hurricanelabs / splunksecrets Goto Github PK

First of all: Thank you for this great script! It helps us a lot in automating splunk deployment!

My feature request:
It would be easier for us to use in an automated fashion, if the script would be able to read the password from an environment variable. The new option could be named --password-env.

Currently only cli agruments and stdin are supported for password. Cli arguments are insecure, and stdin is kind of messy.

Thanks!

not sure if you like the idea but I have often the need to generate a new splunk secret before actually starting splunk. It annoys me to let splunk generate it as I am using automation (ansible) a lot to bring up splunk installations. so it would be more convenient to have it here, too.
if thats out of your scope I am fine ;) just an idea..

EDIT:

and yes I am aware of:

rotate splunk-secret       		Generate a new splunk.secret (encryption key), and re-encrypt all configuration with the new key.

rotate shcluster-splunk-secret      Generate a new search head cluster common splunk.secret (encryption key), and re-encrypt all configuration with the new key. CAUTION: this command causes the members to be re-added the search head cluster, and might cause scheduled searches to be unavailable until the process completes.

in recent splunk versions (above is from v8.1) ;) still it would be great having it separately from splunk so we would have it before actually installing splunk

I've based some changes to the puppet module for configuring splunk based on the information found in this project. Just wanted to say thanks for the clear description of the algorithm.

Example of error:

Traceback (most recent call last):
  File "/home/rfrey2/python/virtualenv/environments/splunksecrets/bin/splunksecrets", line 10, in <module>
    sys.exit(main())
  File "/home/rfrey2/python/virtualenv/environments/splunksecrets/local/lib/python2.7/site-packages/splunksecrets.py", line 146, in main
    output = decrypt(key, ciphertext, args.nosalt)
  File "/home/rfrey2/python/virtualenv/environments/splunksecrets/local/lib/python2.7/site-packages/splunksecrets.py", line 24, in decrypt
    ciphertext = base64.b64decode(ciphertext[3:])
  File "/usr/lib/python2.7/base64.py", line 78, in b64decode
    raise TypeError(msg)
TypeError: Incorrect padding

Something like this seems to fix the issue (may not be perfect but it works):

def decrypt(secret, ciphertext, nosalt=False):
    """Given the first 16 bytes of splunk.secret, decrypt a Splunk password"""
    plaintext = None
    if ciphertext.startswith("$1$"):

        try:
                ciphertext = base64.b64decode(ciphertext[3:])
        except TypeError:
                try:
                        ciphertext = base64.b64decode(ciphertext[3:] + "===")
                except Exception as e:
                        print(e)
                        exit(1)

        key = secret[:16]

Add support for encrypted dbconnect identities

Running the follow command:
splunksecrets --splunk-secret-text dCqLei7Z1083bZoMCZpU782Qh3Y8elemrNAEb/ba9QzvXWdJeJcx40KZ55hVLjq9sH30r7v4t7as6KD4IBeCeG1TYuVvRmxh7PPzzwJKLpSXuBKObK/3Y5LXJrQH9SAaDNpfDzTT2TO4XWXCnqcrGM0ct5qLtnyJYKrcB0YbOcMa1M1aoecuy.80qgWpz/EDcLqUT.GM1BC6Kbz1vbX8pjHvrX8G7Tcf5lKFKOC.sOBAC9gXEPnRFCz0xf.GoW -D --password $1$ec3vkicywd+IN1M=

I just get this as an output:
None

I cant find any documentation that would suggest what this means or if i have done something wrong

Add support for encrypted Phantom passwords