Hi All,
I have this short bash script, and i want to encrypt the admin and changeme credentials, cause it is displayed on clear text.
#!/bin/bash
/opt/splunk/bin/splunk set minfreemb 1000 -auth admin:changeme
/opt/splunk/bin/splunk edit user test01 -force-change-pass true -auth admin:changeme
Is there any way to achieve this.
Hi
In my minds there is at least two options, cannot say if those are suitable for you.
r. Ismo
Hi
In my minds there is at least two options, cannot say if those are suitable for you.
r. Ismo
HI @isoutamo
Can the first option process this ?
/opt/splunk/bin/splunk add search-server https://<IPADDRESS>-auth admin:changeme -remoteUsername <ADMIN>-remotePassword <PASS>
It can handle the first part, but not the last --remotePassword.
I prefer to use ansible for those. Another way is store those to env variables as
read remotePass
<add pass here, then Ctlr+D>
splunk .... -remotePassword $remotePass
When you want to use any password on scripts you must have vault password somewhere which need to enter/get from files/<your method here> to used to decrypt the encrypted password from file.
I haven't try to use tokens with this kind of issues. Basically it could be possible to define token and then use curl (instead of traditional cli) for those tasks where it's suitable. That way you don't need to write that password as a clear text into bash files. Anyhow that token is there and anyone who get it can do anything what is allowed with it (that user).
This is one reason why I prefer ansible with vault from centralised ctrl node. Then I have only one place where I must restrict access and ensure that it's security level is enough high.
r. Ismo
Thanks @isoutamo
I manage to create a BASH script that will run ansible playbook for docker containers.
Bash script: - using "-e" to pass the parameters from the bash script to ansible playbook.
ansible-playbook splunk_docker_creation.yml -e docker_folder_path=${docker_folder_path} -e folder_to_find=${folder_to_find} -e splunk_mount_path=${splunk_mount_path} -e base_port=${port} -e splunk_container_port=${splunk_container_port} -e username=${username} --vault-password-file /somewhere/pass
Ansible Playbook - since i need to run a script for the docker i use this script
- name: Setting minfreemb to 1000
shell: docker exec --user root {{ dockercontainername }} bash -c '/opt/splunk/bin/splunk set minfreemb 1000 -auth admin:{{ SplunkDefaultAdminCredentials }}'
no_log: true
and as suggested i use ansible vault to secure the password with the no_log and put the key into a secured file.