How do I set bgp auth-profile secret in XML?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How do I set bgp auth-profile secret in XML?

L1 Bithead
<auth-profile>
<entry name="BGP">
<secret>-AQ==9wW2MMYTyjIArw6U5IgQlTHDTnc=zwKe7XpB+qQLdlenAO8tkg==</secret>
</entry>
</auth-profile>
 
The configuration appears to be encrypted, maybe using the master key or something. Is there anyway to set this in XML config to a *new* value using cleartext or some other encoding?
5 REPLIES 5

Cyber Elite
Cyber Elite

#set network virtual-router <name> protocol bgp auth-profile <name> secret <value>

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hey thank you, but I would need a way to do this in xml, not in set cli. That way I can use it bootstrap.xml files.

Apparently there's no way to set this rather simple configuration item in the Palo Alto standard supported configuration format. This seems incredibly lame. Why is there not parity of functionality between XML and Set CLI syntax? If there isn't, then shouldn't automation tools like boostrapping support both formats?

Cyber Elite
Cyber Elite

@jerry.bonner,

To answer your question a bit more directly, the secret is hashed with the master key and the XML file won't accept a cleartext value (well it will, but it will then treat it as a hash value) and the only way to know the hash value would be to utilize it in the configuration and then share the same master key across all devices.

I have environments that share the same master key for simplicity in configuration (not recommended) and they've deemed the risk is low enough they are willing to accept any issues. This would be something you would need to bring up with leadership and see if they view it worth the risk of all devices sharing a master key. 

L1 Bithead

Is there still no way to configure secrets via api?

  • 4027 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!