Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to retrieve password from password.conf in python script?

splunker2117
Loves-to-Learn Lots
‎10-10-2022 05:08 AM

Please help in reading the credentials from password.conf in python script. 

 

0 Karma
Reply

splunker2117
Loves-to-Learn Lots
‎10-11-2022 11:51 AM

Here I do not want to expose admin credentials even. Is there any way to read password.conf without passing admin credentials. Basically I need to retrieve secrets while running custom command. 

0 Karma
Reply

tcole_splunk
Splunk Employee
Splunk Employee
‎10-11-2022 12:01 PM

I'm not sure I understand. You need to pass in credentials in order to read passwords.conf, because this file is encrypted and you need to ensure secure access. In order to call the storage/passwords endpoint, the user needs to belong to a role with certain capabilities assigned. See https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/secretstoragerbac for more details.

0 Karma
Reply

splunker2117
Loves-to-Learn Lots
‎10-12-2022 04:10 AM

Let me give you bit background @tcole_splunk  @gcusello ,

I've script to run as custom command and secrets are stored in password.conf with the help of setuppage. 

Now I am stuck where unable to read the secrets from password.conf to authenticate 3rd party API.

I've used multiple ways to read password.conf however it is failing to connect at initial stage where it call to splunk rest api to retrieve passwords.conf details. Goal is to get the session key without passing the hardcoded values so can use.

service = client.Service(token=session_key,host="127.0.0.1", port=8089)
0 Karma
Reply

tcole_splunk
Splunk Employee
Splunk Employee
‎10-12-2022 02:01 PM

Thanks for the additional information. Did you try connecting to Splunk Enterprise with the Python SDK through the connect function? See https://dev.splunk.com/enterprise/docs/devtools/python/sdk-python/howtousesplunkpython/howtoconnectp....

After that, you should be able to retrieve passwords following the example at https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/secretstoragepython....

0 Karma
Reply

tcole_splunk
Splunk Employee
Splunk Employee
‎10-11-2022 10:11 AM

Hello!

Just to add to what Giuseppe posted, you can retrieve credentials from passwords.conf using the storage/passwords REST API endpoint and the Splunk SDK for Python. Here is the documentation explaining how to do this:

 https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/secretstoragepython

Good luck!

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-10-2022 06:12 AM

Hi @splunker2117,

if you launch your python script as a Splunk input, you can store password in encrypted mode in Splunk passing them from Splunk.

For more infos see at https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html

https://www.splunk.com/en_us/blog/tips-and-tricks/store-encrypted-secrets-in-a-splunk-app.html#:~:te....

https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html?_ga=2.20827064.1642756...

This is to create a setup pdashboard in your App to insert pasword:

https://www.splunk.com/en_us/blog/tips-and-tricks/enable-first-run-app-configuration-with-setup-page....

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...