Security

Storing and using passwords in a Custom Alert Action

jack_burton
New Member

I've got a set of custom alert actions that when invoked, will fire off a python script that (among other things) makes a REST call out to a server that requires authentication.

As part of the design, I've defined a global configuration page (setup.xml) that will take in a username, and a secret value password. What I'd like to do is have that password stored securely, and then retrieved in my script, appended to the username, and base64'd to be included in the basic auth. header of my REST call.

What is the best practice for taking as a global input a password, storing those credentials, and then retrieving those credentials as part of a custom alert action? Thanks!

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

George Starcher has an excellent blog post on this subject. See http://www.georgestarcher.com/splunk-stored-encrypted-credentials/

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Tags (2)

richgalloway
SplunkTrust
SplunkTrust

George Starcher has an excellent blog post on this subject. See http://www.georgestarcher.com/splunk-stored-encrypted-credentials/

---
If this reply helps you, Karma would be appreciated.
Tags (2)

ttam_splunk
Splunk Employee
Splunk Employee

If the original link doesn't load, the Way Back Machine has an archive here https://web.archive.org/web/20210417061309/http://www.georgestarcher.com/splunk-stored-encrypted-cre...

0 Karma
Get Updates on the Splunk Community!

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...