Security

What password encryption scheme does DB Connect App uses for encrypting database passwords?

rsimmons
Splunk Employee
Splunk Employee

What password encryption scheme does DB Connect App uses for encrypting database passwords?

Labels (1)
Tags (1)
1 Solution

rsimmons
Splunk Employee
Splunk Employee

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123 

View solution in original post

datasearchninja
Communicator

For dbx v2/v3:

 $ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat
0 Karma

aleoliva
Engager

Previous command is for decrypting but question was about encrypting.

  • Encrypting:
    $ echo 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e

  • Decrypting:
    $ echo 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

HansWurscht
Path Finder

When using long passwords, you may have to use -A with openssl.
So for us it was:

  • Encrypting:

    $ echo -n 'thisIsMyPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -e -A

  • Decrypting:

    $ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

0 Karma

appidi_123
New Member

Hello Hans,

I tried the below as suggested to decrypt the password, but i am getting errors are Invalid password argument and Error getting password, i am confused with -pass file argument, i am passing it as -pass /opt/splunk/etc/auth/splunk.secret, please suggest

$ echo -n 'thisIsMyEncryptedPassword' | openssl enc -aes-256-cbc -base64 -pass file:///$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat -d

0 Karma

nadcohen
Engager

Hello the ser reading this,

if you get "bad decrypt"

try

echo 'U2FsdGVkX1/8/PnefMMBHA8f/IavzfMuBDyTjjNlZtg=' | base64 --decode | /opt/splunk/bin/splunk cmd openssl aes-256-cbc -d -pass file:/opt/splunk/etc/apps/splunk_app_db_connect/certs/identity.dat

the version of the openssl should be the one Splunk uses, otherwise you might get "bad decrypt"

WurschtHans
Engager

Thank YOU!!!

That worked after hours of searching!

0 Karma

frankfowler
Explorer

that is for version 1 of dbConnect - what about version 2 ?

0 Karma

rsimmons
Splunk Employee
Splunk Employee

You can use AES encryption with a secret key derived from the splunk.secret file (which is unique per Splunk instance). At initial startup, Splunk creates the file $SPLUNK_HOME/etc/auth/splunk.secret. This file contains a key used to encrypt some of your authentication information.

To manually change on the command line, see example below. It requires the java bridge to be running.

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt encrypt thisIsMyPassword123 

gschmitz
Path Finder

I just wondered as well how you would decrypt Dbx2 passwords. Maybe you can update your answer?

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...