Getting Data In
Highlighted

Setting SSL password in inputs.conf but does not get encrypted after restart

SplunkTrust
SplunkTrust

Hi fellow splunkers,

I recently noticed a configuration error. I wrongly distributed the "[SSL] password= "via cluster-bundle to the indexers.
The problem as you might know is that the password gets not encrypted when it's on the indexers. And there is an even bigger problem to this, about duplicated apps.

Anyway...
I now tried to correct this fault, by deleting the "password = " entry in the .../etc/masterapps/cluster/local/ on the master and distributed these settings to the indexer-cluster.
Then I went onto every indexer manually and added the [SSL] Stanza and "password= " entry to the .../etc/system/local/inputs.conf. After that I restarted splunkd on all of them.


Sadly this didn't encrypt the password. What could be wrong?

Thank you for your suggestions!
Best regards,
pyro_wood

0 Karma
Highlighted

Re: Setting SSL password in inputs.conf but does not get encrypted after restart

SplunkTrust
SplunkTrust

According to this:
http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/Deploysecurepasswordsacrossmultipleserver...

It only encrypts the password in inputs.conf & outputs.conf if its found in a splunktcp-ssl stanza.

0 Karma
Highlighted

Re: Setting SSL password in inputs.conf but does not get encrypted after restart

Explorer

password should be sslPassword, I believe.

0 Karma
Highlighted

Re: Setting SSL password in inputs.conf but does not get encrypted after restart

Explorer

the indexer is encrypting this inside it's /opt/splunk/etc/apps/directory as a copy of the app, it doesn't write it to the bundle directory found in slave-apps

0 Karma