Solved: How are passwords stored by Splunk Add-on builder?

anweshkumar12 · ‎04-20-2023

I was trying to build an add-on using splunk add-on builder. We need to use api key to authenticate into a third party service. The question is how does splunk add-on builder store password? I created a password field and saw that the password.conf in local folder is being updated. Does this mean that password fields are encrypted and stored in password.conf?
Any help will be really appreciated.

woodcock · ‎04-21-2023

Yes, the PWs are stored in local passwords.conf file in the app using the "splunk.secret" encryption seed. You can manually decrypt them like this:

$SPLUNK_HOME/bin/splunk show-decrypted --value 'YourPasswordHere'

View solution in original post

woodcock · ‎04-21-2023

Yes, the PWs are stored in local passwords.conf file in the app using the "splunk.secret" encryption seed. You can manually decrypt them like this:

$SPLUNK_HOME/bin/splunk show-decrypted --value 'YourPasswordHere'

How are passwords stored by Splunk Add-on builder?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation