Security

How do I safely store passwords in my splunk app?

dnguyen_splunk
Splunk Employee
Splunk Employee

App Inspect returns a manual check that declares "Check that no plain text authorization credentials are stored in the app"

Tags (1)
1 Solution

nit123
Path Finder

It is recommended to store passwords in your splunk app as encrypted. Saving plain text password in properties.conf is a very bad idea and may be exploited by the bad guy.

Splunk provides a REST endpoint for securely storing credentials. More information is here: http://blogs.splunk.com/2011/03/15/storing-encrypted-credentials/

Follow the steps and secure your app in the Splunk way. It could also get decrypted password from Splunk using getEntities and appropriate calls. Once you save the credentials from the setup page of your app, you will find an encrypted password in passwords.conf property file .

If above answer solves your problem or helps you take decisions better, feel free to award points on the button below.

View solution in original post

thellmann
Splunk Employee
Splunk Employee

We have added official documentation on this topic to dev.splunk.com: https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtoworkwith...

0 Karma

starcher
SplunkTrust
SplunkTrust

Here is additional more up to date information on the encrypted storage with code samples.
http://www.georgestarcher.com/splunk-stored-encrypted-credentials/

0 Karma

nit123
Path Finder

It is recommended to store passwords in your splunk app as encrypted. Saving plain text password in properties.conf is a very bad idea and may be exploited by the bad guy.

Splunk provides a REST endpoint for securely storing credentials. More information is here: http://blogs.splunk.com/2011/03/15/storing-encrypted-credentials/

Follow the steps and secure your app in the Splunk way. It could also get decrypted password from Splunk using getEntities and appropriate calls. Once you save the credentials from the setup page of your app, you will find an encrypted password in passwords.conf property file .

If above answer solves your problem or helps you take decisions better, feel free to award points on the button below.

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...