All Apps and Add-ons
Highlighted

Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Explorer

We got the Add-on for JIRA for Splunk Enterprise working ( https://splunkbase.splunk.com/app/1438/ ) however it requires us to authenticate using credentials that are stored in clear text in C:\Program Files\Splunk\etc\apps\jira\local\config.ini, according to the instructions.

Is there some way to avoid that, and have the Splunk end user SSO against it instead? We require this for 2 reasons:
1. For obvious security reasons, we don't want to store the password in plain text on the file system.
2. The account used in config.ini will not necessarily have access to all the JIRA projects anyway, and as a result not return all stories/issues that we're querying for. Each user will be querying for issues in JIRA projects that other users may not have access to. We could use a JIRA admin account, but then refer to point #1 above.

Bonus question: Is there a way to query multiple JIRA instances? We have a few instances that we'd like to reach into at the same time.

0 Karma
Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Splunk Employee
Splunk Employee

So the answer to this is yes and no. In its current iteration, the command cannot do multiple instances and accounts without further modification.

I do however have an unpublished version that encrypts the passwords and allows for different instances. If you're interested in evaluating the version, please contact me for further details. Note that the evaluation version is just that and not fully tested as of yet.

Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Explorer

Thanks Flynt, and yes I'd be interested in trying out the unpublished version with encryption. How can we make the arrangement?

0 Karma
Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Splunk Employee
Splunk Employee

I've sent an email to your account, if you did not receive it please let me know. You can always email me as well so we can get you the code.

0 Karma
Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Explorer

Sorry Flynt, I never received anything, and I can't see any way to email you via Splunk> answers. Am I overlooking something.

0 Karma
Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Splunk Employee
Splunk Employee

Sorry, it's in my profile. You can reach me at fdeboer@splunk.com.

0 Karma
Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

New Member

Hi Flynt, is it planned to be upgraded on the Splunk Base as new version any time soon? Can you send me the test version of the app unless you have identified significant issue with the version by now.

0 Karma
Highlighted

Re: Add-on for JIRA: Is it possible to avoid storing password information in clear text in config.ini?

Influencer

Hi @Flynt Any update on general availability for this? If not, I am interested in the unpublished version that has encryption and supports multiple instances.

0 Karma