https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642366#M11039 <P>Hello,</P> <P>&nbsp; I developed an <STRONG>external lookup</STRONG> script in Python which makes an https API call using a password authentication. The lookup script read the password from a custom conf file.</P> <P>When I submitted my app to Splunkbase the result was:</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="markup"> check_for_secret_disclosure Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/ File: appserver/static/javascript/views/app.js Line: 95</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>There is no problem to write the password in passwords.conf. I followed the example in <A href="https://github.com/splunk/splunk-app-examples/tree/master/setup_pages/weather_app_example" target="_blank" rel="noopener">Weather App Example</A></P> <P>The problem starts when I need to <STRONG>read </STRONG>the password from the Python external lookup script. Splunk <A href="https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/secretstoragepython" target="_blank" rel="noopener">general documentation</A> suggests to use a <A href="https://haydz.github.io/2021/01/02/Python-Connect-Splunk.html" target="_blank" rel="noopener">client.connect</A></P> <P><EM>Client.connect</EM> need a Splunk user authentication, so another secret! I can find a method to read the secret as the <EM><SPAN class="">splunklib</SPAN>.<SPAN class="">searchcommands</SPAN></EM> allows, for example.</P> <P>I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the <EM>secretstorage</EM> as suggested.</P> <P>How can I fix this problem?</P> <P>&nbsp;</P> <P>Thank you very much</P> <P>Kind Regards</P> <P>Marco</P> Wed, 10 May 2023 14:47:13 GMT sistemistiposta 2023-05-10T14:47:13Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642366#M11039 <P>Hello,</P> <P>&nbsp; I developed an <STRONG>external lookup</STRONG> script in Python which makes an https API call using a password authentication. The lookup script read the password from a custom conf file.</P> <P>When I submitted my app to Splunkbase the result was:</P> <P>&nbsp;</P> <P>&nbsp;</P> <LI-CODE lang="markup"> check_for_secret_disclosure Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/ File: appserver/static/javascript/views/app.js Line: 95</LI-CODE> <P>&nbsp;</P> <P>&nbsp;</P> <P>There is no problem to write the password in passwords.conf. I followed the example in <A href="https://github.com/splunk/splunk-app-examples/tree/master/setup_pages/weather_app_example" target="_blank" rel="noopener">Weather App Example</A></P> <P>The problem starts when I need to <STRONG>read </STRONG>the password from the Python external lookup script. Splunk <A href="https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/secretstoragepython" target="_blank" rel="noopener">general documentation</A> suggests to use a <A href="https://haydz.github.io/2021/01/02/Python-Connect-Splunk.html" target="_blank" rel="noopener">client.connect</A></P> <P><EM>Client.connect</EM> need a Splunk user authentication, so another secret! I can find a method to read the secret as the <EM><SPAN class="">splunklib</SPAN>.<SPAN class="">searchcommands</SPAN></EM> allows, for example.</P> <P>I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the <EM>secretstorage</EM> as suggested.</P> <P>How can I fix this problem?</P> <P>&nbsp;</P> <P>Thank you very much</P> <P>Kind Regards</P> <P>Marco</P> Wed, 10 May 2023 14:47:13 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642366#M11039 sistemistiposta 2023-05-10T14:47:13Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642768#M11041 <P>Hi Marco,</P><P>As per my understanding you are looking to access storage_passwords from within the App(ie. external lookup script) without requiring to use client.connect(), which is possible using the already available service instance to communicate with the Splunk Enterprise.</P><P><BR />Ref - in&nbsp;<A href="https://github.com/splunk/splunk-app-examples/blob/master/setup_pages/weather_app_example/bin/weather.py#L31" target="_self">Weather App Example</A>&nbsp;, below code snippet is used to access the storage_passwords using the already available service instance</P><LI-CODE lang="python">secrets = search_command.service.storage_passwords</LI-CODE><P data-unlink="true">Also check the <A href="https://github.com/splunk/splunk-sdk-python#access-service-object-in-custom-search-command--modular-input-apps" target="_self">documentation</A> on how to access the service instance within an App&nbsp;</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">Let me know if this helps!</P> Wed, 10 May 2023 06:35:20 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642768#M11041 abhis 2023-05-10T06:35:20Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642786#M11042 <P>Hello Abhis,</P><P>&nbsp; I don't implement a search command. I have an external lookup like</P><P>&nbsp;</P><LI-CODE lang="python"> INPUT ''' anamefield = sys.argv[1] aidfield = sys.argv[2] ''' MAIN PROCESS ''' infile = sys.stdin outfile = sys.stdout r = csv.DictReader(infile) header = r.fieldnames w = csv.DictWriter(outfile, fieldnames=r.fieldnames) w.writeheader() for result in r: # Perform the lookup or reverse lookup if necessary if result[anamefield] and result[aidfield]: # All fields were provided, just pass it along w.writerow(result)</LI-CODE><P>&nbsp;</P><P>I don't understand how can I read the <EM>session key</EM> here. I read about <STRONG>splunk.Intersplunk</STRONG>, but it seems deprecated. The <STRONG>service</STRONG> instance seems to work only in command libraries or <STRONG>Script.stream_events</STRONG> library, which I can't understand how to adopt in <EM>external lookup script</EM>. I really appreciate if I could read some examples as weather app does for external commands.</P><P>Thank you very much</P><P>Kind Regards</P><P>Marco</P> Wed, 10 May 2023 10:42:41 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-use-Secret-storage-and-api-call/m-p/642786#M11042 sistemistiposta 2023-05-10T10:42:41Z