Security

EAI endpoint: admin/passwords ?

mw
Splunk Employee
Splunk Employee

I was poking around the Twitter app, and noticed that its setup.xml utilizes an admin/passwords endpoint to, I believe, store and retrieve twitter credentials:

From the setup.xml

    <block title="Add Twitter Account Info" endpoint="admin/passwords" entity="_new">
            <input field="name">
                    <label>Username</label>
                    <type>text</type>
            </input>
            <input field="password">
                    <label>Password</label>
                    <type>password</type>
            </input>
    </block>

From the scripted input:

def getCredentials(sessionKey):
   try:
      entities = entity.getEntities(['admin', 'passwords'], namespace='twitter', owner='nobody', sessionKey=sessionKey) 
   except Exception, e:
      sys.stderr.write("Could not get Twitter credentials from splunk. Error: %s" % (str(e)))
      exit(1)

   for i, c in entities.items(): 
        return c['username'], c['clear_password']

I'm quite intrigued. I could use this functionality, but I can't find any documentation on what it's actually doing or how to use it properly. In particular, I have a need to potentially store multiple sets of credentials, so I'd be curious whether that's possible. Where can I find some docs on this?

Tags (2)
1 Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm 

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

View solution in original post

Ledion_Bitincka
Splunk Employee
Splunk Employee

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm 

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...