In an effort to meet the requirements needed for Splunk Cloud app vetting, I have been migrating my apps over to storing their credentials using Splunk's password storage endpoint. When looking at Splunk-developed apps that use encrypted credentials, I can't help but notice many if not all of them don't use a simple setup.xml page and instead have something on top doing intermediary work (usually Javascript or a custom endpoint). I know the guide I followed is fairly dated (close to 6 years old now!), so my question is: is there a more modern best practice for storing credentials?
From my point of view, the "Storage Passwords" endpoint and passwords.conf is still the state of the art to store credentials encrypted. Even the JS stack has been updated to provide APIs to work with. Even if it's quite old, it works quite well. By the way, there is no requirement to use setup.xml to manage the credentials as the API provides enough tools to manipulate the entries. Also, I think setup.xml isn't allowed anymore to get certified. A good resource to build custom setup pages is the Addon Builder app (https://splunkbase.splunk.com/app/2962/). Overall, the Dev Page has a lot information too regarding credential management: http://dev.splunk.com/view/javascript-sdk/SP-CAAAEJ8 (Section "Storage passwords").
HTH.
Check out the latest Palo Alto app (v5 I think). It uses a new credential encryption approach and has been cloud certified.
From my point of view, the "Storage Passwords" endpoint and passwords.conf is still the state of the art to store credentials encrypted. Even the JS stack has been updated to provide APIs to work with. Even if it's quite old, it works quite well. By the way, there is no requirement to use setup.xml to manage the credentials as the API provides enough tools to manipulate the entries. Also, I think setup.xml isn't allowed anymore to get certified. A good resource to build custom setup pages is the Addon Builder app (https://splunkbase.splunk.com/app/2962/). Overall, the Dev Page has a lot information too regarding credential management: http://dev.splunk.com/view/javascript-sdk/SP-CAAAEJ8 (Section "Storage passwords").
HTH.
Thanks. This helped a lot.
Im looking into this myself, and I stumbled upon this, it might give you another avenue to stroll down:
https://www.vaultproject.io/