- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- How to use encrypted credentials (storage/password...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using the "REST API Modular Input" add-on (rest_TA) and it works fine with authentication BASIC. However, this uses the clear password in the inputs.conf and I would like to use the encrypted credentials that I manage using my setup.xml screen in a similar way I do in my scripted inputs (where I use a the session key that Splunk send into the scripted input). Since rest_TA is a SPLUNK module, I would think this is possible/supported, but I could find any reference to it. If this is considered a custom handler and required a module in authhandlers.py can you describe this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Damien. I'm familiar with the get_credential as I used it in my scripted inputs (though I will condition the return based on realm since I have multiple pairs stored). However, after I looked at rest.py and I need to ask: I see the snippet you sent will be put at the beginning of do_run and it creates 2 variables ( encrypted_username, encrypted_password) which are actually the clear text but I don't see them being used later and also I'm not sure what should I put in the auth_type in the inputs.conf. I thought I could leave it as "basic" and just replace the following:
#for basic and digest
auth_user=config.get("auth_user")
auth_password=config.get("auth_password")
with
#for basic and digest with stored credentials
auth_user, auth_password= get_credentials(SESSION_TOKEN)
since get_credentil will return exactly what I have today in inputs.conf
Can you comment on that please?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Damien. I'm familiar with the get_credential as I used it in my scripted inputs (though I will condition the return based on realm since I have multiple pairs stored). However, after I looked at rest.py and I need to ask: I see the snippet you sent will be put at the beginning of do_run and it creates 2 variables ( encrypted_username, encrypted_password) which are actually the clear text but I don't see them being used later and also I'm not sure what should I put in the auth_type in the inputs.conf. I thought I could leave it as "basic" and just replace the following:
#for basic and digest
auth_user=config.get("auth_user")
auth_password=config.get("auth_password")
with
#for basic and digest with stored credentials
auth_user, auth_password= get_credentials(SESSION_TOKEN)
since get_credentil will return exactly what I have today in inputs.conf
Can you comment on that please?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Damien, avilandau,
Were you able to encrypt the password in inputs.conf with above suggestion?
I have tried replacing the auth_user parts as shown above but no luck.
Am I missing something?
I am using version 1.5.3 and yes, I am not sure where this encrypted_username, encrypted_password are being used...
Can anyone shed some light on rest.py ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We often perform this customization to the REST App for our customers with commercial support.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just provided you a quick pseudo code example to guide you.
Yes , what you propose would be fine and should work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want to use setup.xml / apps.conf for storing encrypted credentials , then you will have to customise rest.py to retrieve these credentials because you need access to the session key.
So as an example below , I've added a get_credentials method and called it in the do_run method in rest.py
def get_credentials(session_key):
myapp = 'rest_ta'
try:
# list all credentials
entities = entity.getEntities(['admin', 'passwords'], namespace=myapp,
owner='nobody', sessionKey=session_key)
except Exception, e:
raise Exception("Could not get credentials from splunk. Error: %s"
% (myapp, str(e)))
# return first set of credentials
for i, c in entities.items():
return c['username'], c['clear_password']
raise Exception("No credentials have been found, have you setup the App yet ?")
def do_run(config,endpoint_list):
#setup some globals
server_uri = config.get("server_uri")
global SPLUNK_PORT
global STANZA
global SESSION_TOKEN
global delimiter
SPLUNK_PORT = server_uri[18:]
STANZA = config.get("name")
SESSION_TOKEN = config.get("session_key")
encrypted_username, encrypted_password = get_credentials(SESSION_TOKEN)
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
