Security

How to encrypt and decrypt values in my conf files

Path Finder

I want to encrypt some values in my conf files.

I have referred the example in the following documentation to modify the values. It works but I want some values to be encrypted, like passwords in app.conf or authentication.conf.

"Setup screen example using a custom endpoint"

mysetting.conf
[settingentity]
field_1 = password
field_2_boolean = 1
field_3 = 100

And when I use them, they can be decrypted. So they would have to be input only once.

New Member

I have this very same issue but with multiple sets of username and passwords in a single app. The specific use case is that the scripted input invokes three HTTPS endpoints each with its own set of credentials. In addition, each endpoint has custom fields that it uses to configure the connection to the respective endpoint. Any idea how this can be achieved?

0 Karma

Path Finder

The correct way to get the sessionKey off of stdin is the following:

sessionKey = urllib.unquote( sys.stdin.readline().strip()[ len("sessionKey="):] ).decode('utf8')

Many thanks to George Starcher for the solution above (for versions > 6.1)

SPLUNK DOC FOLKS - Neither George, nor I were able to find this tidbit from the splunk docs.

0 Karma

SplunkTrust
SplunkTrust

No problem.

Path Finder

George - do you have any ideas on how to store and retrieve encrypted parameters without requiring the user to have 'admin_all_objects' capability??

0 Karma

SplunkTrust
SplunkTrust

@robertlight, you should check out this blog post: http://www.georgestarcher.com/splunk-alert-scripts-automating-control/

It covers how to use encrypted credentials in scripted inputs.

Path Finder

sessionKey is given to scripts (via stdin) when they are called from splunk alerts as they are fired.

I still don't see how I can decrypt something like auth_password from alert_actions.conf

Has anyone figured this out?

0 Karma

Path Finder

Here's how I did it:

sessionKey = cherrypy.session['sessionKey']
ent = entity.getEntity('admin/alert_actions', 'email', namespace='myApp', owner='admin', sessionKey=sessionKey)

0 Karma

Path Finder

I have tried the following WITHOUT success:

sessionKey = sys.stdin.readline()
 sessionKey = sessionKey[len("sessionKey="):]

ent = entity.getEntity('admin/alert_actions', 'email',namespace='myAppName', owner='nobody', sessionKey=sessionKey)
if 'auth_username' in ent and 'clear_password' in ent:
   print("auth_username="+ent["auth_username"]+"   clear_password="+ent["clear_password"])
else:
   print("entity info not found!!")
0 Karma

Path Finder

Jason,
Thank for your post!
DB Connect is a nice app! I have tried it. But I would like a lighter one. I'm now thinking of using custom scripts or third-part library for the purpose as you said.
I really appreciate your comments!

0 Karma

Motivator

This would be useful for custom scripts where you need to store a password. The Splunk DB Connect app (http://splunk-base.splunk.com/apps/50803/splunk-db-connect) has automatic encrypting passwords, but perhaps because this app was integrated into Splunk's password encryption routine.

0 Karma