Security

need a credentials file instead of --auth user:passwd

ronerf
Explorer

I want to script this for backups:

splunk _internal call /data/indexes/main/roll-hot-buckets --auth 'username:password'

Is there a way to call an external credentials file from the splunk command so the password isn't on the command line?

Tags (1)
0 Karma

nickhills
Ultra Champion

Spent 2 mins more thinking about it..
- for a very basic level of obfuscation:

echo admin:changeme|base64 > credential.txt

and then:

splunk _internal call /data/indexes/main/roll-hot-buckets --auth $(cat credential.txt|base64 --decode)

Still trivial to circumvent, but prevents someone reading it over your shoulder!

If my comment helps, please give it a thumbs up!
0 Karma

ronerf
Explorer

Thanks; your solutions involve leveraging the shell, which has its own problems. I was hoping for a switch in the splunk command itself.

0 Karma

nickhills
Ultra Champion

I have not tested this, but if your not too concerned about the credentials being in a clear (albeit separate) file

In credential.txt:

admin:changeme

then you can run

splunk _internal call /data/indexes/main/roll-hot-buckets --auth $(< credential.txt)

it should go without saying this approach is not without its pitfalls, but I think it addresses your question

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...