05-21-2019 02:43 PM
05-22-2019 05:21 AM
Hey thank you, but I would need a way to do this in xml, not in set cli. That way I can use it bootstrap.xml files.
05-23-2019 06:56 AM
Apparently there's no way to set this rather simple configuration item in the Palo Alto standard supported configuration format. This seems incredibly lame. Why is there not parity of functionality between XML and Set CLI syntax? If there isn't, then shouldn't automation tools like boostrapping support both formats?
05-23-2019 11:16 AM
To answer your question a bit more directly, the secret is hashed with the master key and the XML file won't accept a cleartext value (well it will, but it will then treat it as a hash value) and the only way to know the hash value would be to utilize it in the configuration and then share the same master key across all devices.
I have environments that share the same master key for simplicity in configuration (not recommended) and they've deemed the risk is low enough they are willing to accept any issues. This would be something you would need to bring up with leadership and see if they view it worth the risk of all devices sharing a master key.
10-28-2021 08:57 AM
Is there still no way to configure secrets via api?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
