topic Re: Save more than one password using setup.xml OR "storage/passwords" in Security

Save more than one password using setup.xml OR "storage/passwords"

pbankar — Tue, 17 Apr 2018 04:11:31 GMT

I faced a challenge and tried many things to work around for saving 2 passwords in the password.conf at the same time using the setup.xml.

Is the Credential
Is the Client Certificate Passphrase

Setup.xml code:

 <setup>
        <block title="Credentials" endpoint="storage/passwords" entity="_new">
            <text> Leave username/password blank, if you have already set it up.</text>
            <input field="realm"> 
                <label>Role</label> 
                <type>text</type> 
            </input> 
            <input field="name">
                <label>Username</label>
                <type>text</type>
            </input>

            <input field="password">
                <label>Password</label>
                <type>password</type>
            </input>        
        </block>

        <block title="Client Certificate" endpoint="myapp/myapp_configure" entity="setupentity">
            <input field="use_ca">
                <label>Use a Client certificate for authentication</label>
                <type>bool</type>
            </input>

            <input field="ca_path">
                <label>Path to client CA certificate </label>
                <type>text</type>
            </input>
            <input field="ca_key">
                <label>Path to client CA certificate key </label>
                <type>text</type>
            </input>        
        </block>

        <block title="Client Certificate Passphrase" endpoint="storage/passwords" entity="_new">        
            <input field="ca_pass">
                <label>Passphrase for client CA certificate</label>
                <type>password</type>
            </input>
        </block>
    </setup>

The Passphrase is not saved.
P.S. I have created the python handler, default/myapp.conf with all the fields. The restmap.conf also has endpoint="myapp/myapp_configure". The Credentials are saved with Role/realm.

Re: Save more than one password using setup.xml OR "storage/passwords"

starcher — Wed, 18 Apr 2018 02:51:07 GMT

I would recommend using the Splunk add on builder. It provides UI etc for handling credentials and whatever inputs or alerts you are making.

Re: Save more than one password using setup.xml OR "storage/passwords"

pbankar — Wed, 18 Apr 2018 06:22:31 GMT

Thanks, @starcher for your input. I'm looking for a code level solution.

Re: Save more than one password using setup.xml OR "storage/passwords"

pbankar — Mon, 14 May 2018 05:24:30 GMT

I got an answer for this problem using the import splunklib.client as client in the <app>_splunk_setup_handler.py script.
I'm saving the password in my app/local/password.conf and retrieving it using the splunk session and service.storage_passwords.

Created these 2 type of methods:

'''Get clear password'''
def get_password(session_key, username, realm):
    args = {'token': session_key, 'app': "my_app"}
    service = client.connect(**args)
    try:
        # Retrieve the password from the storage/passwords endpoint
        for storage_password in service.storage_passwords:
            if storage_password.username == username and storage_password.realm == realm:
                return storage_password.content.clear_password
    except Exception, e:
        raise Exception, "An error occurred while decrypting credentials. Details: %s" % str(e)

'''Encripting the password'''
def encrypt_password(service, ca_pass, username, realm):
    try:
        # If the credential already exists, delete it.
        for storage_password in service.storage_passwords:
            if storage_password.username == username and storage_password.realm == realm:
                service.storage_passwords.delete(username, realm)
        # Create the credential.
        password = service.storage_passwords.create(ca_pass, username, realm)
        return password.encrypted_password
    except Exception, e:
        raise Exception, "An error occurred while encrypting credentials. Details: %s" % str(e)