Username and Configuration Setting Encryption
uberAgent optionally encrypts user and domain names in the agent and has support to encrypt sensitive settings in its configuration.
User and domain names can be encrypted in the agent before being sent off to the backend. This can be useful for compliance with privacy regulations.
User and domain name encryption is disabled by default. If required, enable it via the configuration setting
With encryption enabled, user and domain names show up in the backend and in dashboards like this:
uberAgent’s download package comes with the command line-tool
uAEncrypt.exe, which can be used to decrypt usernames as shown in the following example:
uAEncrypt.exe -decrypt -keyId 101 -data <EncryptedDataHere>
Configuration settings can optionally be obfuscated or retrieved from the OS-specific credential store. Obfuscation is the older option, but less secure. The OS credential store has been added in uberAgent 7.2 and is the recommended way to store passwords and other sensitive information that is required by uberAgent.
Some configuration setting may optionally be retrieved from the OS-specific credential store. To indicate to uberAgent that a setting should be read from the OS credential store, specify its value in the following format:
###UA_CREDENTIAL_SOMENAME###. When uberAgent encounters the above format in its configuration, it reads the actual value from the setting
SOMENAME in the OS credential store.
To secure a backend receiver’s REST token, specify it in uberAgent’s configuration as follows:
RESTToken = ###UA_CREDENTIAL_SplunkRESTToken###
Distribute the actual REST token value to the OS credential store (see below) of all endpoints where uberAgent’s configuration references it.
Encryption is supported for the following configuration settings:
uberAgent doesn’t handle the deployment of secrets to the endpoint’s OS credential store.
The credentials are read from the SYSTEM user’s credential store (more information).
Under macOS the credentials are read from the keychain (more information). The keychain items
must be stored in the system keychain, and uberAgent must be exempt from the option
Confirm before allowing access</code under the tab <code>Access Control
To create a keychain item securing the REST token for Splunk, you can run the following command line:
sudo security add-generic-password -a "Splunk" -s "uberAgent" -w "TOKEN_TO_BE_USED" -T "/Library/uberAgent/uberAgent.app" -U /Library/Keychains/System.keychain
Splunk is the keychain item’s account name,
uberAgent is the service name and
TOKEN_TO_BE_USED the REST token. The account name can be chosen freely. If you want to change the default service name
uberAgent, you can do so by adding the configuration option
CredentialStoreServiceName in stanza
Miscellaneous, and passing the name with option
-s as seen in the example above.
ConfigFlags = CredentialStoreServiceName:MY_CUSTOM_SERVICE_NAME
Sensitive settings like passwords can be obfuscated with the command-line tool
uAEncrypt.exe, which is available in the uberAgent download package. The syntax is viewable by running
uAEncrypt.exe -encrypt -keyId 1 -data PlaintextData
De-obfuscation is possible with:
uAEncrypt.exe -decrypt -keyId 1 -data ObfuscatedData
Obfuscation is supported for all configuration settings.