Forum Discussion
Lucas_Thompson_
Feb 19, 2016Historic F5 Account
To clarify this: You'd like to store a static string value into the access policy, sort of like a "master password" thing for all users? And encrypt it somehow, and then decrypt it at run-time so you can use it during AP execution.
What kind of protection do you need on it? It'd need to be symmetric -- so you need some key material to use. For the built-in secure variables, it uses key material from the user's session. But this is a per-session thing, it's not global to all sessions (that would defeat the purpose).
Instead of using encryption directly in the Access Policy, it might be a better idea to store the sensitive information off of BIG-IP completely and instead use a sideband call during AP execution to go grab it. That way, you can store it someplace else.