All Apps and Add-ons

How to use encrypted credentials (storage/passwords) in the REST API Modular Input?

avilandau
Path Finder

I'm using the "REST API Modular Input" add-on (rest_TA) and it works fine with authentication BASIC. However, this uses the clear password in the inputs.conf and I would like to use the encrypted credentials that I manage using my setup.xml screen in a similar way I do in my scripted inputs (where I use a the session key that Splunk send into the scripted input). Since rest_TA is a SPLUNK module, I would think this is possible/supported, but I could find any reference to it. If this is considered a custom handler and required a module in authhandlers.py can you describe this?

0 Karma
1 Solution

avilandau
Path Finder

Thanks Damien. I'm familiar with the get_credential as I used it in my scripted inputs (though I will condition the return based on realm since I have multiple pairs stored). However, after I looked at rest.py and I need to ask: I see the snippet you sent will be put at the beginning of do_run and it creates 2 variables ( encrypted_username, encrypted_password) which are actually the clear text but I don't see them being used later and also I'm not sure what should I put in the auth_type in the inputs.conf. I thought I could leave it as "basic" and just replace the following:

#for basic and digest
auth_user=config.get("auth_user")
auth_password=config.get("auth_password")

with

#for basic and digest with stored credentials
auth_user, auth_password= get_credentials(SESSION_TOKEN)

since get_credentil will return exactly what I have today in inputs.conf

Can you comment on that please?

Thanks

View solution in original post

0 Karma

avilandau
Path Finder

Thanks Damien. I'm familiar with the get_credential as I used it in my scripted inputs (though I will condition the return based on realm since I have multiple pairs stored). However, after I looked at rest.py and I need to ask: I see the snippet you sent will be put at the beginning of do_run and it creates 2 variables ( encrypted_username, encrypted_password) which are actually the clear text but I don't see them being used later and also I'm not sure what should I put in the auth_type in the inputs.conf. I thought I could leave it as "basic" and just replace the following:

#for basic and digest
auth_user=config.get("auth_user")
auth_password=config.get("auth_password")

with

#for basic and digest with stored credentials
auth_user, auth_password= get_credentials(SESSION_TOKEN)

since get_credentil will return exactly what I have today in inputs.conf

Can you comment on that please?

Thanks

0 Karma

hcheang
Path Finder

Hello Damien, avilandau,

Were you able to encrypt the password in inputs.conf with above suggestion?
I have tried replacing the auth_user parts as shown above but no luck.
Am I missing something?
I am using version 1.5.3 and yes, I am not sure where this encrypted_username, encrypted_password are being used...
Can anyone shed some light on rest.py ?

0 Karma

Damien_Dallimor
Ultra Champion

We often perform this customization to the REST App for our customers with commercial support.

0 Karma

Damien_Dallimor
Ultra Champion

I just provided you a quick pseudo code example to guide you.
Yes , what you propose would be fine and should work.

0 Karma

Damien_Dallimor
Ultra Champion

If you want to use setup.xml / apps.conf for storing encrypted credentials , then you will have to customise rest.py to retrieve these credentials because you need access to the session key.

So as an example below , I've added a get_credentials method and called it in the do_run method in rest.py

def get_credentials(session_key):
   myapp = 'rest_ta'
   try:
      # list all credentials
      entities = entity.getEntities(['admin', 'passwords'], namespace=myapp,
                                    owner='nobody', sessionKey=session_key)
   except Exception, e:
      raise Exception("Could not get credentials from splunk. Error: %s"
                      % (myapp, str(e)))

   # return first set of credentials
   for i, c in entities.items():
        return c['username'], c['clear_password']

   raise Exception("No credentials have been found, have you setup the App yet ?")   

def do_run(config,endpoint_list):

    #setup some globals
    server_uri = config.get("server_uri")
    global SPLUNK_PORT
    global STANZA
    global SESSION_TOKEN 
    global delimiter
    SPLUNK_PORT = server_uri[18:]
    STANZA = config.get("name")
    SESSION_TOKEN = config.get("session_key")

    encrypted_username, encrypted_password = get_credentials(SESSION_TOKEN)
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...