Security

Safely storing credentials inside Splunk apps

Splunk Employee
Splunk Employee

I'm writing an app that uses a Python scripted input to pump event data from some external server to Splunk. That server requires authorization prior to granting access to the data. Presumably the script would have to read the login and password from some file.

Are there any best practices for securing this information?

1 Solution

Splunk Employee
Splunk Employee

On what platform is the target server requiring authentication? Who has what access on the calling system? You can statically define an encoded ID & Password in the script (which is easily decoded by anyone who can view the script). Alternatively, you might place the ID & Password in a separate file and prevent access to it by those not running the script via local security. Depending on your setup, you may also be able to leverage a certificate based authentication avoiding some of the pitfalls with the first two solutions. Would you be able to do a push from the remote system instead of a pull?

View solution in original post

Splunk Employee
Splunk Employee

On what platform is the target server requiring authentication? Who has what access on the calling system? You can statically define an encoded ID & Password in the script (which is easily decoded by anyone who can view the script). Alternatively, you might place the ID & Password in a separate file and prevent access to it by those not running the script via local security. Depending on your setup, you may also be able to leverage a certificate based authentication avoiding some of the pitfalls with the first two solutions. Would you be able to do a push from the remote system instead of a pull?

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!