Splunk Search

Authentication in an External Lookup REST call


I have a Python script in an External Lookup app which makes REST GET calls to a third party endpoint which requires basic authentication (username/password).

How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?

This answer states that there is no way to pass authentication into External Lookup scripts: https://community.splunk.com/t5/Splunk-Search/Pros-and-Cons-External-lookup-script-vs-custom-search-...

I am aware of the possibility to create a setup page (https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/setuppage/) for my app so credentials can be written into a custom conf file in the "<app_name>/local" folder and then parsed by the Python script but the credentials would be readable due to being  written in plaintext. Is there a way to obfuscate the credentials but then easily use them through Python?

Labels (1)
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.