I have a Python script in an External Lookup app which makes REST GET calls to a third party endpoint which requires basic authentication (username/password).
How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?
This answer states that there is no way to pass authentication into External Lookup scripts: https://community.splunk.com/t5/Splunk-Search/Pros-and-Cons-External-lookup-script-vs-custom-search-...
I am aware of the possibility to create a setup page (https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/setuppage/) for my app so credentials can be written into a custom conf file in the "<app_name>/local" folder and then parsed by the Python script but the credentials would be readable due to being written in plaintext. Is there a way to obfuscate the credentials but then easily use them through Python?
Hello,
I'm afraid, I have a similar problem. I developed an external lookup in Python which makes an API call using a password authentication.
When I submitted my app to Splunkbase, the result was:
check_for_secret_disclosure
Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
File: appserver/static/javascript/views/app.js Line: 95
There is no problem to write the password in passwords.conf. I followed the example in Weather App Example
The problem starts when I need to read the password from the Python external lookup script! Splunk general documentation suggests to use a client.connect
Client.connect need a Splunk user authentication, so another secret. I can find a method to read the secret as the splunklib.searchcommands allows.
I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.
How can I fix this problem?
Thank you very much
Kind Regards
Marco