All Apps and Add-ons

How to use encrypted credentials (storage/passwords) in the REST API Modular Input?

avilandau
Path Finder

I'm using the "REST API Modular Input" add-on (rest_TA) and it works fine with authentication BASIC. However, this uses the clear password in the inputs.conf and I would like to use the encrypted credentials that I manage using my setup.xml screen in a similar way I do in my scripted inputs (where I use a the session key that Splunk send into the scripted input). Since rest_TA is a SPLUNK module, I would think this is possible/supported, but I could find any reference to it. If this is considered a custom handler and required a module in authhandlers.py can you describe this?

0 Karma
1 Solution

avilandau
Path Finder

Thanks Damien. I'm familiar with the get_credential as I used it in my scripted inputs (though I will condition the return based on realm since I have multiple pairs stored). However, after I looked at rest.py and I need to ask: I see the snippet you sent will be put at the beginning of do_run and it creates 2 variables ( encrypted_username, encrypted_password) which are actually the clear text but I don't see them being used later and also I'm not sure what should I put in the auth_type in the inputs.conf. I thought I could leave it as "basic" and just replace the following:

#for basic and digest
auth_user=config.get("auth_user")
auth_password=config.get("auth_password")

with

#for basic and digest with stored credentials
auth_user, auth_password= get_credentials(SESSION_TOKEN)

since get_credentil will return exactly what I have today in inputs.conf

Can you comment on that please?

Thanks

View solution in original post

0 Karma

avilandau
Path Finder

Thanks Damien. I'm familiar with the get_credential as I used it in my scripted inputs (though I will condition the return based on realm since I have multiple pairs stored). However, after I looked at rest.py and I need to ask: I see the snippet you sent will be put at the beginning of do_run and it creates 2 variables ( encrypted_username, encrypted_password) which are actually the clear text but I don't see them being used later and also I'm not sure what should I put in the auth_type in the inputs.conf. I thought I could leave it as "basic" and just replace the following:

#for basic and digest
auth_user=config.get("auth_user")
auth_password=config.get("auth_password")

with

#for basic and digest with stored credentials
auth_user, auth_password= get_credentials(SESSION_TOKEN)

since get_credentil will return exactly what I have today in inputs.conf

Can you comment on that please?

Thanks

View solution in original post

0 Karma

hcheang
Path Finder

Hello Damien, avilandau,

Were you able to encrypt the password in inputs.conf with above suggestion?
I have tried replacing the auth_user parts as shown above but no luck.
Am I missing something?
I am using version 1.5.3 and yes, I am not sure where this encrypted_username, encrypted_password are being used...
Can anyone shed some light on rest.py ?

0 Karma

Damien_Dallimor
Ultra Champion

We often perform this customization to the REST App for our customers with commercial support.

0 Karma

Damien_Dallimor
Ultra Champion

I just provided you a quick pseudo code example to guide you.
Yes , what you propose would be fine and should work.

0 Karma

Damien_Dallimor
Ultra Champion

If you want to use setup.xml / apps.conf for storing encrypted credentials , then you will have to customise rest.py to retrieve these credentials because you need access to the session key.

So as an example below , I've added a get_credentials method and called it in the do_run method in rest.py

def get_credentials(session_key):
   myapp = 'rest_ta'
   try:
      # list all credentials
      entities = entity.getEntities(['admin', 'passwords'], namespace=myapp,
                                    owner='nobody', sessionKey=session_key)
   except Exception, e:
      raise Exception("Could not get credentials from splunk. Error: %s"
                      % (myapp, str(e)))

   # return first set of credentials
   for i, c in entities.items():
        return c['username'], c['clear_password']

   raise Exception("No credentials have been found, have you setup the App yet ?")   

def do_run(config,endpoint_list):

    #setup some globals
    server_uri = config.get("server_uri")
    global SPLUNK_PORT
    global STANZA
    global SESSION_TOKEN 
    global delimiter
    SPLUNK_PORT = server_uri[18:]
    STANZA = config.get("name")
    SESSION_TOKEN = config.get("session_key")

    encrypted_username, encrypted_password = get_credentials(SESSION_TOKEN)
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!