Splunk® Enterprise Security

Administer Splunk Enterprise Security

Download manual as PDF

Download topic as PDF

Manage credentials in Splunk Enterprise Security

Use the Credential Management page to store credentials for scripted or modular inputs. Input configurations that reference credentials use the credentials stored in Credential Management. You can store credentials such as usernames and passwords, or certificates used for authentication with third-party systems. Do not use this page to manage certificates used to encrypt server-to-server communications.

Your role must have the appropriate capabilities to add, modify, and view credentials and certificates. See Configure users and roles in the Installation and Upgrade Manual.

Add a new credential for an input

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. Click New Credential to add a new user credential.
  3. Type a Username.
  4. (Optional) Type a Realm field to differentiate between multiple credentials that have the same username.
  5. Type the Password for the credential, and type it again in Confirm password.
  6. Select the App for the credential.
  7. Click Save.

Edit an existing input credential

You can edit passwords of existing input credentials.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. In the Action column of a credential, click Edit.
  3. Type a new Password for the credential, and type it again in Confirm password.
  4. Click Save.

Add a new certificate

You cannot add a new certificate using Credential Management on a search head cluster (SHC). To add a new certificate to Splunk Enterprise Security on a SHC, add the certificate to $SPLUNK_HOME/etc/shcluster/apps/<app_name>/auth on the deployer and deploy the certificate to the SHC members.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. Click New Certificate to add a new certificate.
  3. Type a File name for the certificate. This is the file name that the certificate is saved as in the $SPLUNK_HOME/etc/apps/<app_name>/auth directory.
  4. Add Certificate text for the certificate. Paste the contents of an existing certificate file here to add the certificate to Splunk Enterprise Security.
  5. Select an App to save the certificate in.
  6. Click Save.

Edit an existing certificate

You can edit the certificate text of existing certificates in Credential Management. You cannot edit certificates on a search head cluster.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. In the Action column of a certificate, click Edit.
  3. Type a new Certificate text for the certificate.
  4. Click Save.

Delete an existing input credential or certificate

You cannot delete certificates on a search head cluster.

  1. On the Enterprise Security menu bar, select Configure > General > Credential Management.
  2. In the Action column of a credential or certificate, click Delete.
  3. Click OK to confirm.
PREVIOUS
Configure general settings for Splunk Enterprise Security
  NEXT
Manage permissions in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0


Comments

Nicolasjeanselme, we followed up with you in March by email but forgot to post a reply here for others to see. You cannot save a credential that has a username, but no password, on the Credential Management page. The REST endpoint that is used to save those credentials to the conf file does not accept an entry without a password.

Andrewb splunk, Splunker
August 1, 2018

Hi. This part mentions the way add/edit passwords. Where is the instruction on how to retrieve password for scripted inputs or other script?

Fyip splunk, Splunker
July 31, 2018

How about credentials made of a username but no password?

Nicolasjeanselme
March 5, 2018

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters