https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/289648#M7728 <P>I've got a set of custom alert actions that when invoked, will fire off a python script that (among other things) makes a REST call out to a server that requires authentication.</P> <P>As part of the design, I've defined a global configuration page (setup.xml) that will take in a username, and a secret value password. What I'd like to do is have that password stored securely, and then retrieved in my script, appended to the username, and base64'd to be included in the basic auth. header of my REST call.</P> <P>What is the best practice for taking as a global input a password, storing those credentials, and then retrieving those credentials as part of a custom alert action? Thanks!</P> Wed, 05 Jul 2017 16:29:45 GMT jack_burton 2017-07-05T16:29:45Z https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/289648#M7728 <P>I've got a set of custom alert actions that when invoked, will fire off a python script that (among other things) makes a REST call out to a server that requires authentication.</P> <P>As part of the design, I've defined a global configuration page (setup.xml) that will take in a username, and a secret value password. What I'd like to do is have that password stored securely, and then retrieved in my script, appended to the username, and base64'd to be included in the basic auth. header of my REST call.</P> <P>What is the best practice for taking as a global input a password, storing those credentials, and then retrieving those credentials as part of a custom alert action? Thanks!</P> Wed, 05 Jul 2017 16:29:45 GMT https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/289648#M7728 jack_burton 2017-07-05T16:29:45Z https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/289649#M7729 <P>George Starcher has an excellent blog post on this subject. See <A href="http://www.georgestarcher.com/splunk-stored-encrypted-credentials/">http://www.georgestarcher.com/splunk-stored-encrypted-credentials/</A></P> Wed, 05 Jul 2017 17:02:31 GMT https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/289649#M7729 richgalloway 2017-07-05T17:02:31Z https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/590871#M16026 <P>If the original link doesn't load, the Way Back Machine has an archive here&nbsp;<A href="https://web.archive.org/web/20210417061309/http://www.georgestarcher.com/splunk-stored-encrypted-credentials/" target="_blank">https://web.archive.org/web/20210417061309/http://www.georgestarcher.com/splunk-stored-encrypted-credentials/</A></P> Fri, 25 Mar 2022 14:43:57 GMT https://community.splunk.com/t5/Security/Storing-and-using-passwords-in-a-Custom-Alert-Action/m-p/590871#M16026 ttam_splunk 2022-03-25T14:43:57Z