Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Save more than one password using setup.xml OR "storage/passwords"

pbankar
Path Finder
‎04-16-2018 09:11 PM

I faced a challenge and tried many things to work around for saving 2 passwords in the password.conf at the same time using the setup.xml.

  1. Is the Credential
  2. Is the Client Certificate Passphrase

Setup.xml code: 

 <setup>
        <block title="Credentials" endpoint="storage/passwords" entity="_new">
            <text> Leave username/password blank, if you have already set it up.</text>
            <input field="realm"> 
                <label>Role</label> 
                <type>text</type> 
            </input> 
            <input field="name">
                <label>Username</label>
                <type>text</type>
            </input>

            <input field="password">
                <label>Password</label>
                <type>password</type>
            </input>        
        </block>

        <block title="Client Certificate" endpoint="myapp/myapp_configure" entity="setupentity">
            <input field="use_ca">
                <label>Use a Client certificate for authentication</label>
                <type>bool</type>
            </input>

            <input field="ca_path">
                <label>Path to client CA certificate </label>
                <type>text</type>
            </input>
            <input field="ca_key">
                <label>Path to client CA certificate key </label>
                <type>text</type>
            </input>        
        </block>

        <block title="Client Certificate Passphrase" endpoint="storage/passwords" entity="_new">        
            <input field="ca_pass">
                <label>Passphrase for client CA certificate</label>
                <type>password</type>
            </input>
        </block>
    </setup>

The Passphrase is not saved.
P.S. I have created the python handler, default/myapp.conf with all the fields. The restmap.conf also has endpoint="myapp/myapp_configure". The Credentials are saved with Role/realm.

0 Karma
Reply

pbankar
Path Finder
‎05-13-2018 10:24 PM

I got an answer for this problem using the import splunklib.client as client in the <app>_splunk_setup_handler.py script.
I'm saving the password in my app/local/password.conf and retrieving it using the splunk session and service.storage_passwords.

Created these 2 type of methods:

'''Get clear password'''
def get_password(session_key, username, realm):
    args = {'token': session_key, 'app': "my_app"}
    service = client.connect(**args)
    try:
        # Retrieve the password from the storage/passwords endpoint
        for storage_password in service.storage_passwords:
            if storage_password.username == username and storage_password.realm == realm:
                return storage_password.content.clear_password
    except Exception, e:
        raise Exception, "An error occurred while decrypting credentials. Details: %s" % str(e)

'''Encripting the password'''
def encrypt_password(service, ca_pass, username, realm):
    try:
        # If the credential already exists, delete it.
        for storage_password in service.storage_passwords:
            if storage_password.username == username and storage_password.realm == realm:
                service.storage_passwords.delete(username, realm)
        # Create the credential.
        password = service.storage_passwords.create(ca_pass, username, realm)
        return password.encrypted_password
    except Exception, e:
        raise Exception, "An error occurred while encrypting credentials. Details: %s" % str(e)
Reply

starcher
Influencer
‎04-17-2018 07:51 PM

I would recommend using the Splunk add on builder. It provides UI etc for handling credentials and whatever inputs or alerts you are making.

Reply

pbankar
Path Finder
‎04-17-2018 11:22 PM

Thanks, @starcher for your input. I'm looking for a code level solution.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...