Manage credentials used by apps and data inputs

Centralize and securely manage the credentials (passwords and Access Control Lists (ACLs)) that apps and data inputs use to authenticate with external services.

Centralizing the authentication credentials that your apps and data inputs use to connect with external services is critical to maintaining secure and reliable integrations. Using the Credentials page, you can manage credentials and their properties, including the username, the secret, and ACL configurations such as read access, write access, app association, and sharing scope.

Centralized credential management offers the following benefits:
  • Enhanced security: Reduces the risk of exposure by eliminating the need to store sensitive passwords in plain-text configuration files or scripts.

  • Granular access control: Helps you apply consistent ACL permissions across your environment.

  • Streamlined administration: A single location to manage all credentials.

  • Improves auditability and compliance: Simplifies auditing and tracking of credential ownership.

Credential metadata - access requirements

To access credentials, you must meet the following requirements:

Capability Access granted Additional requirements
admin_all_objects View and edit all credential metadata.
list_storage_passwords View credential metadata. Must have Read access.
edit_storage_passwords Create, edit, or delete credential metadata. Must have Write access to the specific credential.
Note: You can grant read access and write access to credentials when creating or editing them. See Create a credential.

Access to passwords (secrets)

Access to passwords is managed independently of the credential metadata. You can manage password visibility on the Network allow list page, which restricts access based on the IP address where the request originates. By default, password retrieval is restricted to localhost, meaning only applications running on the same host as the splunkd process can retrieve passwords.

To view a password, you must satisfy both of the following requirements:

Create a credential

Create a credential in Splunk Web to securely store passwords and Access Control List (ACL) permissions.

To create or edit credentials, you must have the edit_storage_passwords capability. By default, this is assigned to the admin role.

To create a new credential for an app or data input to use for authentication with external services, follow these steps:
  1. In Splunk Web, go to Settings > Credentials.
    The Credentials page opens.
  2. Select the New credential button.
    The New credential dialog box opens.
  3. Enter the Username that your app or data input uses to authenticate with the external service.
  4. Enter a Password and re-enter it in the Confirm password field.
  5. Select an App to store the credential.
    This defines the ownership and scope of the credential, ensuring it is associated with the correct integration.
  6. Select the Sharing scope: App or Global.
    • App: Default setting. Restricts the credential to the selected app.
    • Global: Makes the credential available to all apps.
  7. As an Owner, select the user responsible managing the credential.
    By default, the user who creates the credential is the owner.
  8. (Optional) Enter a Realm to categorize the credential.
  9. Configure access permissions:
    1. Read access: Select roles that can view the credential.
    2. Write access: Select roles that can edit the credential.
    Important: If you grant Read access or Write access to roles other than admin, ensure those roles have the list_storage_passwords or edit_storage_passwords capability.
  10. Select Save.
The new credential appears in the Credentials list.

Edit credentials

Update the metadata and Access Control List (ACL) permissions for an existing credential in Splunk Web.

To edit credentials, you must hold an admin role or a different role with the edit_storage_passwords capability.

To update the metadata and Access Control List (ACL) permissions for an existing credential, follow these steps:

  1. In Splunk Web, go to Settings > Credentials.
  2. Locate the credential you want to edit.
  3. In the line including the credential, in the last column, select the Actions icon and select Edit.
    The Edit credential dialog box opens.
  4. Update the metadata or access permissions as necessary.
    For more information on metadata, see Create a credential.
  5. Select Save.

The changes are applied to the credential.

Delete a credential

Permanently delete a credential for a user.

To delete credentials, you must have the edit_storage_passwords capability.

Deleting a credential is a permanent action and cannot be undone.
Warning: Before you delete a credential, ensure that any apps or data inputs no longer require it. Deleting a credential breaks any active connections that rely on it.

To delete a credential, follow these steps:

  1. In Splunk Web, go to Settings > Credentials.
  2. Locate the credential you want to delete.
  3. In the line including the credential, in the last column, select the Actions icon and select Delete.
  4. In the confirmation dialog box, select Delete to confirm the action.

The credential is removed from the Credentials list.