Solved: Re: DB Connect App Encryption

rsimmons · ‎08-27-2013

What password encryption scheme does DB Connect App uses for encrypting database passwords?

rsimmons · ‎08-27-2013

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123

View solution in original post

datasearchninja · ‎05-10-2018

For dbx v2/v3:

 $ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

aleoliva · ‎07-27-2018

Previous command is for decrypting but question was about encrypting.

Encrypting:
$ echo 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e
Decrypting:
$ echo 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

HansWurscht · ‎03-25-2020

When using long passwords, you may have to use -A with openssl.
So for us it was:

Encrypting:

$ echo -n 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e -A
Decrypting:

$ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

appidi_123 · ‎06-10-2022

Hello Hans,

I tried the below as suggested to decrypt the password, but i am getting errors are Invalid password argument and Error getting password, i am confused with -pass file argument, i am passing it as -pass /opt/splunk/etc/auth/splunk.secret, please suggest

$ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

nadcohen · ‎06-13-2022

Hello the ser reading this,

if you get "bad decrypt"

try

echo 'U2FsdGVkX1/8/PnefMMBHA8f/IavzfMuBDyTjjNlZtg=' | base64 --decode | /opt/splunk/bin/splunk cmd openssl aes-256-cbc -d -pass file:/opt/splunk/etc/apps/splunk_app_db_connect/certs/identity.dat

the version of the openssl should be the one Splunk uses, otherwise you might get "bad decrypt"

WurschtHans · ‎01-31-2024

Thank YOU!!!

That worked after hours of searching!

frankfowler · ‎02-21-2017

that is for version 1 of dbConnect - what about version 2 ?

rsimmons · ‎08-27-2013

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123

gschmitz · ‎02-28-2017

I just wondered as well how you would decrypt Dbx2 passwords. Maybe you can update your answer?

What password encryption scheme does DB Connect App uses for encrypting database passwords?

encryption

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)