Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to save sensitive data (JWT token) in add-on which splunk cloud would allow

cool_cat
Observer
‎04-30-2021 03:26 AM

Hi all, 

I am just learning Splunk because the need for applying our addon to be cloud vetted ( therefore I really don't know much splunk development yet, but need to get this done soon) . It is an addon to connect to our server and pulling in logs. Each pull would have to auth first, therefore we save token locally so only need auth once for certain interval ( lifetime of the token). But that won't do for cloud based addon. (Vetting report says " Storing authentication token in checkpoint which is not allowed in Splunk cloud. Please don't store such sensitive information")

Any other way I can save token for addon functionality purpose? . I heard mentioning of storage/passwords endpoint, is that only for user credential or it can be used for saving application token as well?

 

Thanks in advance! I searched whole day, still not clear the direction. 

Labels (1)
Labels
0 Karma
Reply

cool_cat
Observer
‎04-30-2021 07:01 AM

It is not static. It needs to be used for each poll. It will need to be updated when it expires. About every 15mins. Is there anyway the endpoint you mentioned can be written?

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-30-2021 07:02 AM

Yes you can update the token on storage/passwords endpoint but you need to code that in your script.

0 Karma
Reply

cool_cat
Observer
‎04-30-2021 07:05 AM

That is good to know! Is there any chance you can point me some sample code on how to achieve that? I am really just start to learn splunk development. 

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-30-2021 07:07 AM

Have a look at code in https://github.com/splunk/TA-VaultSync/tree/master/bin , you'll get idea.

0 Karma
Reply

cool_cat
Observer
‎04-30-2021 07:08 AM

Thank you so much!

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-30-2021 07:09 AM

You're welcome!

0 Karma
Reply

harsmarvania57
Ultra Champion
‎04-30-2021 06:58 AM

If token is static then you can use storage/passwords endpoint to store token and in your script read token from same endpoint.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...