Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- custom command secret
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
custom command secret
Hi folks! I want to create a custom GeneratingCommand that makes a simple API request, but how do I save the API key in passwords.conf?
I have a default/setup.xml file with the following content:
<setup>
<block title="Add API key(s)" endpoint="storage/passwords" entity="_new">
<input field="password">
<label>API key</label>
<type>password</type>
</input>
</block>
</setup>
But when I configure the app, the password (API key) is not saved in the app folder (passwords.conf).
And if I need to add several api keys, how can I assign names to them and get information from the storage? I doubt this code will work:
try:
app = "app-name"
settings = json.loads(sys.stdin.read())
config = settings['configuration']
entities = entity.getEntities(['admin', 'passwords'], namespace=app, owner='nobody', sessionKey=settings['session_key'])
i, c = entities.items()[0]
api_key = c['clear_password']
#user, = c['username'], c['clear_password']
except Exception as e:
yield {"_time": time.time(), "_raw": str(e)}
self.logger.fatal("ERROR Unexpected error: %s" % e)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@user487596, an easier way to manipulate passwords is by using the Splunkbase app: https://splunkbase.splunk.com/app/4013
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, interesting app.
If anyone knows how to fix the curl issue or maybe use search for creation secrets, please share.
By the way, the function you suggest implementing doesn't work for me, I used the code from that function inside generate() and it works, at least I can extract the API key, but for some reason I can't make a request...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @user487596, how are you?
You can use REST API endpoints, like this example using curl locally on your Splunk instance:
curl -k -u <username>:<password> \
https://localhost:8089/servicesNS/nobody/<app>/storage/passwords \
-d name=user1 -d realm=realm1 -d password=password1
In your code, use a prepare method to retrieve your key:
def prepare(self):
global API_KEY
for passwd in self.service.storage_passwords:
if passwd.realm == "<you_realm_key>":
API_KEY = passwd.clear_password
if API_KEY is None or API_KEY == "defaults_empty":
self.error_exit(None, "No API key found.")
Documentation can be found here
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@luizlimapg , thanks for your reply. Is there any confirmation after curl or ways to check if password is added successfully, is there any other way to add a password?
Enter host password for user 'user':
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I found that this is possible using the same curl, but i got an error:
curl -k -u user https://localhost:8089/servicesNS/nobody/app/storage/passwords/
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events
Enter the Agentic Era with Splunk AI Assistant for SPL 1.4
Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...
