Deployment Architecture

Do you need to keep the same splunk.secret file on all the Indexer peers?

sreejith2k2
Explorer

As per the Splunk doc on Deploy secure passwords across multiple servers the splunk.secret file will be automatically replicated by the Search Head captain during the initial cluster deployment.

Though Indexer cluster is entirely different to the Search Head Clustering and we have 50+ indexers in the multisite cluster, my queries are

  1. Do you need to keep the same Splunk.secret file on all the Indexer peers.
  2. Say, if we keep seperate splunk.secret on each indexer server and If we keep the plain text passwords in the server/inputs/outputs/authentication.conf files in the CyberArk, do we really need to worry on splunk.secret?

naveencardinalh
Engager

Yes, splunk.secret file should be same across all the cluster members.

sreejith2k2
Explorer

Hi naveencardinalhealth, Thanks. I havent seen any documentation within the splunk docs. For SH Cluster, I do agree with you (https://docs.splunk.com/Documentation/Splunk/latest/Security/Deploysecurepasswordsacrossmultipleserv...) but for indexer i havent see any documentation.

0 Karma

naveencardinalh
Engager

You need to keep the same splunk.secret file in both indexers, shc layer, deployment server and HF's..

0 Karma

teunlaan
Contributor

1) No you don't need to
2) you are OK, if you keep everything in plain text

0 Karma

sreejith2k2
Explorer

2) you are OK, if you keep everything in plain text - but once the splunk is restarted, it will encrypt the passwords automatically.

0 Karma

Tune In & Win!

Don't miss out on your
chance to take home free
prizes by helping our players
save the Splunk Cloudom!

Dungeons & Data
Monsters: Splunk O11y
Day Editions Games
stream live:
5/4 at 6:30pm PST
5/5 at 7:00pm PST
on