ContextQMD
Back to Infisical

F5 BIG-IP Connection

docs/integrations/app-connections/f5-big-ip.mdx

0.160.124.0 KB
Original Source

Infisical supports connecting to F5 BIG-IP LTM appliances via the iControl REST API for managing SSL certificates and binding them to Client SSL or Server SSL profiles.

Setup

<Tabs> <Tab title="Infisical UI"> <Steps> <Step title="Gather F5 BIG-IP Credentials"> You will need the following from your F5 BIG-IP appliance: 
    - **Hostname**: The management IP address or FQDN of your BIG-IP appliance (e.g. `10.10.10.10` or `bigip.example.com`).
    - **Port**: The HTTPS management port (default: `443`).
    - **Username**: A user with administrative access to manage SSL certificates and profiles.
    - **Password**: The password for the user account.

    <Note>
      The user account must be assigned a role with permissions to:
      - Upload files via the iControl REST file-transfer endpoint.
      - Create, update, and delete `sys file ssl-cert` and `sys file ssl-key` objects.
      - Update `ltm profile client-ssl` or `ltm profile server-ssl` objects (only required if profile binding is used).
      - Save the running configuration.

      The built-in **Certificate Manager** role meets these requirements when paired with the relevant administrative partition. For broader scopes, **Resource Administrator** or **Administrator** can be used.
    </Note>
  </Step>
  <Step title="Navigate to App Connections">
    In the Infisical dashboard, navigate to **Organization Settings** > **App Connections** and click **Add Connection**.
  </Step>
  <Step title="Select F5 BIG-IP">
    Select the **F5 BIG-IP** option from the list of available connections.
  </Step>
  <Step title="Fill in Connection Details">
    Fill in the **Configuration** tab:

    - **Hostname**: The management IP or FQDN of the BIG-IP appliance.
    - **Username**: The BIG-IP management username.
    - **Password**: The password for the management user.
    - **Port** (Optional): HTTPS port for the management interface (default: `443`).

    Configure the **SSL** tab:

    - **SSL Certificate** (Optional): A CA certificate in PEM format to verify the BIG-IP management interface's TLS certificate.
    - **Reject Unauthorized**: When enabled, Infisical will only connect if the BIG-IP has a valid, trusted TLS certificate. Disable for self-signed certificates or provide a CA certificate.

    Optionally select a **Gateway** to route the connection through an [Infisical Gateway](/documentation/platform/gateways/overview) when the BIG-IP is hosted in an air-gapped or private network.

    Click **Connect to F5 BIG-IP** to validate and save your connection.
  </Step>
  <Step title="Connection Created">
    Your F5 BIG-IP Connection is now available for use with certificate syncs.
  </Step>
</Steps>
</Tab> <Tab title="API"> To create an F5 BIG-IP Connection, make an API request to the [Create App Connection](/api-reference/endpoints/app-connections/f5-big-ip/create) endpoint. 
### Sample request

```bash Request
curl --request POST \
  --url https://app.infisical.com/api/v1/app-connections/f5-big-ip \
  --header 'Authorization: Bearer <access-token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "my-f5-big-ip-connection",
    "method": "basic-auth",
    "credentials": {
      "hostname": "bigip.example.com",
      "port": 443,
      "username": "admin",
      "password": "your-password",
      "sslRejectUnauthorized": false
    }
  }'
```

### Sample response

```json Response
{
  "appConnection": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "my-f5-big-ip-connection",
    "app": "f5-big-ip",
    "method": "basic-auth",
    "credentials": {
      "hostname": "bigip.example.com",
      "port": 443,
      "username": "admin",
      "sslRejectUnauthorized": false
    }
  }
}
```
</Tab> </Tabs>