I want to encrypt some values in my conf files.
I have referred the example in the following documentation to modify the values. It works but I want some values to be encrypted, like passwords in app.conf or authentication.conf.
"Setup screen example using a custom endpoint"
mysetting.conf
[settingentity]
field_1 = password
field_2_boolean = 1
field_3 = 100
And when I use them, they can be decrypted. So they would have to be input only once.
I have this very same issue but with multiple sets of username and passwords in a single app. The specific use case is that the scripted input invokes three HTTPS endpoints each with its own set of credentials. In addition, each endpoint has custom fields that it uses to configure the connection to the respective endpoint. Any idea how this can be achieved?
The correct way to get the sessionKey off of stdin is the following:
sessionKey = urllib.unquote( sys.stdin.readline().strip()[ len("sessionKey="):] ).decode('utf8')
Many thanks to George Starcher for the solution above (for versions > 6.1)
SPLUNK DOC FOLKS - Neither George, nor I were able to find this tidbit from the splunk docs.
No problem.
George - do you have any ideas on how to store and retrieve encrypted parameters without requiring the user to have 'admin_all_objects' capability??
@robertlight, you should check out this blog post: http://www.georgestarcher.com/splunk-alert-scripts-automating-control/
It covers how to use encrypted credentials in scripted inputs.
sessionKey is given to scripts (via stdin) when they are called from splunk alerts as they are fired.
I still don't see how I can decrypt something like auth_password from alert_actions.conf
Has anyone figured this out?
Here's how I did it:
sessionKey = cherrypy.session['sessionKey']
ent = entity.getEntity('admin/alert_actions', 'email', namespace='myApp', owner='admin', sessionKey=sessionKey)
I have tried the following WITHOUT success:
sessionKey = sys.stdin.readline()
sessionKey = sessionKey[len("sessionKey="):]
ent = entity.getEntity('admin/alert_actions', 'email',namespace='myAppName', owner='nobody', sessionKey=sessionKey)
if 'auth_username' in ent and 'clear_password' in ent:
print("auth_username="+ent["auth_username"]+" clear_password="+ent["clear_password"])
else:
print("entity info not found!!")
Jason,
Thank for your post!
DB Connect is a nice app! I have tried it. But I would like a lighter one. I'm now thinking of using custom scripts or third-part library for the purpose as you said.
I really appreciate your comments!
This would be useful for custom scripts where you need to store a password. The Splunk DB Connect app (http://splunk-base.splunk.com/apps/50803/splunk-db-connect) has automatic encrypting passwords, but perhaps because this app was integrated into Splunk's password encryption routine.