All Apps and Add-ons

Splunk DB Connect: How can I recover MSSQL encrypted database passwords?

ozirus
Path Finder

Hi,

I forgot my MSSQL encrypted db passwords that's written in Splunk DB Connect database.conf file and can't reset from MSSQL db since a lot of other business critical apps depends on it.

Since it's encrypted in database.conf of Splunk DB Connect, I can't get it in cleartext. Is there any method to decrypt it? (using splunk.secret and Python console etc.)

I'm using latest version of Splunk.

Regards,

Regards,

1 Solution

datasearchninja
Communicator

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

View solution in original post

datasearchninja
Communicator

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

View solution in original post

jawaharas
Motivator

@datasearchninja Thanks a lot. It works.

0 Karma

lguinn2
Legend

I don't think so. Generally, password encryption is one-way only, and I believe that is true for Splunk passwords as well.

0 Karma

ozirus
Path Finder

I don't think it's one-way that's like in hashing since it's encryption and its said that splunk.secret is being used for decrypting

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!