All Apps and Add-ons
Highlighted

Splunk Add-on for Google Cloud Platform: Update credentials via command line

Explorer

Hi,

We have implemented key rotation on GCP and we need to be able to set the new credentials via command line.
Does anyone know how?
We've found the password file, but credentials are encrypted and I'm not sure how I can encrypt the new creds and update the .conf file via command line.

Thanks.

Highlighted

Re: Splunk Add-on for Google Cloud Platform: Update credentials via command line

Explorer

Were you able to sort this? I noticed if you populate the googlecloudcredentials.conf file with the contents of your JSON file, it will automatically repopulate the passwords.conf file as soon as you go to the Credentials page on UI. Not sure how can you trigger this process from the command line tho.

0 Karma
Highlighted

Re: Splunk Add-on for Google Cloud Platform: Update credentials via command line

Explorer

So I think I found a way of doing this. You can just update the file google_cloud_credentials.conf on
$SPLUNK_HOME/etc/apps/Splunk_TA_google-cloudplatform/local with the new value according to the docs, such as:

[<name>]
google_credentials={"type": "service_account","project_id": "my-project","private_key_id": "32a3be8f2f0dcfe967ea558e486deaereacfas0c2497e"}

After you do that, the passwords.conf file will be automatically updated with the new values as soon as you go into the Configuration page on the Splunk Console. Restarting Splunk service also works if you wanna keep in the command line.

Another option you have is forget about passwords altogether and use the GCE service account. Take a look at this post: https://answers.splunk.com/answers/774312/use-gce-service-account.html

0 Karma