I'm trying to build an app that will pull information from a third party tool via it's API function.
The information I'm getting is not event data and is only going to be pulled when called by a user of the app. The API link is going to be authenticated with a service account that Splunk will store the password for.
Here's where I'm getting trouble. when the users call the API, I need to pull the password to initiate the session, but it's obvs going to be encrypted and the users can't get it without the list_stored_passwords role. However If I give the users the list_stored_passwords role they can see ALL stored passwords by using the REST command.
Is there a way to lock the list_stored_passwords role so it only brings back the password a specific app?
If not how else could I store a password that only people who have access to the app could decrypt?