You can use the secure storage endpoint to store passwords securely. See the following blog post: https://www.splunk.com/blog/2011/03/15/storing-encrypted-credentials.html

This is a little tricky because to make it work you need to:

1. Change the modular input to load the password from secure storage
2. Change the UI so that it loads and saves the password from/to secure storage

Change the modular input to load the password from secure storage

I wrote a modular input wrapper library that includes functions for accessing secure storage (see https://bit.ly/2GK0VQv). I use this in the Website Input app (see the use of get_secure_password in https://github.com/LukeMurphey/splunk-web-input/blob/master/src/bin/web_input.py).

Change the UI so that it loads and saves the password from/to secure storage

I wrote some modules that make this a little easier, see https://bit.ly/2J57v6X. That project includes a module named secure_password_storage which helps users make a custom manager page which loads and saves the password securely.

See an example here: https://github.com/LukeMurphey/splunk-web-input/blob/master/src/default/data/ui/manager/data_inputs_...

Unfortunately, apps with a custom input page will be rejected by app-inspect and thus cannot be installed on Splunk Cloud (since app-inspect incorrectly thinks that a custom input page is a deprecated technology called advanced XML). Of course, your app will be rejected if you store passwords without secure storage and thus you are stuck either way.