All Apps and Add-ons

How to encrypt single values in alert_actions.conf in order for my app to be Splunkbase certified?

originalbryan
Engager

I'm trying to get an app Splunkbase certified and am getting kickback on an API Key being stored in alert_actions.conf after user setup.

What is the Splunk suggested approach for this certification requirement?

Hacks -- aka Stuff I'm not interested in
1. Jamming values into a credential store somehow and using javascript in setup.xml to handle faking data and hiding inputs: https://www.splunk.com/blog/2011/03/15/storing-encrypted-credentials/
2. Injecting javascript in my setup.xml to get want I want when user finishes setup.
3. Any other hacky solutions.

0 Karma
1 Solution

originalbryan
Engager

Official recommended approaches:

  1. https://www.splunk.com/blog/2011/03/15/storing-encrypted-credentials/
  2. https://www.splunk.com/blog/2016/10/10/encrypt-a-modular-input-field-without-using-setup-xml/

Both are ... less gooder. The splunk sdk should provide something like new SecureValue("some-semi-important-thing!"). Or something like option 1 should exist for single values, not username/password/realm combos -- I tried, it is not a smooth solution, and you will be injecting javascript into your setup.xml file to hammer things into place. But hey, with enough time and a big enough hammer, you can't do a lot of neat things.

View solution in original post

0 Karma

originalbryan
Engager

Official recommended approaches:

  1. https://www.splunk.com/blog/2011/03/15/storing-encrypted-credentials/
  2. https://www.splunk.com/blog/2016/10/10/encrypt-a-modular-input-field-without-using-setup-xml/

Both are ... less gooder. The splunk sdk should provide something like new SecureValue("some-semi-important-thing!"). Or something like option 1 should exist for single values, not username/password/realm combos -- I tried, it is not a smooth solution, and you will be injecting javascript into your setup.xml file to hammer things into place. But hey, with enough time and a big enough hammer, you can't do a lot of neat things.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...