So I've been looking at this blog post from 10 years ago:
https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html
But what is outlined there does not seem to work. I have the following setup.xml file:
<setup>
<block title="Specify a Proofpoint token to access logs" endpoint="storage/passwords" entity="_new">
<input field="prooftoken">
<label>Proofpoint token</label>
<type>password</type>
</input>
</block>
</setup>
Per the blog post my token should be stored in app.conf and that is simply not the case.
I have a UI rendered asking me to specify a token (per the .XML above) but upon hitting save, I see no evidence of retention in any .conf file.
Perhaps use a setup page instead https://dev.splunk.com/enterprise/tutorials/module_setuppages/summary/ ?
Just had the same problem. What the documentation does not say is that the field values have to be "username" and "password". One can't define their own