Deployment Architecture

Changing the pass4SymmKey for Search Head Clustering not being encrypted in the Deployer


We were having trouble with one of the Search Head cluster members. We went in to ensure that all of the shclustering pass4SymmKey values were correct. After restarting the Deployer splunkd service we found that the value for the pass4SymmKey did not get encrypted. Other pass4SymmKeys are being encrypted (clustering and general) but not the shclustering. This has happened on both 6.4.0 and 6.4.1 versions.

We double checked that the field was listed in the encrypt fields and it is.

I'm figuring we are missing something. Any suggestions?

0 Karma


Is your server.conf containing the cleartext pass4symmkey in a 'default' directory? If so it will be left in cleartext and the hashed version will be written in the corresponding local/server.conf

This is described under "How pass4SymmKey gets encrypted in apps"

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...