https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201927#M39955 <P>I am deploying Indexer Cluster settings in an app to multiple Universal Forwarders via the Deployment Server. The issue I have is that they require the Indexer Cluster password to be sent in the <CODE>/local/outputs.conf</CODE> file.</P> <P>App deployment works fine and a new outputs.conf is created on the Universal Forwarder under <CODE>$SPLUNK_HOME/etc/system/local</CODE> with the required stanza and <STRONG>encrypted</STRONG> password.</P> <P>The issue is that the password exists in clear text in 2 places;</P> <P>Deployment Server - <CODE>$SPLUNK_HOME/etc/deployment_apps/app_name/local/outputs.conf</CODE></P> <P>Universal Forwarder - <CODE>$SPLUNK_HOME/etc/apps/app_name/local/outputs.conf</CODE></P> <P>Is there a way for the password to be encrypted at all locations?</P> Wed, 28 Oct 2015 13:35:07 GMT karlbosanquet 2015-10-28T13:35:07Z https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201927#M39955 <P>I am deploying Indexer Cluster settings in an app to multiple Universal Forwarders via the Deployment Server. The issue I have is that they require the Indexer Cluster password to be sent in the <CODE>/local/outputs.conf</CODE> file.</P> <P>App deployment works fine and a new outputs.conf is created on the Universal Forwarder under <CODE>$SPLUNK_HOME/etc/system/local</CODE> with the required stanza and <STRONG>encrypted</STRONG> password.</P> <P>The issue is that the password exists in clear text in 2 places;</P> <P>Deployment Server - <CODE>$SPLUNK_HOME/etc/deployment_apps/app_name/local/outputs.conf</CODE></P> <P>Universal Forwarder - <CODE>$SPLUNK_HOME/etc/apps/app_name/local/outputs.conf</CODE></P> <P>Is there a way for the password to be encrypted at all locations?</P> Wed, 28 Oct 2015 13:35:07 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201927#M39955 karlbosanquet 2015-10-28T13:35:07Z https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201928#M39956 <P>This problem seems to be known. Read <A href="https://docs.splunk.com/Documentation/Splunk/6.5.2/Security/ConfigureSplunkforwardingtousesignedcertificates#Configure_your_forwarders_to_use_your_certificates">this section on the docs</A> and it mentions this specifically. It also gives a sort of workaround, too:</P> <P><STRONG>Warning:</STRONG> If you configure inputs.conf or outputs.conf in an app directory, the password is NOT encrypted and the clear-text value remains in the file. For this reason, you may prefer to create different certificates (signed by the same root CA) to use when configuring SSL in app directories. </P> <P>By adding this answer the question will pop up to the top of the stack, so maybe someone else will have a better answer.</P> Tue, 07 Feb 2017 00:26:30 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201928#M39956 Richfez 2017-02-07T00:26:30Z https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201929#M39957 <P>My current solution is a script which pushes the pass4SymmKey password out to Universal Forwarders, then I deploy an empty app from the Deployment Server called 'restart' with the restart services flag checked which restarts the UF service on all of the UFs, which hashes the password.</P> Tue, 07 Feb 2017 21:01:49 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-encrypt-password-in-app-outputs-conf/m-p/201929#M39957 karlbosanquet 2017-02-07T21:01:49Z