Deployment Architecture

Changing the pass4SymmKey for Search Head Clustering not being encrypted in the Deployer

sniderwj
Explorer

We were having trouble with one of the Search Head cluster members. We went in to ensure that all of the shclustering pass4SymmKey values were correct. After restarting the Deployer splunkd service we found that the value for the pass4SymmKey did not get encrypted. Other pass4SymmKeys are being encrypted (clustering and general) but not the shclustering. This has happened on both 6.4.0 and 6.4.1 versions.

We double checked that the field was listed in the encrypt fields and it is.

I'm figuring we are missing something. Any suggestions?

0 Karma

plaxosi
Explorer

Is your server.conf containing the cleartext pass4symmkey in a 'default' directory? If so it will be left in cleartext and the hashed version will be written in the corresponding local/server.conf

This is described under "How pass4SymmKey gets encrypted in apps"

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...