Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is there an updated best practice guide for storing encrypted credentials when developing an app?

cschmidt_hurric
Path Finder
‎12-12-2016 08:42 AM

In an effort to meet the requirements needed for Splunk Cloud app vetting, I have been migrating my apps over to storing their credentials using Splunk's password storage endpoint. When looking at Splunk-developed apps that use encrypted credentials, I can't help but notice many if not all of them don't use a simple setup.xml page and instead have something on top doing intermediary work (usually Javascript or a custom endpoint). I know the guide I followed is fairly dated (close to 6 years old now!), so my question is: is there a more modern best practice for storing credentials?

Reply
1 Solution
Solved! Jump to solution
Solution

Simon
Contributor
‎12-15-2016 04:57 AM

From my point of view, the "Storage Passwords" endpoint and passwords.conf is still the state of the art to store credentials encrypted. Even the JS stack has been updated to provide APIs to work with. Even if it's quite old, it works quite well. By the way, there is no requirement to use setup.xml to manage the credentials as the API provides enough tools to manipulate the entries. Also, I think setup.xml isn't allowed anymore to get certified. A good resource to build custom setup pages is the Addon Builder app (https://splunkbase.splunk.com/app/2962/). Overall, the Dev Page has a lot information too regarding credential management: http://dev.splunk.com/view/javascript-sdk/SP-CAAAEJ8 (Section "Storage passwords").

HTH.

View solution in original post

Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎12-15-2016 06:56 AM

Check out the latest Palo Alto app (v5 I think). It uses a new credential encryption approach and has been cloud certified.

0 Karma
Reply
Solved! Jump to solution
Solution

Simon
Contributor
‎12-15-2016 04:57 AM

From my point of view, the "Storage Passwords" endpoint and passwords.conf is still the state of the art to store credentials encrypted. Even the JS stack has been updated to provide APIs to work with. Even if it's quite old, it works quite well. By the way, there is no requirement to use setup.xml to manage the credentials as the API provides enough tools to manipulate the entries. Also, I think setup.xml isn't allowed anymore to get certified. A good resource to build custom setup pages is the Addon Builder app (https://splunkbase.splunk.com/app/2962/). Overall, the Dev Page has a lot information too regarding credential management: http://dev.splunk.com/view/javascript-sdk/SP-CAAAEJ8 (Section "Storage passwords").

HTH.

Reply
Solved! Jump to solution

cschmidt_hurric
Path Finder
‎12-15-2016 06:09 AM

Thanks. This helped a lot.

0 Karma
Reply
Solved! Jump to solution

mrgibbon
Contributor
‎12-12-2016 02:35 PM

Im looking into this myself, and I stumbled upon this, it might give you another avenue to stroll down:
https://www.vaultproject.io/

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...