Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?

JerryLives
Engager
‎10-28-2020 05:19 PM

I have a Python script in an External Lookup app which makes REST GET calls to a third party endpoint which requires basic authentication (username/password).

How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?

This answer states that there is no way to pass authentication into External Lookup scripts: https://community.splunk.com/t5/Splunk-Search/Pros-and-Cons-External-lookup-script-vs-custom-search-...

I am aware of the possibility to create a setup page (https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/setuppage/) for my app so credentials can be written into a custom conf file in the "<app_name>/local" folder and then parsed by the Python script but the credentials would be readable due to being  written in plaintext. Is there a way to obfuscate the credentials but then easily use them through Python?

Labels (1)
Labels
Reply

sistemistiposta
Path Finder
‎05-04-2023 04:04 AM

Hello,

  I'm afraid, I have a similar problem. I developed an external lookup in Python which makes an API call using a password authentication.

When I submitted my app to Splunkbase, the result was:

 

 check_for_secret_disclosure

    Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
    https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
    File: appserver/static/javascript/views/app.js Line: 95

 

There is no problem to write the password in passwords.conf. I followed the example in Weather App Example

The problem starts when I need to read the password from the Python external lookup script! Splunk general documentation suggests to use a client.connect

Client.connect need a Splunk user authentication, so another secret. I can find a method to read the secret as the splunklib.searchcommands allows.

I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.

How can I fix this problem?

 

Thank you very much

Kind Regards

Marco

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...