 Karma

desmondpigott
Explorer

Thanks Flynt, and yes I'd be interested in trying out the unpublished version with encryption. How can we make the arrangement?

0 Karma

Flynt
Splunk Employee
Splunk Employee

I've sent an email to your account, if you did not receive it please let me know. You can always email me as well so we can get you the code.

0 Karma

Flynt
Splunk Employee
Splunk Employee

Sorry, it's in my profile. You can reach me at fdeboer@splunk.com.

0 Karma

desmondpigott
Explorer

Sorry Flynt, I never received anything, and I can't see any way to email you via Splunk> answers. Am I overlooking something.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...