Manage credentials used by apps and data inputs
Centralize and securely manage the credentials (passwords and Access Control Lists (ACLs)) that apps and data inputs use to authenticate with external services.
Centralizing the authentication credentials that your apps and data inputs use to connect with external services is critical to maintaining secure and reliable integrations. Using the Credentials page, you can manage credentials and their properties, including the username, the secret, and ACL configurations such as read access, write access, app association, and sharing scope.
-
Enhanced security: Reduces the risk of exposure by eliminating the need to store sensitive passwords in plain-text configuration files or scripts.
-
Granular access control: Helps you apply consistent ACL permissions across your environment.
-
Streamlined administration: A single location to manage all credentials.
-
Improves auditability and compliance: Simplifies auditing and tracking of credential ownership.
Credential metadata - access requirements
To access credentials, you must meet the following requirements:
| Capability | Access granted | Additional requirements |
|---|---|---|
admin_all_objects |
View and edit all credential metadata. | |
list_storage_passwords |
View credential metadata. | Must have Read access. |
edit_storage_passwords |
Create, edit, or delete credential metadata. | Must have Write access to the specific credential. |
Access to passwords (secrets)
Access to passwords is managed independently of the credential metadata. You can manage password visibility on the Network allow list page, which restricts access based on the IP address where the request originates. By default, password retrieval is restricted to localhost, meaning only applications running on the same host as the splunkd process can retrieve passwords.
-
You must have the appropriate capability and ACL permissions to manage the credential.
-
Your request must originate from an IP address included in the Network Allow List.
For more information, see Manage access to passwords through the Network Allow List.
Create a credential
Create a credential in Splunk Web to securely store passwords and Access Control List (ACL) permissions.
To create or edit credentials, you must have the edit_storage_passwords capability. By default, this is assigned to the admin role.
Edit credentials
Update the metadata and Access Control List (ACL) permissions for an existing credential in Splunk Web.
To edit credentials, you must hold an admin role or a different role with the edit_storage_passwords capability.
To update the metadata and Access Control List (ACL) permissions for an existing credential, follow these steps:
The changes are applied to the credential.
Delete a credential
Permanently delete a credential for a user.
To delete credentials, you must have the edit_storage_passwords capability.
To delete a credential, follow these steps:
- In Splunk Web, go to Settings > Credentials.
- Locate the credential you want to delete.
- In the line including the credential, in the last column, select the Actions icon and select Delete.
- In the confirmation dialog box, select Delete to confirm the action.
The credential is removed from the Credentials list.