There are many kinds of passwords including:
Splunk user passwords. Splunk cluster/infrastructure passwords (e.g. pass4SymmKey) Splunk modular input passwords (e.g. DB Connect).
How are these encrypted and how can I make them use the same seed/decryption so that I can distribute encrypted credentials from my Deployment Server?
Am I missing any other types?
I know that
pass4SymmKey is encrypted using
$SPLUNK_HOME/etc/auth/splunk.secret which is generated at first-time-run (FTR) of Splunk startup (if the file does not exist, Splunk creates a random one). So use the same one for all of your infrastructure and that covers #2 above. According to this blog, it can even be synchronized after FTR through a somewhat arduous process: https://www.hurricanelabs.com/splunk-tutorials/update-splunk-secret-without-breaking-your-production...
For DB Connect 2 and DB Connect 3, splunk is using
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat file to encrypt/decrypt Identities password and it is not using
splunk.secret for this. If you would like to copy encrypted password from one splunk instance to another splunk instance then you must have same
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat in both the splunk instance.
If you are trying to setup DB Connect first time then I'll suggest setup/install DB Connect in one splunk instance and copy
$SPLUNK_HOME/etc/apps/splunk_app_db_connect/ to another splunk instance (if you are trying to setup active-standby splunk instance) so that you'll have same
identity.dat file in both the splunk instance so you can copy encrypted identities password from one splunk instance to another.
Local Splunk user passwords do not use
splunk.secret. On Linux you can still get away without any password at all, Splunk will just not create an admin then. However, LDAP and DBConnect passwords are dependent on