Forum Discussion

JaZy's avatar
JaZy
Icon for Cirrus rankCirrus
Mar 11, 2026
Solved

Blindfold key for API request to replace TLS certificate

Dear all,

 

I would like to use blindfold secret in API request for replacement of the TLS certificates but I am not sure if I understood process correctly.

Payload:

# Create the payload structure
        payload = {
            "metadata": metadata,
            "spec": {
                "certificate_url": f"string:///{fullchain_b64}",
                "private_key": {
                    "clear_secret_info": {
                    #"blindfold_secret_info": {
                        "url": f"string:///{privkey_b64}"
                        #"location": f"string:///{privkey_b64}"
                    }
                }
            }
        }

I follow up article: https://my.f5.com/manage/s/article/K000148940

 

There is step where policy-document is obtained (step 7):

 

vesctl request secrets get-policy-document --namespace shared --name ves-io-allow-volterra > demo-api-policy

 

What is reason to obtain it with get-policy-document? In next step it is used with --policy-document demo-api-policy.

 

I want to know if I have to do it same way or I can blindfold secret with public API key only. Process for certificates replacement is fully automated so I want to keep it simple as possible.

devops
  • JaZy's avatar
    JaZy
    Mar 11, 2026

    Seems that I am only blind as policy from my question is described in the step.2 (Create a Secret Policy in XC Console.)

1 Reply

  • JaZy's avatar
    JaZy
    Icon for Cirrus rankCirrus
    Mar 11, 2026

    Seems that I am only blind as policy from my question is described in the step.2 (Create a Secret Policy in XC Console.)