All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk DB Connect: How can I recover MSSQL encrypted database passwords?

ozirus
Path Finder
‎02-01-2017 04:59 AM

Hi,

I forgot my MSSQL encrypted db passwords that's written in Splunk DB Connect database.conf file and can't reset from MSSQL db since a lot of other business critical apps depends on it.

Since it's encrypted in database.conf of Splunk DB Connect, I can't get it in cleartext. Is there any method to decrypt it? (using splunk.secret and Python console etc.)

I'm using latest version of Splunk.

Regards,

Regards,

Reply
1 Solution
Solved! Jump to solution
Solution

datasearchninja
Communicator
‎05-10-2018 05:12 PM

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

View solution in original post

Reply
Solved! Jump to solution
Solution

datasearchninja
Communicator
‎05-10-2018 05:12 PM

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
Reply
Solved! Jump to solution

adidibra
Engager
‎11-10-2022 04:00 AM

I am trying the suggested command to retrieve passwords located in identities.conf  but I do not get any output in the console. My DB Connect version is 3.7.0.

Any suggestion, highly appreciated.

0 Karma
Reply
Solved! Jump to solution

jawaharas
Motivator
‎07-31-2020 05:57 AM

@datasearchninja Thanks a lot. It works.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎02-01-2017 01:34 PM

I don't think so. Generally, password encryption is one-way only, and I believe that is true for Splunk passwords as well.

0 Karma
Reply
Solved! Jump to solution

thambisetty
SplunkTrust
SplunkTrust
‎08-14-2022 11:20 PM

what you are assuming is correct for hashing not for encyrpting and decrypting.

————————————
If this helps, give a like below.
0 Karma
Reply
Solved! Jump to solution

ozirus
Path Finder
‎02-01-2017 10:41 PM

I don't think it's one-way that's like in hashing since it's encryption and its said that splunk.secret is being used for decrypting

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...