Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Give access to Password Storage for a single app

alucarddjin
Path Finder
‎05-06-2021 08:42 AM

Hi,

I'm trying to build an app that will pull information from a third party tool via it's API function.

The information I'm getting is not event data and is only going to be pulled when called by a user of the app. The API link is going to be authenticated with a service account that Splunk will store the password for.

Here's where I'm getting trouble. when the users call the API, I need to pull the password to initiate the session, but it's obvs going to be encrypted and the users can't get it without the list_stored_passwords role. However If I give the users the list_stored_passwords role they can see ALL stored passwords by using the REST command.

Is there a way to lock the list_stored_passwords role so it only brings back the password a specific app?

If not how else could I store a password that only people who have access to the app could decrypt?

Labels (3)
Labels
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...