Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

EAI endpoint: admin/passwords ?

mw
Splunk Employee
Splunk Employee
‎12-15-2010 04:05 AM

I was poking around the Twitter app, and noticed that its setup.xml utilizes an admin/passwords endpoint to, I believe, store and retrieve twitter credentials:

From the setup.xml

    <block title="Add Twitter Account Info" endpoint="admin/passwords" entity="_new">
            <input field="name">
                    <label>Username</label>
                    <type>text</type>
            </input>
            <input field="password">
                    <label>Password</label>
                    <type>password</type>
            </input>
    </block>

From the scripted input:

def getCredentials(sessionKey):
   try:
      entities = entity.getEntities(['admin', 'passwords'], namespace='twitter', owner='nobody', sessionKey=sessionKey) 
   except Exception, e:
      sys.stderr.write("Could not get Twitter credentials from splunk. Error: %s" % (str(e)))
      exit(1)

   for i, c in entities.items(): 
        return c['username'], c['clear_password']

I'm quite intrigued. I could use this functionality, but I can't find any documentation on what it's actually doing or how to use it properly. In particular, I have a need to potentially store multiple sets of credentials, so I'd be curious whether that's possible. Where can I find some docs on this?

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-16-2011 02:45 AM

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

View solution in original post

Reply
Solved! Jump to solution
Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎03-16-2011 02:45 AM

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...