custom command secret

user487596 · ‎12-17-2024

Hi folks! I want to create a custom GeneratingCommand that makes a simple API request, but how do I save the API key in passwords.conf?

I have a default/setup.xml file with the following content:

<setup>
  <block title="Add API key(s)" endpoint="storage/passwords" entity="_new">
    <input field="password">
      <label>API key</label>
      <type>password</type>
    </input>
  </block>
</setup>

But when I configure the app, the password (API key) is not saved in the app folder (passwords.conf).
And if I need to add several api keys, how can I assign names to them and get information from the storage? I doubt this code will work:

try:
            app = "app-name"
            settings = json.loads(sys.stdin.read())
            config = settings['configuration']
            entities = entity.getEntities(['admin', 'passwords'], namespace=app, owner='nobody', sessionKey=settings['session_key'])
            i, c = entities.items()[0]
            api_key = c['clear_password']
            #user,  = c['username'], c['clear_password']
        except Exception as e:
            yield {"_time": time.time(), "_raw": str(e)}
            self.logger.fatal("ERROR Unexpected error: %s" % e)

luizlimapg · ‎12-18-2024

@user487596, an easier way to manipulate passwords is by using the Splunkbase app: https://splunkbase.splunk.com/app/4013

user487596 · ‎12-18-2024

Thanks, interesting app.

If anyone knows how to fix the curl issue or maybe use search for creation secrets, please share.

By the way, the function you suggest implementing doesn't work for me, I used the code from that function inside generate() and it works, at least I can extract the API key, but for some reason I can't make a request...

luizlimapg · ‎12-17-2024

Hey @user487596, how are you?

You can use REST API endpoints, like this example using curl locally on your Splunk instance:

curl -k -u <username>:<password> \
	https://localhost:8089/servicesNS/nobody/<app>/storage/passwords \
	-d name=user1 -d realm=realm1 -d password=password1

In your code, use a prepare method to retrieve your key:

def prepare(self):
        global API_KEY

        for passwd in self.service.storage_passwords:
            if passwd.realm == "<you_realm_key>":
                API_KEY = passwd.clear_password

        if API_KEY is None or API_KEY == "defaults_empty":
            self.error_exit(None, "No API key found.")

Documentation can be found here

user487596 · ‎12-18-2024

@luizlimapg , thanks for your reply. Is there any confirmation after curl or ways to check if password is added successfully, is there any other way to add a password?

Enter host password for user 'user':
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

I found that this is possible using the same curl, but i got an error:

curl -k -u user https://localhost:8089/servicesNS/nobody/app/storage/passwords/

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

custom command secret

Python

SDK

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?

custom command secret

Python

SDK

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25