Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Smartstore configuration : How to encrypt volume definitions and use bundle deployment?

emallinger
Communicator
‎03-07-2022 04:57 AM

Hello,
I would like to have confirmation of the best secure way to create smartstore volume (with access keys) : how will bundle validation behave if :?
- I declare volumes (with access_keys) in /opt/splunk/etc/apps/myvolumes/local/indexes.conf ON each indexers
- I push the indexes definitions (with those volumes) in /opt/splunk/etc/master-apps/myindexes/local/indexes.conf from the Cluster Master

Protocol would be : maintenance mode, stop every indexers, deploy new conf files via git (and finalize manually for the volume keys not to appear in git), validate bundle on the CM

=> Will it even work as there is no volume definition on the CM in /opt/splunk/etc/master-apps/myindexes/local/indexes.conf ?

There is something I do not understand : How am I supposed to secure (encrypt ?) the access keys in the cluster AND use the CM for bundle deployment ?

Thank you,

Ema

Labels (1)
Labels
Tags (3)
0 Karma
Reply

emallinger
Communicator
‎03-08-2022 09:08 AM

Yeah, that I did already : and the access-key transmitted in the bundle are still clear and not encrypted on the Cluster Master AND on all the indexers.

It's not very satisfactory to keep it that way.

Hence me asking for suggestions.

Ema

0 Karma
Reply

emallinger
Communicator
‎03-08-2022 07:37 AM

Hi again,

Is your sandbox clustered with a cluster master ?

Thanks,

Ema

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-08-2022 08:10 AM

My sandbox is not clustered, but that should not affect how the keys are stored.

You don't have to put all indexes in SmartStore so test it out with an index you create for that purpose.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-08-2022 05:26 AM

Unlike pass4SymmKey, S3 access and secret keys are not stored in encrypted form.  That means you can deploy they keys from the CM without concern for how they will be saved on the indexers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

emallinger
Communicator
‎03-08-2022 05:34 AM

Hello,

Seriously ?

Wow, that's weird...

Ema

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-08-2022 07:33 AM

Yes, I was serious, because the documentation says nothing about access keys being encrypted (unlike pass4SymmKey).

I took a look at one of my sandboxes, however, and see that remote.s3.access_key and remote.s3.secret_key are both encrypted.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...