Hi all,
I am just learning Splunk because the need for applying our addon to be cloud vetted ( therefore I really don't know much splunk development yet, but need to get this done soon) . It is an addon to connect to our server and pulling in logs. Each pull would have to auth first, therefore we save token locally so only need auth once for certain interval ( lifetime of the token). But that won't do for cloud based addon. (Vetting report says " Storing authentication token in checkpoint which is not allowed in Splunk cloud. Please don't store such sensitive information")
Any other way I can save token for addon functionality purpose? . I heard mentioning of storage/passwords endpoint, is that only for user credential or it can be used for saving application token as well?
Thanks in advance! I searched whole day, still not clear the direction.
It is not static. It needs to be used for each poll. It will need to be updated when it expires. About every 15mins. Is there anyway the endpoint you mentioned can be written?
Yes you can update the token on storage/passwords endpoint but you need to code that in your script.
That is good to know! Is there any chance you can point me some sample code on how to achieve that? I am really just start to learn splunk development.
Have a look at code in https://github.com/splunk/TA-VaultSync/tree/master/bin , you'll get idea.
Thank you so much!
You're welcome!
If token is static then you can use storage/passwords endpoint to store token and in your script read token from same endpoint.