Puppet'ising configuration files but stuck on password hashes.

New Member

I am trying to have Puppet automate the deployment of Splunk in my environment(s), however I do not know the password hashing algorithm Splunk uses (as of Splunk Enterprise v6.2.2) to dynamically add hashes directly to configuration files.

Does anyone know the algorithm?

I've tried using openssl and guessing the hash, e.g. SHA1/256/512, MD5, but the output is not the same since the strings are alphanumeric whereas the hashes in the Splunk configuration files are a mix of alpha and non-alphanumeric characters.

0 Karma

Splunk Employee
Splunk Employee

One of the method to resolve the issue is to get the password hashed the same way on each instance.
To achieve this, you need to unify your splunk.secret key (in $SPLUNK_HOME/etc/auth/splunk.secret. )

Then when you prepare your config on a separate server that has the same splunk.secret , you restart splunk to apply them, and get the password encrypted in the local folders. Then you can push this pre-hashed file that all the other servers will be able to read.


Preferably before you start splunk the first time.
Or if you do change it afterward, you will have to clear some files to have them being rehashed.
in $SPLUNK_HOME/etc/passwd $SPLUNK_HOME/etc/system/local/server.conf
and optionally authentication.conf, outputs.conf, inputs.conf, and other special apps passwords fields.

0 Karma

New Member

i'm having this same issue. anyone from splunk know?

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>