Security

Save more than one password using setup.xml OR "storage/passwords"

pbankar
Path Finder

I faced a challenge and tried many things to work around for saving 2 passwords in the password.conf at the same time using the setup.xml.

  1. Is the Credential
  2. Is the Client Certificate Passphrase

Setup.xml code:

 <setup>
        <block title="Credentials" endpoint="storage/passwords" entity="_new">
            <text> Leave username/password blank, if you have already set it up.</text>
            <input field="realm"> 
                <label>Role</label> 
                <type>text</type> 
            </input> 
            <input field="name">
                <label>Username</label>
                <type>text</type>
            </input>

            <input field="password">
                <label>Password</label>
                <type>password</type>
            </input>        
        </block>

        <block title="Client Certificate" endpoint="myapp/myapp_configure" entity="setupentity">
            <input field="use_ca">
                <label>Use a Client certificate for authentication</label>
                <type>bool</type>
            </input>

            <input field="ca_path">
                <label>Path to client CA certificate </label>
                <type>text</type>
            </input>
            <input field="ca_key">
                <label>Path to client CA certificate key </label>
                <type>text</type>
            </input>        
        </block>

        <block title="Client Certificate Passphrase" endpoint="storage/passwords" entity="_new">        
            <input field="ca_pass">
                <label>Passphrase for client CA certificate</label>
                <type>password</type>
            </input>
        </block>
    </setup>

The Passphrase is not saved.
P.S. I have created the python handler, default/myapp.conf with all the fields. The restmap.conf also has endpoint="myapp/myapp_configure". The Credentials are saved with Role/realm.

0 Karma

pbankar
Path Finder

I got an answer for this problem using the import splunklib.client as client in the <app>_splunk_setup_handler.py script.
I'm saving the password in my app/local/password.conf and retrieving it using the splunk session and service.storage_passwords.

Created these 2 type of methods:

'''Get clear password'''
def get_password(session_key, username, realm):
    args = {'token': session_key, 'app': "my_app"}
    service = client.connect(**args)
    try:
        # Retrieve the password from the storage/passwords endpoint
        for storage_password in service.storage_passwords:
            if storage_password.username == username and storage_password.realm == realm:
                return storage_password.content.clear_password
    except Exception, e:
        raise Exception, "An error occurred while decrypting credentials. Details: %s" % str(e)

'''Encripting the password'''
def encrypt_password(service, ca_pass, username, realm):
    try:
        # If the credential already exists, delete it.
        for storage_password in service.storage_passwords:
            if storage_password.username == username and storage_password.realm == realm:
                service.storage_passwords.delete(username, realm)
        # Create the credential.
        password = service.storage_passwords.create(ca_pass, username, realm)
        return password.encrypted_password
    except Exception, e:
        raise Exception, "An error occurred while encrypting credentials. Details: %s" % str(e)

starcher
SplunkTrust
SplunkTrust

I would recommend using the Splunk add on builder. It provides UI etc for handling credentials and whatever inputs or alerts you are making.

pbankar
Path Finder

Thanks, @starcher for your input. I'm looking for a code level solution.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...