I'm trying to get an app Splunkbase certified and am getting kickback on an API Key being stored in alert_actions.conf after user setup.
What is the Splunk suggested approach for this certification requirement?
Hacks -- aka Stuff I'm not interested in
1. Jamming values into a credential store somehow and using javascript in setup.xml to handle faking data and hiding inputs: https://www.splunk.com/blog/2011/03/15/storing-encrypted-credentials/
2. Injecting javascript in my setup.xml to get want I want when user finishes setup.
3. Any other hacky solutions.
Official recommended approaches:
Both are ... less gooder. The splunk sdk should provide something like new SecureValue("some-semi-important-thing!")
. Or something like option 1 should exist for single values, not username/password/realm combos -- I tried, it is not a smooth solution, and you will be injecting javascript into your setup.xml
file to hammer things into place. But hey, with enough time and a big enough hammer, you can't do a lot of neat things.
Official recommended approaches:
Both are ... less gooder. The splunk sdk should provide something like new SecureValue("some-semi-important-thing!")
. Or something like option 1 should exist for single values, not username/password/realm combos -- I tried, it is not a smooth solution, and you will be injecting javascript into your setup.xml
file to hammer things into place. But hey, with enough time and a big enough hammer, you can't do a lot of neat things.