F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

amolari_4313's avatar
amolari_4313
Icon for Nimbostratus rankNimbostratus
Dec 06, 2013

encryption of sensitive data in configuration

when configuring for example a AAA radius shared secret in APM, the value is masqueraded in the GUI and encrypted (?) in the configuration file. with iApp it's not. Also, in iRules, I haven't found a...
application delivery
devops
iApps
iRules
management
IheartF5_45022's avatar
IheartF5_45022
Icon for Nacreous rankNacreous
Dec 08, 2013

I do know one way to hide sensitive data in an iRule - hide it in the session table, so it lives only in memory and doesn't appear in the config files.

To do this you will need to create a "Control Plane" VIP to update the data. This VIP would be internal-facing, source IP restricted and maybe client cert protected (you wouldn't want just anybody accessing it). It wouldn't have a pool associated - just an iRule

when HTTP_REQUEST {
    set key [URI::query [HTTP::uri] "key"]
    set value [URI::query [HTTP::uri] "value"] 

     Set the key value in session table
    table set $key $value indefinite

    log local0. "Key $key updated by [IP::remote_addr]"
}

Then in other iRules that need to use that data, you would reference [table lookup "blah"], where 'blah' was the value of the 'key' query parameter in the control plane iRule.