https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186338#M37331 <P>What is the "xor 'DEFAULTSADEFAULTSA....'" string we xor with?</P> Tue, 12 Apr 2016 14:26:27 GMT dougmartin 2016-04-12T14:26:27Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186331#M37324 <P>Could someone please document how the Splunk passwords are encrypted (in inputs and outputs.conf) so that we can setup our configuration management tools (Chef, Puppet etc...) to properly encrypt the passwords in the conf files without provisioning clear password and restarting Splunk a each chef run?</P> <P>Just a shell, perl, python or other example using the etc/auth/splunk.secret would help a LOT </P> <P>we figured out how dbconnect does (even had to fix a bug when passwords contains a "=") - can't find any details on the $1$xxxxxxxxxx passwords used in inputs.conf and outputs.conf</P> <P>Thanks!!</P> Tue, 19 Aug 2014 07:33:04 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186331#M37324 samlll42 2014-08-19T07:33:04Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186332#M37325 <P>Make sure you are grabbing the matching splunk.secret from $splunk_home/etc/auth then you can deploy the config files with the hashes already in place.</P> Tue, 19 Aug 2014 12:36:36 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186332#M37325 starcher 2014-08-19T12:36:36Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186333#M37326 <P>Thanks - I understand splunk.secret is the key. The question is how can a inputs/outputs.conf password be encoded with the key - what exact algorithm is used?</P> <P>I don't have a problem propagating the secret from one server to another. I just want to provision encoded passwords when I run chef, without having to pre-encoded them and always use the same splunk secret.</P> Tue, 19 Aug 2014 19:57:03 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186333#M37326 samlll42 2014-08-19T19:57:03Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186334#M37327 <P>I would say just use a test instance of Splunk that has the desired splunk.secret in place. Set the password then copy the resulting encrypted section out. Then push both splunk.secret and the conf file together. Working fine for us with Puppet.</P> Tue, 19 Aug 2014 21:07:22 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186334#M37327 starcher 2014-08-19T21:07:22Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186335#M37328 <P>Thanks - thats a possibility that we have thought about, we would still prefer to know how the password is encrypted so we can just encrypt it dynamically and change it dynamically on a regular basis. We are doing it just fine with DB Connect. Some of our customers require regular service account password changes for regulatory reasons.<BR /> Thanks</P> Tue, 19 Aug 2014 21:12:22 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186335#M37328 samlll42 2014-08-19T21:12:22Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186336#M37329 <P>Here is the DOC :<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/Deploysecurepasswordsacrossmultipleservers">http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/Deploysecurepasswordsacrossmultipleservers</A><BR /> the password to be encrypted are usually : the one for ssl in outputs.conf, in inputs.conf, in web.conf, and the ldap bind passwor din authorize.conf</P> <P>To clarify the behavior <BR /> When splunk starts,<BR /> If it finds a password field, it will check if it is encrypted of in clear.<BR /> - if encrypted, it will leave it<BR /> - if encrypted and if the splunk.secret cannot decrypt it, splunk will report an error in splunkd.log and disable ssl.<BR /> - If in clear, splunk will encrypt it using the “$SPLUNK_HOME/etc/auth/splunk.secret”<BR /> the password will be saved in the “local” configuration (it will not touch the "default”)</P> <P>The consequences are :<BR /> - you may have an encrypted password in local, and a clear one in default or you may end-up with an encrypted one on local only.<BR /> - If you are copying a configuration from a forwarder to another, it may not be able to decrypt the password.<BR /> - If the configuration contains a clear password and is pushed by a deployment server, then it will be encrypted on the forwarder, therefore modify the file and may force a looping resinstallayion if you deployment tool are checking the CRC of the files (chef, puppet, or splunkdeployment server)</P> Wed, 13 May 2015 16:23:27 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186336#M37329 yannK 2015-05-13T16:23:27Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186337#M37330 <P>Challenge accepted. Problem solved.</P> <P><A href="http://maratto.blogspot.com/2016/03/reverse-engineering-splunk-password.html">http://maratto.blogspot.com/2016/03/reverse-engineering-splunk-password.html</A></P> Fri, 18 Mar 2016 16:05:56 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186337#M37330 keinoda 2016-03-18T16:05:56Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186338#M37331 <P>What is the "xor 'DEFAULTSADEFAULTSA....'" string we xor with?</P> Tue, 12 Apr 2016 14:26:27 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186338#M37331 dougmartin 2016-04-12T14:26:27Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186339#M37332 <P>I read this as just the string DEFAULTSA repeating to match the length of the string constructed by joining the first 16 bytes of the splunk.secret and your plaintext password.</P> Tue, 10 May 2016 20:46:19 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/186339#M37332 dmourati 2016-05-10T20:46:19Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/602744#M104925 <P>Working link at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Deploysecurepasswordsacrossmultipleservers" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Deploysecurepasswordsacrossmultipleservers</A>&nbsp;now</P> Wed, 22 Jun 2022 06:58:25 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/602744#M104925 Georgiev 2022-06-22T06:58:25Z https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/602750#M104927 <P>And link to instructions how to generate hashed password on cli&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.2.6/Security/Secureyouradminaccount#Create_admin_credentials_for_automated_installations_with_the_.27hash-passwd.27_CLI_command" target="_blank">Create admin credentials for automated installations with the 'hash-passwd' CLI command</A></P> Wed, 22 Jun 2022 08:36:29 GMT https://community.splunk.com/t5/Getting-Data-In/How-are-Splunk-passwords-encrypted-in-inputs-conf-and-outputs/m-p/602750#M104927 isoutamo 2022-06-22T08:36:29Z