Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I use Secret storage and api call?

sistemistiposta
Path Finder
‎05-05-2023 01:27 AM

Hello,

  I developed an external lookup script in Python which makes an https API call using a password authentication. The lookup script read the password from a custom conf file.

When I submitted my app to Splunkbase the result was:

 

 

 check_for_secret_disclosure

    Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
    https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
    File: appserver/static/javascript/views/app.js Line: 95

 

 

There is no problem to write the password in passwords.conf. I followed the example in Weather App Example

The problem starts when I need to read the password from the Python external lookup script. Splunk general documentation suggests to use a client.connect

Client.connect need a Splunk user authentication, so another secret! I can find a method to read the secret as the splunklib.searchcommands allows, for example.

I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.

How can I fix this problem?

 

Thank you very much

Kind Regards

Marco

Labels (4)
Labels
0 Karma
Reply

abhis
Splunk Employee
Splunk Employee
‎05-09-2023 11:35 PM

Hi Marco,

As per my understanding you are looking to access storage_passwords from within the App(ie. external lookup script) without requiring to use client.connect(), which is possible using the already available service instance to communicate with the Splunk Enterprise.


Ref - in Weather App Example , below code snippet is used to access the storage_passwords using the already available service instance

secrets = search_command.service.storage_passwords

Also check the documentation on how to access the service instance within an App 

 

Let me know if this helps!

0 Karma
Reply

sistemistiposta
Path Finder
‎05-10-2023 03:05 AM

Hello Abhis,

  I don't implement a search command. I have an external lookup like

 

    INPUT
    '''
    anamefield = sys.argv[1]
    aidfield = sys.argv[2]

    '''
    MAIN PROCESS
    '''
    infile = sys.stdin
    outfile = sys.stdout

    r = csv.DictReader(infile)
    header = r.fieldnames

    w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
    w.writeheader()

    for result in r:
        # Perform the lookup or reverse lookup if necessary
        if result[anamefield] and result[aidfield]:
            # All fields were provided, just pass it along
            w.writerow(result)

 

I don't understand how can I read the session key here. I read about splunk.Intersplunk, but it seems deprecated. The service instance seems to work only in command libraries or Script.stream_events library, which I can't understand how to adopt in external lookup script. I really appreciate if I could read some examples as weather app does for external commands.

Thank you very much

Kind Regards

Marco

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...