Deployment Architecture

Changing the pass4SymmKey for Search Head Clustering not being encrypted in the Deployer


We were having trouble with one of the Search Head cluster members. We went in to ensure that all of the shclustering pass4SymmKey values were correct. After restarting the Deployer splunkd service we found that the value for the pass4SymmKey did not get encrypted. Other pass4SymmKeys are being encrypted (clustering and general) but not the shclustering. This has happened on both 6.4.0 and 6.4.1 versions.

We double checked that the field was listed in the encrypt fields and it is.

I'm figuring we are missing something. Any suggestions?

0 Karma


Is your server.conf containing the cleartext pass4symmkey in a 'default' directory? If so it will be left in cleartext and the hashed version will be written in the corresponding local/server.conf

This is described under "How pass4SymmKey gets encrypted in apps"

0 Karma
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...