Reposting this in the correct area of the forum.
I have made a Tech add on that polls an API. In order to perform requests against the API, an API key is required.
I have used the following as the example in order to get the URL and the API key for the request saved onto Splunk:
https://github.com/splunk/Developer_Guidance_Setup_View_Example
The setup page is working as expected from that example, and am able to correctly populate data with it. After that, when I look at the app specific conf files ( ie /opt/splunk/etc/apps/TA-eg/local/ta_eg_settings.conf)
Then I see that the api_key is starred out, ie encrypted at rest:
[additional_parameters]
api_key = ********
eg_domain = <correct_plaintext_domain>
disabled = 0
The following files are also present in /opt/splunk/etc/apps/TA-eg/local/:
app.conf
inputs.conf
passwords.conf
However if I attempt to use the python helper function get_global_setting("api_key") as defined in:
https://docs.splunk.com/Documentation/AddonBuilder/3.0.2/UserGuide/PythonHelperFunctions
Then it is always returning the string "undefined" as opposed to the correct API key that I added.
In TA-eg/bin/TA_eg_rh_settings.py I have also set encrypted = True for the correct field:
fields_additional_parameters = [
field.RestField(
'eg_domain',
required=True,
encrypted=False,
default='',
validator=validator.String(
min_len=0,
max_len=8192,
)
),
field.RestField(
'api_key',
required=True,
encrypted=True,
default='',
validator=validator.String(
min_len=0,
max_len=8192,
)
)
]
Please help me figure out how to get the correct output of this encrypted at rest API key using the Splunk helper functions.
I figured out how to do it using the helper function.
I figured out how to do it using the helper function.
Hi @KeaganJ - let me refer you to the weather_app_example in this repo: https://github.com/splunk/splunk-app-examples (make sure to perform setup with make before running the specific example)
A specific example of retrieving a credential from the storage/passwords endpoint is right here: https://github.com/splunk/splunk-app-examples/blob/master/case_studies/weather_app_example/bin/weath...
To actually answer your question, I suspect that get_global_setting is not able to retrieve information stored via the storage/passwords endpoint
Hi @thellmann
Thanks for pointing me to that weather app example. Though using that method in the link you sent me using:
`secrets = search_command.service.storage_passwords`
Does not work and every time I try to run the above command I get that `search_command.service` returns a None type variable.
Diving deeper down into the code I track down that the `def service(self):` function in `splunklib/searchcommands/search_command.py` is returning None because no metadata can be found.
I am not sure how or why the metadata is not getting created correctly here?
Interesting... this is on the read of the password in the custom search command after it has been configured? Are you running the search from the context of the weather example, or from the search and reporting app?
One additional app that might help you debug issues with secret storage is REST storage/passwords Manager for Splunk. This app is a great example of how to work with the storage/passwords endpoint and is useful for troubleshooting permissions mismatches between apps.