Splunk Dev

How do I use Secret storage and api call?

sistemistiposta
Path Finder

Hello,

  I developed an external lookup script in Python which makes an https API call using a password authentication. The lookup script read the password from a custom conf file.

When I submitted my app to Splunkbase the result was:

 

 

 check_for_secret_disclosure

    Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
    https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
    File: appserver/static/javascript/views/app.js Line: 95

 

 

There is no problem to write the password in passwords.conf. I followed the example in Weather App Example

The problem starts when I need to read the password from the Python external lookup script. Splunk general documentation suggests to use a client.connect

Client.connect need a Splunk user authentication, so another secret! I can find a method to read the secret as the splunklib.searchcommands allows, for example.

I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.

How can I fix this problem?

 

Thank you very much

Kind Regards

Marco

Labels (4)
0 Karma

abhis
Splunk Employee
Splunk Employee

Hi Marco,

As per my understanding you are looking to access storage_passwords from within the App(ie. external lookup script) without requiring to use client.connect(), which is possible using the already available service instance to communicate with the Splunk Enterprise.


Ref - in Weather App Example , below code snippet is used to access the storage_passwords using the already available service instance

secrets = search_command.service.storage_passwords

Also check the documentation on how to access the service instance within an App 

 

Let me know if this helps!

0 Karma

sistemistiposta
Path Finder

Hello Abhis,

  I don't implement a search command. I have an external lookup like

 

    INPUT
    '''
    anamefield = sys.argv[1]
    aidfield = sys.argv[2]

    '''
    MAIN PROCESS
    '''
    infile = sys.stdin
    outfile = sys.stdout

    r = csv.DictReader(infile)
    header = r.fieldnames

    w = csv.DictWriter(outfile, fieldnames=r.fieldnames)
    w.writeheader()

    for result in r:
        # Perform the lookup or reverse lookup if necessary
        if result[anamefield] and result[aidfield]:
            # All fields were provided, just pass it along
            w.writerow(result)

 

I don't understand how can I read the session key here. I read about splunk.Intersplunk, but it seems deprecated. The service instance seems to work only in command libraries or Script.stream_events library, which I can't understand how to adopt in external lookup script. I really appreciate if I could read some examples as weather app does for external commands.

Thank you very much

Kind Regards

Marco

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...