Developing for Splunk Enterprise

Securing REST API authentication credentials in script alert action - Splunk 6.6.3

D0do
Engager

Hello,

I'm having some issues finding a proper solution for this problem:

I created a custom alert action for a Splunk v6.6.3 (I know, it is veery old) that executes a python script that use an SPL query through Splunk REST API.

At the moment the used credentials for Splunk REST API are written in cleartext into the script; is there a way to encrypt them so they are not clearly visible to other users able to read the script code?

Token authentication would have been the proper solution but it's not available in this old splunk version.

Do you know any additional solutions for this issue?

 

Thank you in advice, have a good day!

 

Labels (2)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!