Hello,
I developed an external lookup script in Python which makes an https API call using a password authentication. The lookup script read the password from a custom conf file.
When I submitted my app to Splunkbase the result was:
check_for_secret_disclosure
Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
File: appserver/static/javascript/views/app.js Line: 95
There is no problem to write the password in passwords.conf. I followed the example in Weather App Example
The problem starts when I need to read the password from the Python external lookup script. Splunk general documentation suggests to use a client.connect
Client.connect need a Splunk user authentication, so another secret! I can find a method to read the secret as the splunklib.searchcommands allows, for example.
I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.
How can I fix this problem?
Thank you very much
Kind Regards
Marco
Hi Marco,
As per my understanding you are looking to access storage_passwords from within the App(ie. external lookup script) without requiring to use client.connect(), which is possible using the already available service instance to communicate with the Splunk Enterprise.
Ref - in Weather App Example , below code snippet is used to access the storage_passwords using the already available service instance
secrets = search_command.service.storage_passwords
Also check the documentation on how to access the service instance within an App
Let me know if this helps!
Hello Abhis,
I don't implement a search command. I have an external lookup like
INPUT
'''
anamefield = sys.argv[1]
aidfield = sys.argv[2]
'''
MAIN PROCESS
'''
infile = sys.stdin
outfile = sys.stdout
r = csv.DictReader(infile)
header = r.fieldnames
w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
w.writeheader()
for result in r:
# Perform the lookup or reverse lookup if necessary
if result[anamefield] and result[aidfield]:
# All fields were provided, just pass it along
w.writerow(result)
I don't understand how can I read the session key here. I read about splunk.Intersplunk, but it seems deprecated. The service instance seems to work only in command libraries or Script.stream_events library, which I can't understand how to adopt in external lookup script. I really appreciate if I could read some examples as weather app does for external commands.
Thank you very much
Kind Regards
Marco