Hello, I'm afraid, I have a similar problem. I developed an external lookup in Python which makes an API call using a password authentication. When I submitted my app to Splunkbase, the result was: check_for_secret_disclosure
Password is being stored in plain text. Client's secret must be stored in encrypted format. You can use this reference for manage secret storage
https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/secretstorage/
File: appserver/static/javascript/views/app.js Line: 95 There is no problem to write the password in passwords.conf. I followed the example in Weather App Example The problem starts when I need to read the password from the Python external lookup script! Splunk general documentation suggests to use a client.connect Client.connect need a Splunk user authentication, so another secret. I can find a method to read the secret as the splunklib.searchcommands allows. I have Splunk Enterprise, so I could leave the API password clear, but I would like to use the secretstorage as suggested. How can I fix this problem? Thank you very much Kind Regards Marco
... View more