Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Setting SSL password in inputs.conf but does not get encrypted after restart

horsefez
Motivator
‎07-22-2016 04:06 AM

Hi fellow splunkers,

I recently noticed a configuration error. I wrongly distributed the "[SSL] password= "via cluster-bundle to the indexers.
The problem as you might know is that the password gets not encrypted when it's on the indexers. And there is an even bigger problem to this, about duplicated apps.

Anyway...
I now tried to correct this fault, by deleting the "password = " entry in the .../etc/master_apps/_cluster/local/ on the master and distributed these settings to the indexer-cluster.
Then I went onto every indexer manually and added the [SSL] Stanza and "password= " entry to the .../etc/system/local/inputs.conf. After that I restarted splunkd on all of them.

Sadly this didn't encrypt the password. What could be wrong?

Thank you for your suggestions!
Best regards,
pyro_wood

0 Karma
Reply

mattlucas719
Explorer
‎04-23-2019 10:41 AM

the indexer is encrypting this inside it's /opt/splunk/etc/apps/directory as a copy of the app, it doesn't write it to the bundle directory found in slave-apps

0 Karma
Reply

mckeon
Explorer
‎06-23-2017 11:02 AM

password should be sslPassword, I believe.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎07-22-2016 07:25 AM

According to this:
http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/Deploysecurepasswordsacrossmultipleserver...

It only encrypts the password in inputs.conf & outputs.conf if its found in a splunktcp-ssl stanza.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...