Forum Discussion
How about using an irule to manually encrypt your secret data and then you can decrypt it when necessary?
set key "AES 128 e467265313ea04abc32aded3e6e457a5"
set encrypted_data [b64encode [AES::encrypt $key $secret_data]]
$encrypted_data would now be an encrypted version of your secret_data, and the base64 encoding would allow you to store this in clear text or perhaps AD or LDAP for example. You could print this on the screen or dump it in the log so that you can store it somewhere.
To decrypt the data you would still need the value of $key later on however in the meantime at least you do not have the secret data sitting around in plain text. First read the secret data from ldap (or wherever) and then do something like,
ACCESS::session data set session.user.custom.secretinfo [AES::decrypt $key [b64decode $encrypted_data ]]
You could also store this in a global variable. It's not a perfect solution by any means but if you just want to keep clear text passwords out of the config then it would work.