Hi Everyone,
I have enabled token based authentication and created few tokens. I can see them in UI but wanted to know where in backend it is stored. I mean which conf file.
Hi @rishav
There is no doc showing where these tokens have been stored. They can only be created through web and Rest API. One of the pre-requisite is to having the kvstore enabled for tokens to work. I am guessing they might get stored there for security reasons. I have asked a question to Splunk docs feedback section hope they get back. Hope this helps!
---
An upvote would be appreciated if this reply helps!
Hello @venkatasri,
Have you received any feedback from the Splunk docs team?
We are also looking for the location of authorisation tokens as we need to delete one token for a non-existent user
Greetings,
Justyna
Hi
one way to try to find where it's stored it use find like this
find $SPLUNK_HOME \( -path $SPLUNK_HOME/var/log -o -path $SPLUNK_HOME/var/run/splunk/dispatch -o -path $SPLUNK_HOME/var/lib/splunk/\*/\*db\* -o -path $SPLUNK_HOME/var/lib/splunk/fishbucket \) -prune -o -type f \( -ctime -1m -o -mtime -1m \) -ls
Modify -1m what ever time you need to look, when you thing that token has created. It's told how many minutes backward it is looking when file have created or modified.
r. Ismo