Hi,
Can anyone confirm that DB Connect uses identity.dat file for encryption instead of the splunk.secret file? I have copied the identity.dat file from a 2.2 system to the new 2.4 system (splunk_app_db_connect/certs directory) but no success.
File "/opt/splunk/etc/apps/splunk_app_db_connect/bin/dbxcrypto.py", line 42, in decrypt
raise Exception("Unable to decrypt password, please re-enter password on identity")
Exception: Unable to decrypt password, please re-enter password on identity
Hi Paniagacing,
I've a similar situation where I get the same error "Unable to decrypt password, please re-enter password on identity".
This usually happens when I try to create an Identity via CLI (identities.conf file). Even after restarting Splunk service the error still persists. What I noticed is that, when I check the identities.conf file after restarting Splunk service, the password provided is still in clear text. It hasn't being hashed.
So to solve it, I retype the password via Web GUI in Identities and save it.
This is quite strange.
Did you face a similar situation?
Regards,
After some research, I found the answer in dbxcrypto.py file:
SECRET_PATH = os.path.join(utils.get_cert_dir(), 'identity.dat')
ENCRYPT_CMD = ['openssl', 'aes-256-cbc', '-e', '-base64', '-pass', 'file:' + SECRET_PATH]
DECRYPT_CMD = ['openssl', 'aes-256-cbc', '-d', '-base64', '-pass', 'file:' + SECRET_PATH]
closed!