Setting SSL password in inputs.conf but does not g...

pyro_wood · ‎07-22-2016

Hi fellow splunkers,

I recently noticed a configuration error. I wrongly distributed the "[SSL] password= "via cluster-bundle to the indexers.
The problem as you might know is that the password gets not encrypted when it's on the indexers. And there is an even bigger problem to this, about duplicated apps.

Anyway...
I now tried to correct this fault, by deleting the "password = " entry in the .../etc/masterapps/cluster/local/ on the master and distributed these settings to the indexer-cluster.
Then I went onto every indexer manually and added the [SSL] Stanza and "password= " entry to the .../etc/system/local/inputs.conf. After that I restarted splunkd on all of them.

Sadly this didn't encrypt the password. What could be wrong?

Thank you for your suggestions!
Best regards,
pyro_wood

jkat54 · ‎07-22-2016

According to this:
http://docs.splunk.com/Documentation/Splunk/6.2.3/Security/Deploysecurepasswordsacrossmultipleserver...

It only encrypts the password in inputs.conf & outputs.conf if its found in a splunktcp-ssl stanza.

mckeon · ‎06-23-2017

password should be sslPassword, I believe.

mattlucas719 · ‎04-23-2019

the indexer is encrypting this inside it's /opt/splunk/etc/apps/directory as a copy of the app, it doesn't write it to the bundle directory found in slave-apps

Setting SSL password in inputs.conf but does not get encrypted after restart

Re: Setting SSL password in inputs.conf but does not get encrypted after restart

Re: Setting SSL password in inputs.conf but does not get encrypted after restart

Re: Setting SSL password in inputs.conf but does not get encrypted after restart