Getting Data In

How to access encrypted credentials (API: storage/passwords) from modular input script

Communicator

I am writing a modular input Python script, and need to access encrypted credentials.
How to do it?

If I have a cherrypy sessionkey (and other API data), I could do an REST API request.
I tried to understand how it was done in DBConnect app, but I didn't get the idea.

1 Solution

Ultra Champion

The REST session key is passed to the Mod Input runtime at invocation via STDIN in an XML document in the session_key element :

alt text

Have a look at this code to see how I obtained the session key and used it to do a rest callback (Just search the source for "session_key" and follow the logic).

View solution in original post

Ultra Champion

The REST session key is passed to the Mod Input runtime at invocation via STDIN in an XML document in the session_key element :

alt text

Have a look at this code to see how I obtained the session key and used it to do a rest callback (Just search the source for "session_key" and follow the logic).

View solution in original post

Contributor

Damien -

two follow up questions to this...

  1. how do you encrypt the credentials in the first place (using python)?

i've got password (among other vars) stored in a local/input.conf in the clear which i'd like to encrypt using splunk's server key. i have my .xml setup page, custom input.conf.spec written, and modular input script all working - just need to encrypt the password now.

  1. how do i force the "inputs.conf" to be written into my local app once created in modular inputs instead of going to the default search/local directory?
0 Karma

Ultra Champion

Regarding the inputs.conf directory...ensure that you browse to the "Data Inputs" page within the context of your target app , and not the search app.

ie:

http://localhost:8000/en-US/manager/YOURAPPNAME/datainputstats

Motivator
  1. You can use setup.xml w/input field type "password" to have Splunk do the encryption (see this old example).

Note that this technique does not work across systems, as the splunk server key is unique per system. So, in a SHC for example, this might be a problem. Otherwise, you could use Python or whatever to do the encryption using another technique, but then you have to do more work yourself.

0 Karma

Contributor

thanks hal. is it possible to combine this approach with modular inputs however?

i am using inputs.conf.spec and modinput.xml to control setup and config values, rather than the setup.xml you mentioned.

http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ModInputsSpec

i have the following in my modinput.xml:

<element name="password" type="password" label="Password">
  <view name="edit"/>
  <view name="create"/>
  <key name="exampleText">Password of the account to authenticate with (i.e. 'Abc123!').  This gets obfuscated using the built-in Splunk auth facilities. No Defaults.</key>
</element>

can i make it work with the modular inputs config approach??

0 Karma

Ultra Champion

Currently you would need to write some custom code in the Modular Input to access the stored credentials as per the link Hal posted as the encryption/decryption of password fields is not handled within the Modular Inputs framework currently (but it would be a nice feature to have)

Contributor

hey @Damien Dallimore - similar question.. but this time for a django-based app. anyway we can easily save credentials in encrypted if using django?

the following example discussed masking the passwords to the end-user for display, but does not encrypt in-file.

http://dev.splunk.com/view/webframework-djangobindings/SP-CAAAETW

0 Karma