Re: Storing encrypted credentials and retrieving t...

Betelgeuse · ‎06-08-2021

So I've been looking at this blog post from 10 years ago:

https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html

But what is outlined there does not seem to work. I have the following setup.xml file:

<setup>
<block title="Specify a Proofpoint token to access logs" endpoint="storage/passwords" entity="_new">
<input field="prooftoken">
<label>Proofpoint token</label>
<type>password</type>
</input>
</block>
</setup>

Per the blog post my token should be stored in app.conf and that is simply not the case.

I have a UI rendered asking me to specify a token (per the .XML above) but upon hitting save, I see no evidence of retention in any .conf file.

gjanders · ‎11-17-2021

Perhaps use a setup page instead https://dev.splunk.com/enterprise/tutorials/module_setuppages/summary/ ?

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

Brainizer · ‎11-15-2021

Just had the same problem. What the documentation does not say is that the field values have to be "username" and "password". One can't define their own

Storing encrypted credentials and retrieving them

encryption

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation