Obfuscate passwords
Splunk administrators do not have direct administrative access to VMware environment systems such as vCenter Server and ESX/i hosts. As the VMware administrator you must provide access to your VMware environment to the Splunk administrator who needs to monitor the environment using Splunk for VMware. You can now obfuscate passwords instead of storing them in clear text in the engine.conf
file. You can now create a credentials.conf
file to hold the obfuscated passwords so that you can remove them from your engine.conf file(s).
As a VMware administrator you can generate a credentials file and give it to the Splunk Solutions administrators. This enables the Splunk Solutions administrator to install and configure Splunk for VMware without having to know the underlying passwords. For detailed information about how password obfuscation is implemented in Splunk for VMware, see "Password obfuscation" in this manual.
Who can use what
As the splunkadmin user you can use credentials.pl
(located in $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/bin
in the Splunk FA VM). credentials.pl
is already in your path and you can run it from any directory location. This option is used mostly by Splunk Solutions administrators who are also the VMware administrators.
As the VMware administrator you can:
- Run
credentials.pl
on an existingcredentials.conf
file:credentials.pl -f <your_credentials.conf_file>
or - Run
credentials.pl
in interactive mode where it prompts you for the user ids and passwords, paste in a clear text conf file (characters are not echoed to the screen), and press CTRL-D:credentials.pl -i
.
After running the tool, a "credentials.conf" file is written out to the same directory where the tool was run. This credentials.conf
file is a recreation of the original file but with that passwords encrypted.
This option is more suited when the Splunk administrator is not a VMware administrator. As the VMware administrator, you run the tool interactively to generate the credentials file and then you give the credentials file to the Splunk Solutions administrator.
How to obfuscate passwords
Follow the instructions in this topic to create a credentials.conf
file containing encrypted passwords.
Run credentials.pl
As a Splunk Solutions administrator, you need a working engine.conf
file with the usernames and passwords already in it.
To run credentials.pl:
- Log into the FA VM as the
splunkadmin
user. - Change directories into the location where your
engine.conf
files reside:cd $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/local
- Run the tool:
credentials.pl -f <your_engine.conf_file> -c
- Replace
<your_engine.conf_file>
with the filename of theengine.conf
file from which you want to generate credentials. - Note that usually just the
engine.conf
file name is used by itself (not full path) as the tool is run inSplunk_TA_vmware/local
where yourengine.conf
file resides.
- Edit the
engine.conf
file to remove the clear text passwords that existed previously. Remove all of the username and password setting lines from every stanza in the file.
Things to note
When you run credentials.pl
credentials.conf
is created by default in the same directory where you ran the tool (typically Splunk_TA_vmware/local).- It does not modify your
engine.conf
file. It leaves your configuration intact. - It reads the specified
engine.conf
file, generates host key-value pairs, and writes out a workingcredentials.conf
file containing stanzas (all single entry or default) with the encrypted passwords. - Username and password settings in
engine.conf
take precedence over settings incredentials.conf
. If you don't want a precedence issue, remove them from yourengine.conf
file. If the credentials are incorrectly specified inengine.conf
your engine will not work!
Run credentials.pl
in interactive mode
As a VMware administrator, you must first create a clear-text credentials.conf
file that contains stanzas with host entries, usernames, and clear-text passwords. Store this file outside of the FA VM.
This example assumes the credentials.conf
file is created on a different machine and can be copied or pasted into the interactive session.
[default] host= username=guest password=guest [host] host=esx1234.mycompany.com username=foo password=bar [host2] host=1.2.3.4 username=baz password=biz
To run credentials.pl
:
- Log into the FA VM as the
splunkadmin
user. - Change directories into the location where you want the
credentiials.conf
file to reside:cd $SPLUNK_HOME/etc/apps/Splunk_TA_vmware/local
- Run the tool using the following command:
credentiials.pl -i
- Copy your clear-text
credentials.conf
file and paste it into the interactive session window, and then hit CTRL-D. credentials.pl
runs and outputs acredentials.conf
file that contains encrypted passwords.- Remove older clear text passwords from your
engine.conf
file. Remove all of the username and password setting lines from every stanza in the file.
Things to note for interactive mode
When you run credentials.pl
- Stanza names do not have to be unique, but we recommend it for clarity. The stanza names will be made unique as the stanzas are processed.
- The three fields, host, username, and password are required fields.
Example credentials.conf file
This is an example of the obfuscated file generated by credentials.pl for the source sample shown earlier:
$> cat credentials.conf [host2] host=1.2.3.4 username=baz password={RC4}Wk0K [default] host= username=guest password={RC4}HBDg/1w= [host] host=esx1234.mycompany.com username=foo password={RC4}ucYZ
Make credentials.conf
available to the Engine
To use the credentials file you generated, the engine, Engine.pm
, needs to know the name and location of the file.
You must save the credentials.conf
file in the default location: $SPLUNKHOME$/etc/apps/Splunk_TA_vmware/local
.
Note: If you rename the file or change the location of the file you must edit the inputs.conf
file in the $SPLUNKHOME$/etc/apps/Splunk_TA_vmware/local
directory to tell the engine where to look for it.
Change settings in a credentials.conf
file
As part of ongoing solution administration, you can change the settings in the credentials.conf
file.
If you modify the file you must:
- Re-run
credentials.pl
and re-generate the file based on the updatedengine.conf
files. - Change the
credentials.conf
file itself and then re-runcredentials.pl
on the existing file.
The instructions for option 2 are provided in the sections below.
Add an entry
Note: Performing these steps will OVERWRITE your current credentials.conf
file.
- Open the existing
credentials.conf
file with an editor. - Add the stanza as clear text .
- Save the file.
- Run:
credentials.pl -f credentials.conf
Delete an entry
- Open the existing
credentials.conf
file with an editor. - Delete the stanza containing the entry.
- Save the file.
Update an entry
Note: Performing these steps will OVERWRITE your current credentials.conf file.
- Open the existing
credentials.conf
file with an editor. - Edit the file to make the changes.
- Replace the password with a clear-text version of the password. Be sure you delete the
{RC4}\0
at the beginning and the\0
at the end. - Save the file.
- Run:
credentials.pl -f credentials.conf
Configure engine.conf | Launch Splunk Web |
This documentation applies to the following versions of Splunk® App for VMware (Legacy): 1.0, 1.0.1
Feedback submitted, thanks!