Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk Enterprise version 7.1 will no longer supported as of April 24, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF


The following are the spec and example files for passwords.conf.


#   Version 7.1.1
# This file maintains the credential information for a given app in Splunk Enterprise.
# There is no global, default passwords.conf. Instead, anytime a user creates
# a new user or edit a user onwards hitting the storage endpoint
# will create this passwords.conf file which gets replicated 
# in a search head clustering enviornment.
# Note that passwords.conf is only created from 6.3.0 release.
# You must restart Splunk Enterprise to reload manual changes to passwords.conf.
# To learn more about configuration files (including precedence) please see the
# documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
# More details for storage endpoint is at
# http://blogs.splunk.com/2011/03/15/storing-encrypted-credentials/


password = <password>
* Password that corresponds to the given username for the given realm.
  Note that realm is optional
* The password can be in clear text, however when saved from splunkd the
  password will always be encrypted


#   Version 7.1.1
# The following are example passwords.conf configurations. Configure properties for
# your custom application.
# There is NO DEFAULT passwords.conf. The file only gets created once you add/edit
# a credential information via the storage endpoint as follows.
# The POST request to add user1 credentials to the storage/password endpoint 
# curl -k -u admin:changeme https://localhost:8089/servicesNS/nobody/search/storage/passwords -d name=user1 -d password=changeme2
# The GET request to list all the credentials stored at the storage/passwords endpoint 
# curl -k -u admin:changeme https://localhost:8089/services/storage/passwords
# To use one or more of these configurations, copy the configuration block into
# passwords.conf in $SPLUNK_HOME/etc/<apps>/local/. You must restart Splunk to
# enable configurations.
# To learn more about configuration files (including precedence) please see the
# documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles

password = changeme

Last modified on 22 May, 2018

This documentation applies to the following versions of Splunk® Enterprise: 7.1.1


-d realm=realm does look like it should work from the output and does create an entry in passwords.conf but when i curl to the admin/passwords endpoint there is no entry created. (I have also tried all of this in storage/passwords too)

June 8, 2018


How do I post the realm parameter? I have tried appending it to the name like name=realm:username which add's it into passwords.conf in the correct format by the looks of it but when I check https://splunk:8089/servicesNS/nobody/appname/admin/passwords the realm field is empty.

June 8, 2018

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters