Splunk® Enterprise Security

Administer Splunk Enterprise Security

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Manage credentials in Splunk Enterprise Security

Use the Credential Management page to store credentials for scripted or modular inputs. Input configurations that reference credentials use the credentials stored in Credential Management. You can store credentials such as usernames and passwords, or certificates used for authentication with third-party systems. Do not use this page to manage certificates used to encrypt server-to-server communications.

Your role must have the appropriate capabilities to add, modify, and view credentials and certificates. See Configure users and roles in the Installation and Upgrade Manual.

Add a new credential for an input

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. Click New Credential to add a new user credential.
  3. Type a Username.
  4. (Optional) Type a Realm field to differentiate between multiple credentials that have the same username.
  5. Type the Password for the credential, and type it again in Confirm password.
  6. Select the App for the credential.
  7. Click Save.

Edit an existing input credential

You can edit passwords of existing input credentials.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. In the Action column of a credential, click Edit.
  3. Type a new Password for the credential, and type it again in Confirm password.
  4. Click Save.

Add a new certificate

You cannot add a new certificate using Credential Management on a search head cluster (SHC). To add a new certificate to Splunk Enterprise Security on a SHC, add the certificate to $SPLUNK_HOME/etc/shcluster/apps/<app_name>/auth on the deployer and deploy the certificate to the SHC members.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. Click New Certificate to add a new certificate.
  3. Type a File name for the certificate. This is the file name that the certificate is saved as in the $SPLUNK_HOME/etc/apps/<app_name>/auth directory.
  4. Add Certificate text for the certificate. Paste the contents of an existing certificate file here to add the certificate to Splunk Enterprise Security.
  5. Select an App to save the certificate in.
  6. Click Save.

Edit an existing certificate

You can edit the certificate text of existing certificates in Credential Management. You cannot edit certificates on a search head cluster.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. In the Action column of a certificate, click Edit.
  3. Type a new Certificate text for the certificate.
  4. Click Save.

Delete an existing input credential or certificate

You cannot delete certificates on a search head cluster.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. In the Action column of a credential or certificate, click Delete.
  3. Click OK to confirm.
Last modified on 09 December, 2019
PREVIOUS
Configure general settings for Splunk Enterprise Security
  NEXT
Manage permissions in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters