Security of credentials in iControl/REST api

Question

Hi all,&nbsp;
I'm newbie to iControl.  It's useful and we hope to use it in daily provisioning, probably using python.  However, we've to either use username/password or X-F5-Auth-Token which is not expected to have a 'too-long' lifetime (correct?).&nbsp;
We wonder if there is any good practice to avoid hard coding credentials (username/password) in any script, and if there is workaround to make use of X-F5-Auth-Token.&nbsp;
Would anyone please advise?&nbsp;
Thanks a lot.
Regards&nbsp;

satoshi_toyosa1 · Answer

The default token timeout is 20 min (1200s). You can make it shorter by patch-ing the timeout field if that's what you want. The sample below changes the timeout of the to 10s.&nbsp;curl -sk https://localhost/mgmt/shared/authz/tokens/ \
 -H "X-F5-Auth-Token: " -H "Content-type: applicaiton/json" \
 -X PATCH -d '{"timeout" : 10}'Or you can remove the token after you finish the task(s): e.g.,&nbsp;curl -sk https://localhost/mgmt/shared/authz/tokens/ -H "X-F5-Auth-Token: " \
 -X DELETEIf you want to avoid a hard-coded user/pass pair in your code, why don't you make it prompt?&nbsp;&gt;&gt;&gt; import sys
&gt;&gt;&gt; user = sys.stdin.readline()
foo   &lt;&lt;&lt; entered
&gt;&gt;&gt; print(user)
foo

Forum Discussion

Security of credentials in iControl/REST api

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

F5 Rseries HA

Related Content

iControl REST Authentication Token Management

iControl REST Cookbook - Virtual Server (ltm virtual)

iControl REST 101: What is iControl REST?

iControl REST Fine-Grained Role Based Access Control

OWASP Automated Threats - Credential Stuffing (OAT-008)