Splunk Dev

Give access to Password Storage for a single app

Path Finder


I'm trying to build an app that will pull information from a third party tool via it's API function.

The information I'm getting is not event data and is only going to be pulled when called by a user of the app. The API link is going to be authenticated with a service account that Splunk will store the password for.

Here's where I'm getting trouble. when the users call the API, I need to pull the password to initiate the session, but it's obvs going to be encrypted and the users can't get it without the list_stored_passwords role. However If I give the users the list_stored_passwords role they can see ALL stored passwords by using the REST command.

Is there a way to lock the list_stored_passwords role so it only brings back the password a specific app?

If not how else could I store a password that only people who have access to the app could decrypt?

Labels (3)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...