Splunk Dev
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Re: How to save sensitive data (JWT token) in add-...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to save sensitive data (JWT token) in add-on which splunk cloud would allow
cool_cat
Observer
04-30-2021
03:26 AM
Hi all,
I am just learning Splunk because the need for applying our addon to be cloud vetted ( therefore I really don't know much splunk development yet, but need to get this done soon) . It is an addon to connect to our server and pulling in logs. Each pull would have to auth first, therefore we save token locally so only need auth once for certain interval ( lifetime of the token). But that won't do for cloud based addon. (Vetting report says " Storing authentication token in checkpoint which is not allowed in Splunk cloud. Please don't store such sensitive information")
Any other way I can save token for addon functionality purpose? . I heard mentioning of storage/passwords endpoint, is that only for user credential or it can be used for saving application token as well?
Thanks in advance! I searched whole day, still not clear the direction.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cool_cat
Observer
04-30-2021
07:01 AM
It is not static. It needs to be used for each poll. It will need to be updated when it expires. About every 15mins. Is there anyway the endpoint you mentioned can be written?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-30-2021
07:02 AM
Yes you can update the token on storage/passwords endpoint but you need to code that in your script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cool_cat
Observer
04-30-2021
07:05 AM
That is good to know! Is there any chance you can point me some sample code on how to achieve that? I am really just start to learn splunk development.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-30-2021
07:07 AM
Have a look at code in https://github.com/splunk/TA-VaultSync/tree/master/bin , you'll get idea.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cool_cat
Observer
04-30-2021
07:08 AM
Thank you so much!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-30-2021
07:09 AM
You're welcome!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
harsmarvania57
Ultra Champion
04-30-2021
06:58 AM
If token is static then you can use storage/passwords endpoint to store token and in your script read token from same endpoint.
Get Updates on the Splunk Community!
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
Enhance Security Operations with Automated Threat Analysis in the Splunk EcosystemAre you leveraging ...
Splunk Developers: Go Beyond the Dashboard with These .Conf25 Sessions
Whether you’re building custom apps, diving into SPL2, or integrating AI and machine learning into your ...
Index This | How do you write 23 only using the number 2?
July 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this month’s ...
