Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I use Secret storage and api call?

sistemistiposta
Path Finder
‎05-05-2023 01:27 AM

Hello,

  I developed an external lookup script in Python which makes an https API call using a password authentication. The lookup script read the password from a custom conf file.

When I submitted my app to Splunkbase the result was:

 

 

 check_for_secret_disclosure

    Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
    https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
    File: appserver/static/javascript/views/app.js Line: 95

 

 

There is no problem to write the password in passwords.conf. I followed the example in Weather App Example

The problem starts when I need to read the password from the Python external lookup script. Splunk general documentation suggests to use a client.connect

Client.connect need a Splunk user authentication, so another secret! I can find a method to read the secret as the splunklib.searchcommands allows, for example.

I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.

How can I fix this problem?

 

Thank you very much

Kind Regards

Marco

Labels (4)
Labels
0 Karma
Reply

abhis
Splunk Employee
Splunk Employee
‎05-09-2023 11:35 PM

Hi Marco,

As per my understanding you are looking to access storage_passwords from within the App(ie. external lookup script) without requiring to use client.connect(), which is possible using the already available service instance to communicate with the Splunk Enterprise.


Ref - in Weather App Example , below code snippet is used to access the storage_passwords using the already available service instance

secrets = search_command.service.storage_passwords

Also check the documentation on how to access the service instance within an App 

 

Let me know if this helps!

0 Karma
Reply

sistemistiposta
Path Finder
‎05-10-2023 03:05 AM

Hello Abhis,

  I don't implement a search command. I have an external lookup like

 

    INPUT
    '''
    anamefield = sys.argv[1]
    aidfield = sys.argv[2]

    '''
    MAIN PROCESS
    '''
    infile = sys.stdin
    outfile = sys.stdout

    r = csv.DictReader(infile)
    header = r.fieldnames

    w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
    w.writeheader()

    for result in r:
        # Perform the lookup or reverse lookup if necessary
        if result[anamefield] and result[aidfield]:
            # All fields were provided, just pass it along
            w.writerow(result)

 

I don't understand how can I read the session key here. I read about splunk.Intersplunk, but it seems deprecated. The service instance seems to work only in command libraries or Script.stream_events library, which I can't understand how to adopt in external lookup script. I really appreciate if I could read some examples as weather app does for external commands.

Thank you very much

Kind Regards

Marco

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...