All Apps and Add-ons

Splunk DB Connection ( IDENTITIES.CONF) password not getting encrypted even after Splunk restart ???

saranya_fmr
Communicator

I wanted to automate DB Connection creation.
Wanted to create Connection via CLI in the Deployer and then push out to SHC .

  • I was creating a Splunk DB Connection via CLI and noticed that the password is not getting encrypted even after Splunk restart. After some research I learnt that identity.dat is used for encryption. But how can I get the password encrypted after updating it in indentity.conf ?
  • Secondly is there any config file that manages the permissions of the DB Connection like the way we have in the UI?
0 Karma
1 Solution

saranya_fmr
Communicator

Hi Burch ,

Yes I did already try that but it didnt help.

Got response from splunk support :

Support: I spoke with our DBX app engineer and they say this behavior is as per design. Editing the identity.conf file to add identities breaks the password encryption/decryption protocol. So identity won't work.
For example, if user creates an identity through UI, DBX app will encrypt the password before calling splunkd api to update/reload the identity.conf file.

If you modify the identity.conf directly and restart splunk service, DBX app will decrypt the password before UI gets the identity. However, the password actually is not encrypted, so you break the protocol and the identity doesn't work.

Support: On DBX 3.0.0, 3.0.1, 3.0.2 versions, create connections is removed on REST API and this is fixed in 3.1.0 version. So 3.0.1 version, you can not use REST API to create/manage connections. However, these REST API URL's are not officially announced.

  1. Also is there a way to create/manage DB Connections via Splunk CLI? Is there way to automate the DB Connection creation?

Support: We do not have any CLI commands to create/manage DB Connections.

  1. While creating identities through configuration files, the password is not getting encrypted. --> What is the way to encrypt the password?

Support: This is a expected behavior and password is encrypted using identity.dat file.

****** I understand identity.dat file is used for password encryption. Is there a way to use this file to encrypt the password? Is there any harm in editing the Identity conf files?

We have API to CRUD (Create, Read, Update, Delete ) connections, but it's not public. Currently we do not support/encourage editing the identities.conf file manually to create identities.

View solution in original post

0 Karma

belinda789
New Member

Is there a solution for this now? The database connections fails after search head cluster members got restarted by searchdeployer. I can only retype passwords on SplunkDBX ui to get passwords encrypted again.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Kind of. @saranya_fmr shared their response from support. I've just accepted it as the answer for posterity.

0 Karma

saranya_fmr
Communicator

Hi Burch ,

Yes I did already try that but it didnt help.

Got response from splunk support :

Support: I spoke with our DBX app engineer and they say this behavior is as per design. Editing the identity.conf file to add identities breaks the password encryption/decryption protocol. So identity won't work.
For example, if user creates an identity through UI, DBX app will encrypt the password before calling splunkd api to update/reload the identity.conf file.

If you modify the identity.conf directly and restart splunk service, DBX app will decrypt the password before UI gets the identity. However, the password actually is not encrypted, so you break the protocol and the identity doesn't work.

Support: On DBX 3.0.0, 3.0.1, 3.0.2 versions, create connections is removed on REST API and this is fixed in 3.1.0 version. So 3.0.1 version, you can not use REST API to create/manage connections. However, these REST API URL's are not officially announced.

  1. Also is there a way to create/manage DB Connections via Splunk CLI? Is there way to automate the DB Connection creation?

Support: We do not have any CLI commands to create/manage DB Connections.

  1. While creating identities through configuration files, the password is not getting encrypted. --> What is the way to encrypt the password?

Support: This is a expected behavior and password is encrypted using identity.dat file.

****** I understand identity.dat file is used for password encryption. Is there a way to use this file to encrypt the password? Is there any harm in editing the Identity conf files?

We have API to CRUD (Create, Read, Update, Delete ) connections, but it's not public. Currently we do not support/encourage editing the identities.conf file manually to create identities.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Update: Version 3.1.4 came out Dec. 17, 2018.

I don't see specific mention of this topic in the release notes so folks chime in to let us know if you have any other info.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

I can't speak to the encryption challenge and I see you have a case open on the topic.

But in terms of doing this on the deployer, I would discourage that. Assuming you don't edit the conf files directly (and therefore use splunkd through REST, CLI, or SplunkWeb) you should see less issues by generating the accounts directly on the SH members and letting them replicate to each other.

Any particular reason you thought you MUST do it on the deployer? Did you simply perceive it was the best place to generate config?

0 Karma

saranya_fmr
Communicator

Hi Burch ,

Since the goal was automation so I thought of editing the conf files and pushing it to SHC from the deployer. No specific reason as such.

But yes , I guess REST or CLI would be a better approach , but I think they aren't supported for DBX V3 as far as I've researched.

However Awaiting a response for the enhancement case that I've submitted.

0 Karma

sloshburch
Splunk Employee
Splunk Employee

Cool. Thanks for clarifying. Alternatively, could you achieve the same automation by implementing your solution to create the needed conf files on the deployer, then have the deployer push out the config and let Splunk do the hashing once that config is applied?

Apologies if you already explored this idea and I am forgetting.

0 Karma

fposchetto_splu
Splunk Employee
Splunk Employee

Hi Saranya,

I have found another post on answers that may be able to help you on this effort, please check the following: Splunk DB Connect V3 - Automated / Programmatic creation of connections and inputs - https://answers.splunk.com/answers/516111/splunk-db-connect-v3-automated-programmatic-creati.html

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...