Hi,
I forgot my MSSQL encrypted db passwords that's written in Splunk DB Connect database.conf file and can't reset from MSSQL db since a lot of other business critical apps depends on it.
Since it's encrypted in database.conf of Splunk DB Connect, I can't get it in cleartext. Is there any method to decrypt it? (using splunk.secret and Python console etc.)
I'm using latest version of Splunk.
Regards,
Regards,
Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:
$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>
For dbx v2 and v3 use this to retrieve from the password in identities.conf:
$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:
$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>
For dbx v2 and v3 use this to retrieve from the password in identities.conf:
$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
I am trying the suggested command to retrieve passwords located in identities.conf but I do not get any output in the console. My DB Connect version is 3.7.0.
Any suggestion, highly appreciated.
@datasearchninja Thanks a lot. It works.
I don't think so. Generally, password encryption is one-way only, and I believe that is true for Splunk passwords as well.
what you are assuming is correct for hashing not for encyrpting and decrypting.
I don't think it's one-way that's like in hashing since it's encryption and its said that splunk.secret is being used for decrypting