Forum Discussion

Colyn1337_11562's avatar
Colyn1337_11562
Icon for Nimbostratus rankNimbostratus
Mar 23, 2015

iControl ConnectionInfo Plain Text Password

I noticed that iControl stores the authentication credentials in plain text under ConnectionInfo. Is there a way to get iControl to use a secure string or something other than plain text for passwords?

 

Code for reference:

 

Add-PSSnapin -Name iControlSnapin
$F5Credentials = Get-Credential
Initialize-F5.iControl -Hostname $F5 -Username $F5Credentials.UserName -Password $F5Credentials.GetNetworkCredential().Password
$F5iControl = Get-F5.iControl
$F5iControl.ConnectionInfo

2 Replies

  • There are several ways to pass in credentials

    Initialize-F5.iControl -Hostname $host -Username $user -Password $pass
    Initialize-F5.iControl -Hostname $host -PSCredentials $ps_creds
    Initialize-F5.iControl -Hostname $host -Credentials $net_creds
    

    The PSCredentials takes a PowerShell PSCredential object while the Credentials parameter takes a core .Net NetworkCredential object.

    Hope this helps...

    -Joe

  • iControl uses HTTP Authentication so the credentials need to be passed through the HTTPS connection to the BIG-IP in digest form. For that we need to have the clear text on the client. Perhaps someday the BIG-IP will support client side certs or a more advanced OAUTH type authentication but for now we are stuck with what the BIG-IP management port supports.

    If you are concerned with persistence of the credentials in memory within the calling process, you can always create a iControl.Interfaces object (which the Initialize-F5.iControl cmdlet does internally) and then null out that object when you are done with calls.

    $ic = New-Object iControl.Interfaces
    $ic.initialize(hostname, username, password)
    ... Do something with $ic ...
    $ic = $null;
    

    Get-F5.iControl just returns the internal iControl.Interfaces object.

    -Joe