Splunk Search

How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?

JerryLives
Engager

I have a Python script in an External Lookup app which makes REST GET calls to a third party endpoint which requires basic authentication (username/password).

How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?

This answer states that there is no way to pass authentication into External Lookup scripts: https://community.splunk.com/t5/Splunk-Search/Pros-and-Cons-External-lookup-script-vs-custom-search-...

I am aware of the possibility to create a setup page (https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/setuppage/) for my app so credentials can be written into a custom conf file in the "<app_name>/local" folder and then parsed by the Python script but the credentials would be readable due to being  written in plaintext. Is there a way to obfuscate the credentials but then easily use them through Python?

Labels (1)

sistemistiposta
Path Finder

Hello,

  I'm afraid, I have a similar problem. I developed an external lookup in Python which makes an API call using a password authentication.

When I submitted my app to Splunkbase, the result was:

 

 check_for_secret_disclosure

    Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
    https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
    File: appserver/static/javascript/views/app.js Line: 95

 

There is no problem to write the password in passwords.conf. I followed the example in Weather App Example

The problem starts when I need to read the password from the Python external lookup script! Splunk general documentation suggests to use a client.connect

Client.connect need a Splunk user authentication, so another secret. I can find a method to read the secret as the splunklib.searchcommands allows.

I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.

How can I fix this problem?

 

Thank you very much

Kind Regards

Marco

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...