To configure the Network Allow List, you must have:

• Splunk Cloud Platform version 9.4.2503 or higher
• The edit_limits_conf capability

To configure the network allow list, add networks to the list and specify whether or not they can access passwords. If you enable the networks to access passwords, you can still prevent individual networks on the list from accessing passwords.

Requests from the localhost address always receive passwords in cleartext.

To configure the Network Allow List, follow these steps:

1. In Splunk Web, click Settings > Server settings > Secrets management.
2. On the Network Allow List page, select + Add network.
3. Create a rule by entering a network in one of the following formats:
   • A single IPv4 or IPv6 address, for example, 10.1.2.3, fe80::4a3
   • A Classless Inter-Domain Routing (CIDR) block of addresses, for example, 10/8, 192.168.1/24, fe80:1234/32
   • A DNS name, possibly with a * used as a wildcard, for example, myhost.example.com, *.splunk.com
   • *, which matches anything.
4. (Optional) To prevent a network from accessing passwords in cleartext, prefix the rule with !, for example, !10.1.2.3 .

   The input applies rules in order, and uses the first one that matches. For example, !10.1/16, * returns cleartext passwords to calls from everywhere except the 10.1.*.* network.