Forum Discussion
Mar 25, 2015
iControl uses HTTP Authentication so the credentials need to be passed through the HTTPS connection to the BIG-IP in digest form. For that we need to have the clear text on the client. Perhaps someday the BIG-IP will support client side certs or a more advanced OAUTH type authentication but for now we are stuck with what the BIG-IP management port supports.
If you are concerned with persistence of the credentials in memory within the calling process, you can always create a iControl.Interfaces object (which the Initialize-F5.iControl cmdlet does internally) and then null out that object when you are done with calls.
$ic = New-Object iControl.Interfaces
$ic.initialize(hostname, username, password)
... Do something with $ic ...
$ic = $null;
Get-F5.iControl just returns the internal iControl.Interfaces object.
-Joe