Security

What password encryption scheme does DB Connect App uses for encrypting database passwords?

rsimmons
Splunk Employee
Splunk Employee

What password encryption scheme does DB Connect App uses for encrypting database passwords?

Labels (1)
Tags (1)
1 Solution

rsimmons
Splunk Employee
Splunk Employee

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123 

View solution in original post

datasearchninja
Communicator

For dbx v2/v3:

 $ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
0 Karma

aleoliva
Engager

Previous command is for decrypting but question was about encrypting.

  • Encrypting:
    $ echo 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e

  • Decrypting:
    $ echo 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

HansWurscht
Path Finder

When using long passwords, you may have to use -A with openssl.
So for us it was:

  • Encrypting:

    $ echo -n 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e -A

  • Decrypting:

    $ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

0 Karma

appidi_123
New Member

Hello Hans,

I tried the below as suggested to decrypt the password, but i am getting errors are Invalid password argument and Error getting password, i am confused with -pass file argument, i am passing it as -pass /opt/splunk/etc/auth/splunk.secret, please suggest

$ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

0 Karma

nadcohen
Engager

Hello the ser reading this,

if you get "bad decrypt"

try

echo 'U2FsdGVkX1/8/PnefMMBHA8f/IavzfMuBDyTjjNlZtg=' | base64 --decode | /opt/splunk/bin/splunk cmd openssl aes-256-cbc -d -pass file:/opt/splunk/etc/apps/splunk_app_db_connect/certs/identity.dat

the version of the openssl should be the one Splunk uses, otherwise you might get "bad decrypt"

WurschtHans
Engager

Thank YOU!!!

That worked after hours of searching!

0 Karma

frankfowler
Explorer

that is for version 1 of dbConnect - what about version 2 ?

0 Karma

rsimmons
Splunk Employee
Splunk Employee

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123 

gschmitz
Path Finder

I just wondered as well how you would decrypt Dbx2 passwords. Maybe you can update your answer?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...