Forum Discussion

Nimbostratus

Dec 06, 2013

encryption of sensitive data in configuration

when configuring for example a AAA radius shared secret in APM, the value is masqueraded in the GUI and encrypted (?) in the configuration file. with iApp it's not. Also, in iRules, I haven't found a...

Nacreous

Dec 09, 2013

I do know one way to hide sensitive data in an iRule - hide it in the session table, so it lives only in memory and doesn't appear in the config files.

To do this you will need to create a "Control Plane" VIP to update the data. This VIP would be internal-facing, source IP restricted and maybe client cert protected (you wouldn't want just anybody accessing it). It wouldn't have a pool associated - just an iRule

when HTTP_REQUEST {
    set key [URI::query [HTTP::uri] "key"]
    set value [URI::query [HTTP::uri] "value"] 

     Set the key value in session table
    table set $key $value indefinite

    log local0. "Key $key updated by [IP::remote_addr]"
}

Then in other iRules that need to use that data, you would reference [table lookup "blah"], where 'blah' was the value of the 'key' query parameter in the control plane iRule.

Forum Discussion

encryption of sensitive data in configuration

Recent Discussions

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

Related Content

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

Deploy High-Availability and Latency-sensitive workloads with F5 Distributed Cloud

Encrypting Cookies

Mitigation of OWASP API Security Risk: Unrestricted Access to Sensitive Business Flows using F5 XC