Here are two options that worked with me…
Option 1 : Use Splunk to Decrypt Password Encrypted by Splunk : Refer :- https://hurricanelabs.com/blog/decrypt-passwords-encrypted-by-splunk/
Option 2 : in this approach follow
+Install the new instance of Search Head Cluster Member . (don’t start Splunk instance yet)
+Copy $SPLUNKHOMEEXISTINGSHC/etc/auth/splunk.secret from one of the existing Search Head cluster to New instances $SPLUNKHOMENEWSHC/etc/auth
+After that start splunk for the first time copy $SPLUNKHOMEEXISTINGSHC/etc/system/local/server.conf stanza [shclustering] to $SPLUNKHOMENEWSHC/etc/system/local/server.conf
[shclustering] conf_deploy_fetch_url = https://DEPLOYER_URI:DEPLOYER_MGMT_PORT disabled = 0 mgmt_uri = https://:SPLUNK_HOME_NEW_SHC_MGMT_PORT pass4SymmKey = $1$XccY3P4= replication_factor = 1 id = B1D0A95D-4DB6-4111-A702-57EADDFFC932
+Restart the Splunk new Search Head cluster Member.
+Follow the link to add it as Search Head Cluster member to exiting SHC group.
@rbal_splunk : Hi rbal, I have the same problem. But I dont have SCH. I am trying to add new search head into clustering. We have lost the secret key of the master. I tried your second options. But no luck. Can you help me on this?