I am looking for a way to validate an existing sslPassword hash given a plaintext input.
I am working on an ansible deployment script and I would like to make it more idempotent. Right now, I can just reset those values on each run but it would be nice to do a check based off the correct hash. If it matches, skip the task, otherwise, replace the hashed value with a new plaintext or hashed value.
There is a utility hash-passwd
where you can run splunk hash-passwd password
and it will return a hashed value. However, it doesn't return the same type of hash used for pass4SymmKey or sslPassword
Is there anything like that for sslPassword?
Regards,
Brandon
I ended up taking a slightly different route for anyone who is interested. Ansible has a hash filter | hash('sha256')
, which I used to write the hashed value as a comment in the file. I then check for it's existence on subsequent runs and skip it if the values match. All things considered, it seems to work pretty well as a temporary solution. I may add some obfuscation to my technique but with a strong enough password and keeping strict permissions on the server.conf file, I'm okay with it for now.
Regards,
I ended up taking a slightly different route for anyone who is interested. Ansible has a hash filter | hash('sha256')
, which I used to write the hashed value as a comment in the file. I then check for it's existence on subsequent runs and skip it if the values match. All things considered, it seems to work pretty well as a temporary solution. I may add some obfuscation to my technique but with a strong enough password and keeping strict permissions on the server.conf file, I'm okay with it for now.
Regards,