Splunk Dev

Storing and retreiving encrypted credentials on Universal Forwarder

andrew207
Path Finder

I need to safely store encrypted credentials on a UF.

I have a scripted input that needs to call an authenticated API endpoint. The authentication is not simple, hence using a scripted input.

I have found that passwords.conf does not work on a UF, as creating the file seems to do nothing and hitting the create endpoint of the UF API returns "Method not allowed" for POST and "Not Implemented" for GET.

Given the UF binary supports the show-decrypted function I should be able to manually encrypt my password and store it that way, but there doesn't seem to be an opposite to show-encrypted to do that. hash-passwd returns a non-reversible hash.

How can I safely store encrypted credentials on a UF within the Splunk ecosystem from an app deployed by a DS?

Labels (2)
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...