https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160219#M4789 <P>This command (after you do <CODE>cd $SPLUNK_HOME</CODE>) will show you any file which contains a splunk-encrypted password (and a whole bunch of other binary files, *.js files and other irrelevant junk). The (properly filtered output) will show you which files WILL BREAK when you change the <CODE>secret</CODE> file. You then go figure out how to re-input the password for those "things". For example, many people use <CODE>LDAP</CODE> for authentication to get into Splunk search heads. This means that the Search Head stored credentials to access AD. This password is encrypted with the <CODE>secret</CODE> and stored in <CODE>$SPLUNK_HOME/etc/system/local/authentication.conf</CODE> as <CODE>bindDNpassword</CODE>. If this is the case for you, then this file will be identified by the <CODE>grep</CODE> command. </P> Tue, 18 Jul 2017 16:09:23 GMT woodcock 2017-07-18T16:09:23Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160216#M4786 <P>Is there a list of all possible instances of hashed passwords in Splunk that are based on the splunk.secret? I'm investigating what the effort is to get our splunk.secret in sync for existing servers that don't have matching splunk.secret.</P> Thu, 20 Feb 2014 20:38:12 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160216#M4786 the_wolverine 2014-02-20T20:38:12Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160217#M4787 <PRE><CODE># grep -ri \$1\$. * </CODE></PRE> Sat, 15 Mar 2014 13:23:05 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160217#M4787 the_wolverine 2014-03-15T13:23:05Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160218#M4788 <P>care to expand on this?</P> Thu, 08 Dec 2016 21:29:04 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160218#M4788 dflodstrom 2016-12-08T21:29:04Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160219#M4789 <P>This command (after you do <CODE>cd $SPLUNK_HOME</CODE>) will show you any file which contains a splunk-encrypted password (and a whole bunch of other binary files, *.js files and other irrelevant junk). The (properly filtered output) will show you which files WILL BREAK when you change the <CODE>secret</CODE> file. You then go figure out how to re-input the password for those "things". For example, many people use <CODE>LDAP</CODE> for authentication to get into Splunk search heads. This means that the Search Head stored credentials to access AD. This password is encrypted with the <CODE>secret</CODE> and stored in <CODE>$SPLUNK_HOME/etc/system/local/authentication.conf</CODE> as <CODE>bindDNpassword</CODE>. If this is the case for you, then this file will be identified by the <CODE>grep</CODE> command. </P> Tue, 18 Jul 2017 16:09:23 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160219#M4789 woodcock 2017-07-18T16:09:23Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160220#M4790 <P>I was looking for an explanation of the regex but your explanation of the issue is spot on. Still very useful for anyone stumbling upon this answer.</P> Tue, 18 Jul 2017 17:50:14 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160220#M4790 dflodstrom 2017-07-18T17:50:14Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160221#M4791 <P>I think that you should click <CODE>Accept</CODE> to close the question since the answer is a good (if terse) one.</P> Wed, 19 Jul 2017 00:12:52 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160221#M4791 woodcock 2017-07-19T00:12:52Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160222#M4792 <P>Also, please contact me (email is in my profile) and let me know how your research turned out (I am trying to do the same thing: sync <CODE>splunk.secret</CODE> on production system already up and running).</P> Wed, 19 Jul 2017 00:14:32 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160222#M4792 woodcock 2017-07-19T00:14:32Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160223#M4793 <P>Ain't my question otherwise I would.</P> Wed, 19 Jul 2017 16:15:06 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160223#M4793 dflodstrom 2017-07-19T16:15:06Z https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160224#M4794 <P>I was able to accomplish this with little-to-no issues but I also wasn't doing it on a system with lots of additional hashed values. </P> Wed, 19 Jul 2017 16:16:51 GMT https://community.splunk.com/t5/Security/Need-a-list-of-all-the-locations-of-hashed-password-based-on/m-p/160224#M4794 dflodstrom 2017-07-19T16:16:51Z