hurricanelabs / splunksecrets Goto Github PK
View Code? Open in Web Editor NEWsplunksecrets is a tool for working with Splunk secrets offline
Home Page: https://pypi.org/project/splunksecrets/
splunksecrets is a tool for working with Splunk secrets offline
Home Page: https://pypi.org/project/splunksecrets/
First of all: Thank you for this great script! It helps us a lot in automating splunk deployment!
My feature request:
It would be easier for us to use in an automated fashion, if the script would be able to read the password from an environment variable. The new option could be named --password-env
.
Currently only cli agruments and stdin are supported for password. Cli arguments are insecure, and stdin is kind of messy.
Thanks!
not sure if you like the idea but I have often the need to generate a new splunk secret before actually starting splunk. It annoys me to let splunk generate it as I am using automation (ansible) a lot to bring up splunk installations. so it would be more convenient to have it here, too.
if thats out of your scope I am fine ;) just an idea..
EDIT:
and yes I am aware of:
rotate splunk-secret Generate a new splunk.secret (encryption key), and re-encrypt all configuration with the new key.
rotate shcluster-splunk-secret Generate a new search head cluster common splunk.secret (encryption key), and re-encrypt all configuration with the new key. CAUTION: this command causes the members to be re-added the search head cluster, and might cause scheduled searches to be unavailable until the process completes.
in recent splunk versions (above is from v8.1) ;) still it would be great having it separately from splunk so we would have it before actually installing splunk
I've based some changes to the puppet module for configuring splunk based on the information found in this project. Just wanted to say thanks for the clear description of the algorithm.
splunksecrets/splunksecrets.py
Line 22 in f104e60
Example of error:
Traceback (most recent call last):
File "/home/rfrey2/python/virtualenv/environments/splunksecrets/bin/splunksecrets", line 10, in <module>
sys.exit(main())
File "/home/rfrey2/python/virtualenv/environments/splunksecrets/local/lib/python2.7/site-packages/splunksecrets.py", line 146, in main
output = decrypt(key, ciphertext, args.nosalt)
File "/home/rfrey2/python/virtualenv/environments/splunksecrets/local/lib/python2.7/site-packages/splunksecrets.py", line 24, in decrypt
ciphertext = base64.b64decode(ciphertext[3:])
File "/usr/lib/python2.7/base64.py", line 78, in b64decode
raise TypeError(msg)
TypeError: Incorrect padding
Something like this seems to fix the issue (may not be perfect but it works):
def decrypt(secret, ciphertext, nosalt=False):
"""Given the first 16 bytes of splunk.secret, decrypt a Splunk password"""
plaintext = None
if ciphertext.startswith("$1$"):
try:
ciphertext = base64.b64decode(ciphertext[3:])
except TypeError:
try:
ciphertext = base64.b64decode(ciphertext[3:] + "===")
except Exception as e:
print(e)
exit(1)
key = secret[:16]
Add support for encrypted dbconnect identities
Running the follow command:
splunksecrets --splunk-secret-text dCqLei7Z1083bZoMCZpU782Qh3Y8elemrNAEb/ba9QzvXWdJeJcx40KZ55hVLjq9sH30r7v4t7as6KD4IBeCeG1TYuVvRmxh7PPzzwJKLpSXuBKObK/3Y5LXJrQH9SAaDNpfDzTT2TO4XWXCnqcrGM0ct5qLtnyJYKrcB0YbOcMa1M1aoecuy.80qgWpz/EDcLqUT.GM1BC6Kbz1vbX8pjHvrX8G7Tcf5lKFKOC.sOBAC9gXEPnRFCz0xf.GoW -D --password $1$ec3vkicywd+IN1M=
I just get this as an output:
None
I cant find any documentation that would suggest what this means or if i have done something wrong
Add support for encrypted Phantom passwords
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.