I faced a challenge and tried many things to work around for saving 2 passwords in the password.conf at the same time using the setup.xml.
Setup.xml code:
<setup>
<block title="Credentials" endpoint="storage/passwords" entity="_new">
<text> Leave username/password blank, if you have already set it up.</text>
<input field="realm">
<label>Role</label>
<type>text</type>
</input>
<input field="name">
<label>Username</label>
<type>text</type>
</input>
<input field="password">
<label>Password</label>
<type>password</type>
</input>
</block>
<block title="Client Certificate" endpoint="myapp/myapp_configure" entity="setupentity">
<input field="use_ca">
<label>Use a Client certificate for authentication</label>
<type>bool</type>
</input>
<input field="ca_path">
<label>Path to client CA certificate </label>
<type>text</type>
</input>
<input field="ca_key">
<label>Path to client CA certificate key </label>
<type>text</type>
</input>
</block>
<block title="Client Certificate Passphrase" endpoint="storage/passwords" entity="_new">
<input field="ca_pass">
<label>Passphrase for client CA certificate</label>
<type>password</type>
</input>
</block>
</setup>
The Passphrase is not saved.
P.S. I have created the python handler, default/myapp.conf with all the fields. The restmap.conf also has endpoint="myapp/myapp_configure". The Credentials are saved with Role/realm.
I got an answer for this problem using the import splunklib.client as client
in the <app>_splunk_setup_handler.py
script.
I'm saving the password in my app/local/password.conf
and retrieving it using the splunk session and service.storage_passwords
.
Created these 2 type of methods:
'''Get clear password'''
def get_password(session_key, username, realm):
args = {'token': session_key, 'app': "my_app"}
service = client.connect(**args)
try:
# Retrieve the password from the storage/passwords endpoint
for storage_password in service.storage_passwords:
if storage_password.username == username and storage_password.realm == realm:
return storage_password.content.clear_password
except Exception, e:
raise Exception, "An error occurred while decrypting credentials. Details: %s" % str(e)
'''Encripting the password'''
def encrypt_password(service, ca_pass, username, realm):
try:
# If the credential already exists, delete it.
for storage_password in service.storage_passwords:
if storage_password.username == username and storage_password.realm == realm:
service.storage_passwords.delete(username, realm)
# Create the credential.
password = service.storage_passwords.create(ca_pass, username, realm)
return password.encrypted_password
except Exception, e:
raise Exception, "An error occurred while encrypting credentials. Details: %s" % str(e)
I would recommend using the Splunk add on builder. It provides UI etc for handling credentials and whatever inputs or alerts you are making.
Thanks, @starcher for your input. I'm looking for a code level solution.