Security of credentials in iControl/REST api

Question

Hi all,&nbsp;
I'm newbie to iControl.  It's useful and we hope to use it in daily provisioning, probably using python.  However, we've to either use username/password or X-F5-Auth-Token which is not expected to have a 'too-long' lifetime (correct?).&nbsp;
We wonder if there is any good practice to avoid hard coding credentials (username/password) in any script, and if there is workaround to make use of X-F5-Auth-Token.&nbsp;
Would anyone please advise?&nbsp;
Thanks a lot.
Regards&nbsp;

satoshi_toyosa1 · Answer

The default token timeout is 20 min (1200s). You can make it shorter by patch-ing the timeout field if that's what you want. The sample below changes the timeout of the to 10s.&nbsp;curl -sk https://localhost/mgmt/shared/authz/tokens/ \
 -H "X-F5-Auth-Token: " -H "Content-type: applicaiton/json" \
 -X PATCH -d '{"timeout" : 10}'Or you can remove the token after you finish the task(s): e.g.,&nbsp;curl -sk https://localhost/mgmt/shared/authz/tokens/ -H "X-F5-Auth-Token: " \
 -X DELETEIf you want to avoid a hard-coded user/pass pair in your code, why don't you make it prompt?&nbsp;&gt;&gt;&gt; import sys
&gt;&gt;&gt; user = sys.stdin.readline()
foo   &lt;&lt;&lt; entered
&gt;&gt;&gt; print(user)
foo

Forum Discussion

Security of credentials in iControl/REST api

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

iControl REST Authentication Token Management

List of F5 iControl REST API Endpoints

iControl REST Cookbook - Virtual Server (ltm virtual)

iControl REST 101: What is iControl REST?

iControl REST Fine-Grained Role Based Access Control

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS