- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![jadengoho jadengoho](https://community.splunk.com/legacyfs/online/avatars/494035.jpg)
Hi All,
I have this short bash script, and i want to encrypt the admin and changeme credentials, cause it is displayed on clear text.
#!/bin/bash
/opt/splunk/bin/splunk set minfreemb 1000 -auth admin:changeme
/opt/splunk/bin/splunk edit user test01 -force-change-pass true -auth admin:changeme
Is there any way to achieve this.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
Hi
In my minds there is at least two options, cannot say if those are suitable for you.
- If possible login first into splunk and then run that script without user pass options. Just enter into cmd line "splunk login" then enter user + pass. Of course this needs that you can run this first part manually. After that there are login token under Splunk User until it expires.
- Use ansible with vault and there is an option no_log which prevent writing password to log files. https://docs.ansible.com/ansible/latest/reference_appendices/logging.html
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
Hi
In my minds there is at least two options, cannot say if those are suitable for you.
- If possible login first into splunk and then run that script without user pass options. Just enter into cmd line "splunk login" then enter user + pass. Of course this needs that you can run this first part manually. After that there are login token under Splunk User until it expires.
- Use ansible with vault and there is an option no_log which prevent writing password to log files. https://docs.ansible.com/ansible/latest/reference_appendices/logging.html
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![jadengoho jadengoho](https://community.splunk.com/legacyfs/online/avatars/494035.jpg)
HI @isoutamo
Can the first option process this ?
/opt/splunk/bin/splunk add search-server https://<IPADDRESS>-auth admin:changeme -remoteUsername <ADMIN>-remotePassword <PASS>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![SplunkTrust SplunkTrust](/html/@E48BE65924041B382F8C3220FF058B38/rank_icons/splunk-trust-16.png)
It can handle the first part, but not the last --remotePassword.
I prefer to use ansible for those. Another way is store those to env variables as
read remotePass
<add pass here, then Ctlr+D>
splunk .... -remotePassword $remotePass
When you want to use any password on scripts you must have vault password somewhere which need to enter/get from files/<your method here> to used to decrypt the encrypted password from file.
I haven't try to use tokens with this kind of issues. Basically it could be possible to define token and then use curl (instead of traditional cli) for those tasks where it's suitable. That way you don't need to write that password as a clear text into bash files. Anyhow that token is there and anyone who get it can do anything what is allowed with it (that user).
This is one reason why I prefer ansible with vault from centralised ctrl node. Then I have only one place where I must restrict access and ensure that it's security level is enough high.
r. Ismo
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
![jadengoho jadengoho](https://community.splunk.com/legacyfs/online/avatars/494035.jpg)
Thanks @isoutamo
I manage to create a BASH script that will run ansible playbook for docker containers.
Bash script: - using "-e" to pass the parameters from the bash script to ansible playbook.
ansible-playbook splunk_docker_creation.yml -e docker_folder_path=${docker_folder_path} -e folder_to_find=${folder_to_find} -e splunk_mount_path=${splunk_mount_path} -e base_port=${port} -e splunk_container_port=${splunk_container_port} -e username=${username} --vault-password-file /somewhere/pass
Ansible Playbook - since i need to run a script for the docker i use this script
- name: Setting minfreemb to 1000
shell: docker exec --user root {{ dockercontainername }} bash -c '/opt/splunk/bin/splunk set minfreemb 1000 -auth admin:{{ SplunkDefaultAdminCredentials }}'
no_log: true
and as suggested i use ansible vault to secure the password with the no_log and put the key into a secured file.
![](/skins/images/53C7C94B4DD15F7CACC6D77B9B4D55BF/responsive_peak/images/icon_anonymous_message.png)