Building for the Splunk Platform

Securing REST API authentication credentials in script alert action - Splunk 6.6.3

D0do
Engager

Hello,

I'm having some issues finding a proper solution for this problem:

I created a custom alert action for a Splunk v6.6.3 (I know, it is veery old) that executes a python script that use an SPL query through Splunk REST API.

At the moment the used credentials for Splunk REST API are written in cleartext into the script; is there a way to encrypt them so they are not clearly visible to other users able to read the script code?

Token authentication would have been the proper solution but it's not available in this old splunk version.

Do you know any additional solutions for this issue?

 

Thank you in advice, have a good day!

 

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Want a chance to win $500 to the Splunk shop? Take our IT Incident Management Survey!

  Top Trends & Best Practices in Incident ManagementSplunk is partnering up with Constellation Research to ...