Security

How to retrieve password from storage/passwords endpoint?

vaibhavagg2006
Communicator

Hi Experts
I am trying to retrieve the password which is stored in passwords.conf but it is returning blank. Below is the code which is being triggered by an alert. The alert is setup using the admin account. I have not set any realm while taking input from users in the setup page.

# Modify to fit your environment
CREDENTIAL_USER="user123"
# Set realm if entered with password
CREDENTIAL_REALM=""
# Update App Name
APP="app123"
# Search needs to be owned by someone with admin rights to access passwords
ALERT_OWNER="admin"
# Splunk Host
SPLUNK_HOST="localhost"

# Splunk Python
SPLUNK_PYTHON="$SPLUNK_HOME/bin/splunk cmd python"
# Read sessionKey from STDIN
read sessionKey
key=`echo $sessionKey | sed s/sessionKey=//g`
decoded_key=`$SPLUNK_PYTHON -c "import sys, urllib as ul; print ul.unquote_plus('$key')"`

clear_password=`curl -s -k -H "Authorization: Splunk $decoded_key" https://$SPLUNK_HOST:8089/servicesNS/$ALERT_OWNER/$APP/storage/passwords/$CREDENTIAL_REALM:$CREDENTI... | grep clear_password | sed -re 's/^\s+<s:.*?>(.*?)<.*?>$/\1/g'`

The passwords.conf is below

[credential::user123:]
password = $1$7EScd0o=

Any inputs on this are appreciated.

0 Karma

starcher
SplunkTrust
SplunkTrust
0 Karma

vaibhavagg2006
Communicator

I want to call the storage endpoint to get the clear password for a service now user and use that password. The script is being called by an alert. Which section from the blog can be used?

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.