Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to encrypt password in app outputs.conf?

karlbosanquet
Path Finder
‎10-28-2015 06:35 AM

I am deploying Indexer Cluster settings in an app to multiple Universal Forwarders via the Deployment Server. The issue I have is that they require the Indexer Cluster password to be sent in the /local/outputs.conf file.

App deployment works fine and a new outputs.conf is created on the Universal Forwarder under $SPLUNK_HOME/etc/system/local with the required stanza and encrypted password.

The issue is that the password exists in clear text in 2 places;

Deployment Server - $SPLUNK_HOME/etc/deployment_apps/app_name/local/outputs.conf

Universal Forwarder - $SPLUNK_HOME/etc/apps/app_name/local/outputs.conf

Is there a way for the password to be encrypted at all locations?

Reply

Richfez
SplunkTrust
SplunkTrust
‎02-06-2017 04:26 PM

This problem seems to be known. Read this section on the docs and it mentions this specifically. It also gives a sort of workaround, too:

Warning: If you configure inputs.conf or outputs.conf in an app directory, the password is NOT encrypted and the clear-text value remains in the file. For this reason, you may prefer to create different certificates (signed by the same root CA) to use when configuring SSL in app directories.

By adding this answer the question will pop up to the top of the stack, so maybe someone else will have a better answer.

Reply

karlbosanquet
Path Finder
‎02-07-2017 01:01 PM

My current solution is a script which pushes the pass4SymmKey password out to Universal Forwarders, then I deploy an empty app from the Deployment Server called 'restart' with the restart services flag checked which restarts the UF service on all of the UFs, which hashes the password.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...