All Apps and Add-ons

Why does every credential for every app show up in the Code42 Input Add-on? And why are there credentials at all?

frankwayne
Path Finder

I installed the input add-on (3.0.6) and on the /Application Configuration /Credentials tab, ALL of the credentials of ALL apps installed on the machine are listed. Why is the app listing credentials that don't belong to it? (I almost began deleting some before I realized what the app was doing.)

The app should only be showing credentials that belong to it.

Moreover, where can these credentials be used? The input configuration asks for a username and password, not a credential entry. When I enter a username and password, no credential is created. So, why does the app have a credential tab, other than to show us credentials for other apps?

0 Karma

aplura_llc_supp
Path Finder

The credentials are automatically handled when the modular input is configured. The username and password are stored in the credential store. If you refresh the page, you'll see the credential on the tab (see note below). It uses a guid to associate the credential with the input. You shouldn't have to manually work with credentials.

EDIT

After further review and a check of the code, the IA-Code42ForSplunk app does indeed query only within it's own namespace and not an ALL call to the endpoint. Check the developer panel of the browser that is in use. The other credentials on your system appear to have been shared globally, which is then included within the namespace IA-Code42ForSplunk . I checked on a dev instance, and a search/local created app only export credential DID NOT SHOW in the Credential Tab. I modified the credential metadata to system and there it was, exactly as working within the namespace would predict.

This can be corrected with JavaScript filtering, but there is no "native" solution to pull only an app's config, it's related to namespace and permissions. /services/storage/passwords is also not a valid endpoint, since the call is filtered to include all of the credentials the user has access to. The limit of 30 is a default configuration for the REST endpoint call.

http://localhost:8027/en-US/splunkd/__raw/servicesNS/nobody/IA-Code42ForSplunk/storage/passwords?out...

From what I can tell, and after code review, everything is lining up exactly as native Splunk is intended to work. I'll enter an ER for the filtering option client side.

https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTUM/RESTusing#Namespace

frankwayne
Path Finder

I'm not sure why anyone would want "a holistic view" of the credentials on the instance when they have nothing to do with the app in question. This was an poorly conceived requirement, in that case.

I can confirm that a newly created credential DOES NOT appear on the credential tab. I see THIRTY credentials on the credentials tab and exactly the same number after I add a new one. The new one is not in the list. This begets a new question: Is there a limit of 30 credentials on that page and does the uninformed decision to just list everything now prevent new credentials from appearing? There is no "next page" offered, so as far as I can tell, there is simply no credential created.

Other apps require the creation of a credential and then an input, which is associated with the pre-existing credential. (Those apps, by the way, don't show every other app's credentials. Just say'n.)

0 Karma

davpx
Communicator

Because there is but only a single capability to grant access to all secrets stored on the system and it traverses system wide. Splunk really needs to work on their permissions structure.

0 Karma

frankwayne
Path Finder

Other apps on the same instance have credentials. They display only the credentials created in the context of their app, not all the credentials on the instance. It seems, therefore, that it is the responsibility of the app designer to filter those credentials. That is not being done for the Code42 app.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...