All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk DB Connect: How can I recover MSSQL encrypted database passwords?

ozirus
Path Finder
‎02-01-2017 04:59 AM

Hi,

I forgot my MSSQL encrypted db passwords that's written in Splunk DB Connect database.conf file and can't reset from MSSQL db since a lot of other business critical apps depends on it.

Since it's encrypted in database.conf of Splunk DB Connect, I can't get it in cleartext. Is there any method to decrypt it? (using splunk.secret and Python console etc.)

I'm using latest version of Splunk.

Regards,

Regards,

Reply
1 Solution
Solved! Jump to solution
Solution

datasearchninja
Communicator
‎05-10-2018 05:12 PM

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

View solution in original post

Reply
Solved! Jump to solution
Solution

datasearchninja
Communicator
‎05-10-2018 05:12 PM

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
Reply
Solved! Jump to solution

adidibra
Engager
‎11-10-2022 04:00 AM

I am trying the suggested command to retrieve passwords located in identities.conf  but I do not get any output in the console. My DB Connect version is 3.7.0.

Any suggestion, highly appreciated.

0 Karma
Reply
Solved! Jump to solution

jawaharas
Motivator
‎07-31-2020 05:57 AM

@datasearchninja Thanks a lot. It works.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎02-01-2017 01:34 PM

I don't think so. Generally, password encryption is one-way only, and I believe that is true for Splunk passwords as well.

0 Karma
Reply
Solved! Jump to solution

thambisetty
SplunkTrust
SplunkTrust
‎08-14-2022 11:20 PM

what you are assuming is correct for hashing not for encyrpting and decrypting.

————————————
If this helps, give a like below.
0 Karma
Reply
Solved! Jump to solution

ozirus
Path Finder
‎02-01-2017 10:41 PM

I don't think it's one-way that's like in hashing since it's encryption and its said that splunk.secret is being used for decrypting

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...