topic Re: How to encrypt and decrypt values in my conf files in Security

How to encrypt and decrypt values in my conf files

lzhang_soliton — Thu, 13 Sep 2012 10:18:12 GMT

I want to encrypt some values in my conf files.

I have referred the example in the following documentation to modify the values. It works but I want some values to be encrypted, like passwords in app.conf or authentication.conf.

"Setup screen example using a custom endpoint"

mysetting.conf
[settingentity]
field_1 = password
field_2_boolean = 1
field_3 = 100

And when I use them, they can be decrypted. So they would have to be input only once.

Re: How to encrypt and decrypt values in my conf files

Jason — Wed, 13 Mar 2013 11:51:27 GMT

This would be useful for custom scripts where you need to store a password. The Splunk DB Connect app (http://splunk-base.splunk.com/apps/50803/splunk-db-connect) has automatic encrypting passwords, but perhaps because this app was integrated into Splunk's password encryption routine.

Re: How to encrypt and decrypt values in my conf files

lzhang_soliton — Thu, 14 Mar 2013 03:09:28 GMT

Jason,
Thank for your post!
DB Connect is a nice app! I have tried it. But I would like a lighter one. I'm now thinking of using custom scripts or third-part library for the purpose as you said.
I really appreciate your comments!

Re: How to encrypt and decrypt values in my conf files

robertlight — Tue, 29 Sep 2020 07:04:09 GMT

sessionKey is given to scripts (via stdin) when they are called from splunk alerts as they are fired.

I still don't see how I can decrypt something like auth_password from alert_actions.conf

Has anyone figured this out?

Re: How to encrypt and decrypt values in my conf files

robertlight — Wed, 26 Aug 2015 18:49:40 GMT

I have tried the following WITHOUT success:

sessionKey = sys.stdin.readline()
 sessionKey = sessionKey[len("sessionKey="):]

ent = entity.getEntity('admin/alert_actions', 'email',namespace='myAppName', owner='nobody', sessionKey=sessionKey)
if 'auth_username' in ent and 'clear_password' in ent:
   print("auth_username="+ent["auth_username"]+"   clear_password="+ent["clear_password"])
else:
   print("entity info not found!!")

Re: How to encrypt and decrypt values in my conf files

alacercogitatus — Thu, 27 Aug 2015 15:49:09 GMT

@robertlight, you should check out this blog post: http://www.georgestarcher.com/splunk-alert-scripts-automating-control/

It covers how to use encrypted credentials in scripted inputs.

Re: How to encrypt and decrypt values in my conf files

robertlight — Tue, 08 Sep 2015 14:31:10 GMT

The correct way to get the sessionKey off of stdin is the following:

sessionKey = urllib.unquote( sys.stdin.readline().strip()[ len("sessionKey="):] ).decode('utf8')

Many thanks to George Starcher for the solution above (for versions > 6.1)

SPLUNK DOC FOLKS - Neither George, nor I were able to find this tidbit from the splunk docs.

Re: How to encrypt and decrypt values in my conf files

starcher — Tue, 08 Sep 2015 14:40:00 GMT

No problem.

Re: How to encrypt and decrypt values in my conf files

robertlight — Wed, 21 Oct 2015 14:31:17 GMT

Here's how I did it:

sessionKey = cherrypy.session['sessionKey']
ent = entity.getEntity('admin/alert_actions', 'email', namespace='myApp', owner='admin', sessionKey=sessionKey)

Re: How to encrypt and decrypt values in my conf files

robertlight — Tue, 29 Sep 2020 07:39:06 GMT

George - do you have any ideas on how to store and retrieve encrypted parameters without requiring the user to have 'admin_all_objects' capability??

Re: How to encrypt and decrypt values in my conf files

sureshks — Mon, 03 Apr 2017 19:44:19 GMT

I have this very same issue but with multiple sets of username and passwords in a single app. The specific use case is that the scripted input invokes three HTTPS endpoints each with its own set of credentials. In addition, each endpoint has custom fields that it uses to configure the connection to the respective endpoint. Any idea how this can be achieved?