Solved: EAI endpoint: admin/passwords ?

mw · ‎12-15-2010

I was poking around the Twitter app, and noticed that its setup.xml utilizes an admin/passwords endpoint to, I believe, store and retrieve twitter credentials:

From the setup.xml

    <block title="Add Twitter Account Info" endpoint="admin/passwords" entity="_new">
            <input field="name">
                    <label>Username</label>
                    <type>text</type>
            </input>
            <input field="password">
                    <label>Password</label>
                    <type>password</type>
            </input>
    </block>

From the scripted input:

def getCredentials(sessionKey):
   try:
      entities = entity.getEntities(['admin', 'passwords'], namespace='twitter', owner='nobody', sessionKey=sessionKey) 
   except Exception, e:
      sys.stderr.write("Could not get Twitter credentials from splunk. Error: %s" % (str(e)))
      exit(1)

   for i, c in entities.items(): 
        return c['username'], c['clear_password']

I'm quite intrigued. I could use this functionality, but I can't find any documentation on what it's actually doing or how to use it properly. In particular, I have a need to potentially store multiple sets of credentials, so I'd be curious whether that's possible. Where can I find some docs on this?

Ledion_Bitincka · ‎03-16-2011

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

View solution in original post

Ledion_Bitincka · ‎03-16-2011

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

EAI endpoint: admin/passwords ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation