All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk DB Connect: How can I recover MSSQL encrypted database passwords?

ozirus
Path Finder
‎02-01-2017 04:59 AM

Hi,

I forgot my MSSQL encrypted db passwords that's written in Splunk DB Connect database.conf file and can't reset from MSSQL db since a lot of other business critical apps depends on it.

Since it's encrypted in database.conf of Splunk DB Connect, I can't get it in cleartext. Is there any method to decrypt it? (using splunk.secret and Python console etc.)

I'm using latest version of Splunk.

Regards,

Regards,

Reply
1 Solution
Solved! Jump to solution
Solution

datasearchninja
Communicator
‎05-10-2018 05:12 PM

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

View solution in original post

Reply
Solved! Jump to solution
Solution

datasearchninja
Communicator
‎05-10-2018 05:12 PM

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
Reply
Solved! Jump to solution

adidibra
Engager
‎11-10-2022 04:00 AM

I am trying the suggested command to retrieve passwords located in identities.conf  but I do not get any output in the console. My DB Connect version is 3.7.0.

Any suggestion, highly appreciated.

0 Karma
Reply
Solved! Jump to solution

jawaharas
Motivator
‎07-31-2020 05:57 AM

@datasearchninja Thanks a lot. It works.

0 Karma
Reply
Solved! Jump to solution

lguinn2
Legend
‎02-01-2017 01:34 PM

I don't think so. Generally, password encryption is one-way only, and I believe that is true for Splunk passwords as well.

0 Karma
Reply
Solved! Jump to solution

thambisetty
SplunkTrust
SplunkTrust
‎08-14-2022 11:20 PM

what you are assuming is correct for hashing not for encyrpting and decrypting.

————————————
If this helps, give a like below.
0 Karma
Reply
Solved! Jump to solution

ozirus
Path Finder
‎02-01-2017 10:41 PM

I don't think it's one-way that's like in hashing since it's encryption and its said that splunk.secret is being used for decrypting

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...