How do I set bgp auth-profile secret in XML?

Reply
Highlighted
L1 Bithead

How do I set bgp auth-profile secret in XML?

<auth-profile>
<entry name="BGP">
<secret>-AQ==9wW2MMYTyjIArw6U5IgQlTHDTnc=zwKe7XpB+qQLdlenAO8tkg==</secret>
</entry>
</auth-profile>
 
The configuration appears to be encrypted, maybe using the master key or something. Is there anyway to set this in XML config to a *new* value using cleartext or some other encoding?
Tags (1)
Highlighted
L7 Applicator

#set network virtual-router <name> protocol bgp auth-profile <name> secret <value>

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
L1 Bithead

Hey thank you, but I would need a way to do this in xml, not in set cli. That way I can use it bootstrap.xml files.

Highlighted
L1 Bithead

Apparently there's no way to set this rather simple configuration item in the Palo Alto standard supported configuration format. This seems incredibly lame. Why is there not parity of functionality between XML and Set CLI syntax? If there isn't, then shouldn't automation tools like boostrapping support both formats?

Highlighted
Cyber Elite

@jerry.bonner,

To answer your question a bit more directly, the secret is hashed with the master key and the XML file won't accept a cleartext value (well it will, but it will then treat it as a hash value) and the only way to know the hash value would be to utilize it in the configuration and then share the same master key across all devices.

I have environments that share the same master key for simplicity in configuration (not recommended) and they've deemed the risk is low enough they are willing to accept any issues. This would be something you would need to bring up with leadership and see if they view it worth the risk of all devices sharing a master key. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!