Refine your search:

EAI endpoint: admin/passwords ?

5
4

I was poking around the Twitter app, and noticed that its setup.xml utilizes an admin/passwords endpoint to, I believe, store and retrieve twitter credentials:

From the setup.xml

    <block title="Add Twitter Account Info" endpoint="admin/passwords" entity="_new">
            <input field="name">
                    <label>Username</label>
                    <type>text</type>
            </input>
            <input field="password">
                    <label>Password</label>
                    <type>password</type>
            </input>
    </block>

From the scripted input:

def getCredentials(sessionKey):
   try:
      entities = entity.getEntities(['admin', 'passwords'], namespace='twitter', owner='nobody', sessionKey=sessionKey) 
   except Exception, e:
      sys.stderr.write("Could not get Twitter credentials from splunk. Error: %s" % (str(e)))
      exit(1)

   for i, c in entities.items(): 
        return c['username'], c['clear_password']

I'm quite intrigued. I could use this functionality, but I can't find any documentation on what it's actually doing or how to use it properly. In particular, I have a need to potentially store multiple sets of credentials, so I'd be curious whether that's possible. Where can I find some docs on this?

asked 15 Dec '10, 04:05

mw's gravatar image

mw
1.6k12
accept rate: 30%

One Answer:
oldestnewestmost voted
3

admin/passwords is an EAI endpoint provided by splunkd to support storing of credentials in an encrypted format. You should also be aware that the encryption key is stored on the same machine - so the encryption is not strong.

To see what fields are supported by the endpoint you should hit:

/servicesNS/nobody/search/admin/passwords/_new
You'd notice:
   Required: name, password
   Optional: realm

These is a pretty standard set of fields that should be useful in many different situations. The credentials are stored in app.conf as follows:

[credential:<realm>:<username>:]
password = $1$<encrypted-password>

Now, when you want to access the clear password you simply hit admin/passwords and look at clear_password.

NOTE: currently only admins (or any role that has admin_all_objects capability) have the ability to edit/view this endpoint

link

answered 16 Mar '11, 02:45

Ledion%20Bitincka's gravatar image

Ledion Bitincka ♦
1.5k36
accept rate: 36%

Post your answer
toggle preview

Copyright © 2005-2012 Splunk, Inc. All rights reserved.