- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How can I make those authentication credentials ed...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?
I have a Python script in an External Lookup app which makes REST GET calls to a third party endpoint which requires basic authentication (username/password).
How can I make those authentication credentials editable through a graphical interface/dashboard in Splunk?
This answer states that there is no way to pass authentication into External Lookup scripts: https://community.splunk.com/t5/Splunk-Search/Pros-and-Cons-External-lookup-script-vs-custom-search-...
I am aware of the possibility to create a setup page (https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/setuppage/) for my app so credentials can be written into a custom conf file in the "<app_name>/local" folder and then parsed by the Python script but the credentials would be readable due to being written in plaintext. Is there a way to obfuscate the credentials but then easily use them through Python?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm afraid, I have a similar problem. I developed an external lookup in Python which makes an API call using a password authentication.
When I submitted my app to Splunkbase, the result was:
check_for_secret_disclosure
Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
File: appserver/static/javascript/views/app.js Line: 95
There is no problem to write the password in passwords.conf. I followed the example in Weather App Example
The problem starts when I need to read the password from the Python external lookup script! Splunk general documentation suggests to use a client.connect
Client.connect need a Splunk user authentication, so another secret. I can find a method to read the secret as the splunklib.searchcommands allows.
I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested.
How can I fix this problem?
Thank you very much
Kind Regards
Marco
Archived Metrics Now Available for APAC and EMEA realms
Detecting Remote Code Executions With the Splunk Threat Research Team
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
