Re: How do I get properly encrypted credentials in...

wegscd · ‎11-19-2015

"Safe" (non-cleartext) storage of credentials in password.conf accessed via the /storage/password endpoint is well documented, as well as configuring them using an app-specific setup screen.

What if I want to deploy via Deployment Server? How do I get properly encrypted credentials into password.conf?

mreynov_splunk · ‎11-19-2015

This may be helpful: http://docs.splunk.com/Documentation/Splunk/6.0/Security/Deploysecurepasswordsacrossmultipleservers

wegscd · ‎11-23-2015

I'm missing the connection between this and the /storage/password endpoint?

dwaddle · ‎11-23-2015

The connection is implied. Anywhere you see Splunk storing an encrypted password using the form $1$ this is Splunk's symmetric password encryption. The content of splunk.secret is used as an encryption key in this scheme.

If your servers all use the same splunk.secret file, then you can push a pre-encrypted password directly using deployment server. If your servers do not all use the same splunk.secret, you're hosed.

How do I get properly encrypted credentials into password.conf deployed from a Deployment Server?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases