I am writing a modular input Python script, and need to access encrypted credentials.
How to do it?
If I have a cherrypy sessionkey (and other API data), I could do an REST API request.
I tried to understand how it was done in DBConnect app, but I didn't get the idea.
The REST session key is passed to the Mod Input runtime at invocation via STDIN in an XML document in the session_key element :
Have a look at this code to see how I obtained the session key and used it to do a rest callback (Just search the source for "session_key" and follow the logic).
The REST session key is passed to the Mod Input runtime at invocation via STDIN in an XML document in the session_key element :
Have a look at this code to see how I obtained the session key and used it to do a rest callback (Just search the source for "session_key" and follow the logic).
Damien -
two follow up questions to this...
i've got password (among other vars) stored in a local/input.conf in the clear which i'd like to encrypt using splunk's server key. i have my .xml setup page, custom input.conf.spec written, and modular input script all working - just need to encrypt the password now.
Regarding the inputs.conf directory...ensure that you browse to the "Data Inputs" page within the context of your target app , and not the search app.
ie:
http://localhost:8000/en-US/manager/YOURAPPNAME/datainputstats
Note that this technique does not work across systems, as the splunk server key is unique per system. So, in a SHC for example, this might be a problem. Otherwise, you could use Python or whatever to do the encryption using another technique, but then you have to do more work yourself.
thanks hal. is it possible to combine this approach with modular inputs however?
i am using inputs.conf.spec and modinput.xml to control setup and config values, rather than the setup.xml you mentioned.
http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ModInputsSpec
i have the following in my modinput.xml:
<element name="password" type="password" label="Password">
<view name="edit"/>
<view name="create"/>
<key name="exampleText">Password of the account to authenticate with (i.e. 'Abc123!'). This gets obfuscated using the built-in Splunk auth facilities. No Defaults.</key>
</element>
can i make it work with the modular inputs config approach??
Currently you would need to write some custom code in the Modular Input to access the stored credentials as per the link Hal posted as the encryption/decryption of password fields is not handled within the Modular Inputs framework currently (but it would be a nice feature to have)
hey @Damien Dallimore - similar question.. but this time for a django-based app. anyway we can easily save credentials in encrypted if using django?
the following example discussed masking the passwords to the end-user for display, but does not encrypt in-file.
http://dev.splunk.com/view/webframework-djangobindings/SP-CAAAETW