For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Encrypted UCS Backup with REST-API

Because it seems this nowhere documented: Create a encrypted F5 backup with REST-API including private keys. This script should creates the task, starts it and get's it status.

#!/usr/bin/env bash

CURL_OPTS=("--fail-with-body" "--show-error" "-s" "-k" "-u" "user:pass" "-H" "Content-Type: application/json" "-H" "Accept: application/json, */*")

# Create task and get id
TASK_ID=$(jq -n --arg name /var/local/ucs/test.ucs \
    --arg passphrase "testpw" \
    '{
        "command": "save",
        "name": $name,
        "options": [
            {
                "passphrase": $passphrase
            }
        ]
    }' \
    | curl "${CURL_OPTS[@]}" -X POST -d @- https://f5-lab/mgmt/tm/task/sys/ucs \
    | jq -r "._taskId")

# Start task
jq -n '{
        "_taskState": "VALIDATING"
    }' | curl "${CURL_OPTS[@]}" -X PUT -d @- "https://f5-lab/mgmt/tm/task/sys/ucs/$TASK_ID"

# Get task status
curl "${CURL_OPTS[@]}" --retry 5 --retry-all-errors --retry-delay 10 "https://f5-lab/mgmt/tm/task/sys/ucs/$TASK_ID" \
    | jq -r "._taskState"

Reference was https://my.f5.com/manage/s/article/K000138875 and the passphrase options was found by trial and error.

Updated Nov 28, 2025
Version 6.0
devops
No CommentsBe the first to comment