Security

How to encrypt and decrypt values in my conf files

lzhang_soliton
Path Finder

I want to encrypt some values in my conf files.

I have referred the example in the following documentation to modify the values. It works but I want some values to be encrypted, like passwords in app.conf or authentication.conf.

"Setup screen example using a custom endpoint"

mysetting.conf
[settingentity]
field_1 = password
field_2_boolean = 1
field_3 = 100

And when I use them, they can be decrypted. So they would have to be input only once.

sureshks
New Member

I have this very same issue but with multiple sets of username and passwords in a single app. The specific use case is that the scripted input invokes three HTTPS endpoints each with its own set of credentials. In addition, each endpoint has custom fields that it uses to configure the connection to the respective endpoint. Any idea how this can be achieved?

0 Karma

robertlight
Path Finder

The correct way to get the sessionKey off of stdin is the following:

sessionKey = urllib.unquote( sys.stdin.readline().strip()[ len("sessionKey="):] ).decode('utf8')

Many thanks to George Starcher for the solution above (for versions > 6.1)

SPLUNK DOC FOLKS - Neither George, nor I were able to find this tidbit from the splunk docs.

0 Karma

starcher
SplunkTrust
SplunkTrust

No problem.

robertlight
Path Finder

George - do you have any ideas on how to store and retrieve encrypted parameters without requiring the user to have 'admin_all_objects' capability??

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

@robertlight, you should check out this blog post: http://www.georgestarcher.com/splunk-alert-scripts-automating-control/

It covers how to use encrypted credentials in scripted inputs.

robertlight
Path Finder

sessionKey is given to scripts (via stdin) when they are called from splunk alerts as they are fired.

I still don't see how I can decrypt something like auth_password from alert_actions.conf

Has anyone figured this out?

0 Karma

robertlight
Path Finder

Here's how I did it:

sessionKey = cherrypy.session['sessionKey']
ent = entity.getEntity('admin/alert_actions', 'email', namespace='myApp', owner='admin', sessionKey=sessionKey)

0 Karma

robertlight
Path Finder

I have tried the following WITHOUT success:

sessionKey = sys.stdin.readline()
 sessionKey = sessionKey[len("sessionKey="):]

ent = entity.getEntity('admin/alert_actions', 'email',namespace='myAppName', owner='nobody', sessionKey=sessionKey)
if 'auth_username' in ent and 'clear_password' in ent:
   print("auth_username="+ent["auth_username"]+"   clear_password="+ent["clear_password"])
else:
   print("entity info not found!!")
0 Karma

lzhang_soliton
Path Finder

Jason,
Thank for your post!
DB Connect is a nice app! I have tried it. But I would like a lighter one. I'm now thinking of using custom scripts or third-part library for the purpose as you said.
I really appreciate your comments!

0 Karma

Jason
Motivator

This would be useful for custom scripts where you need to store a password. The Splunk DB Connect app (http://splunk-base.splunk.com/apps/50803/splunk-db-connect) has automatic encrypting passwords, but perhaps because this app was integrated into Splunk's password encryption routine.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...